Secure your FastAPI endpoints using API keys.
Report Bug
·
Request Feature
On deployment inject API keys authorized to use your service. Every call to a private
endpoint of your service has to include a header['x-api-key'] attribute that is
validated against the API keys in your environment.
If it is present, a request is authorized. If it is not FastAPI return 401 Unauthorized.
Use this either as a middleware, or as Dependency.
git clone https://github.com/iwpnd/fastapi-key-auth.git
uv sync
pip install fastapi-key-auth
uv add fastapi-key-auth
As Middleware:
from fastapi import FastAPI
from fastapi_key_auth import AuthorizerMiddleware
app = FastAPI()
app.add_middleware(AuthorizerMiddleware, public_paths=["/ping"], key_pattern="API_KEY_")
# optional use regex startswith
app.add_middleware(AuthorizerMiddleware, public_paths=["/ping", "^/users"])
As Dependency
from fastapi import FastAPI, Depends
from fastapi_key_auth import AuthorizerDependency
authorizer = AuthorizerDependency(key_pattern="API_KEY_")
# either globally or in a router
app = FastAPI(dependencies=[Depends(authorizer)])
Distributed under the MIT License. See LICENSE for more information.
Benjamin Ramser - @imwithpanda - ahoi@iwpnd.pw Project Link: https://github.com/iwpnd/fastapi-key-auth
FAQs
API key validation Middleware
We found that fastapi-key-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Bun 1.2.19 introduces isolated installs for smoother monorepo workflows, along with performance boosts, new tooling, and key compatibility fixes.
Security News
Popular npm packages like eslint-config-prettier were compromised after a phishing attack stole a maintainer’s token, spreading malicious updates.
Security News
/Research
A phishing attack targeted developers using a typosquatted npm domain (npnjs.com) to steal credentials via fake login pages - watch out for similar scams.