How to Authenticate Static Routes In Fastapi?

In FastAPI, static routes can be authenticated by using dependency injection with the Depends function. By defining a dependency function that checks for authentication within the route, you can ensure that only authenticated users have access to specific endpoints. This could involve verifying a user's credentials, checking for a token in the request headers, or any other method of authentication. By including this dependency in the parameters of a route function, you can guarantee that only authenticated users are able to access the corresponding endpoint. This provides an added layer of security to your FastAPI project and helps protect sensitive data and resources.

Best Web Hosting Providers of June 2025

1

Rating is 5 out of 5

DigitalOcean

Try It Now

2

Rating is 4.9 out of 5

AWS

Try It Now

3

Rating is 4.8 out of 5

Vultr

Try It Now

4

Rating is 4.7 out of 5

Cloudways

Try It Now

How to authenticate static routes in FastAPI with JWT?

To authenticate static routes in FastAPI with JWT, you can use a combination of the Depends function from FastAPI and the PyJWT library to decode and verify JWT tokens. Here's a step-by-step guide on how to do it:

Step 1: Install PyJWT

1

pip install PyJWT

Step 2: Create a function to decode and verify JWT tokens

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

from typing import Optional
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
import jwt

from your_settings import SECRET_KEY, ALGORITHM

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


def decode_token(token: str = Depends(oauth2_scheme)) -> Optional[str]:
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        return payload.get("sub")
    except jwt.JWTError:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or expired token",
            headers={"WWW-Authenticate": "Bearer"},
        )

Step 3: Create a settings file (e.g. your_settings.py) that contains the secret key and algorithm used to sign the JWT tokens

1
2

SECRET_KEY = "your_secret_key_here"
ALGORITHM = "HS256"

Step 4: Use the decode_token function in your route handlers to authenticate static routes

1
2
3
4
5
6
7

from fastapi import FastAPI

app = FastAPI()

@app.get("/protected_route")
def protected_route(current_user: str = Depends(decode_token)):
    return {"message": f"Hello, {current_user}"}

Now, when a user makes a request to the /protected_route endpoint, they will need to include a valid JWT token in the Authorization header with the Bearer scheme. The decode_token function will verify the token and extract the subject (user ID) from it. If the token is invalid or expired, an HTTP 401 Unauthorized response will be returned.

How to authenticate static routes in FastAPI with Azure AD?

To authenticate static routes in FastAPI with Azure AD, you can use the azure-identity library to interact with Microsoft Azure Active Directory (AD) authentication service. Here's how you can authenticate static routes in FastAPI with Azure AD:

1. Install the necessary libraries:

1
2

pip install azure-identity
pip install azure-keyvault-secrets

1. Set up Azure AD authentication in your FastAPI application. You can use the following code as a guide:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

from fastapi import FastAPI, Depends
from fastapi.security import OAuth2AuthorizationCodeBearer
from azure.identity import DefaultAzureCredential
import requests

app = FastAPI()

# Azure AD authentication
credential = DefaultAzureCredential()
token = credential.get_token('https://graph.microsoft.com/')
access_token = token.token

oauth2_scheme = OAuth2AuthorizationCodeBearer(tokenUrl='https://login.microsoftonline.com/{tenant_id}/oauth2/token')

# Protected route with Azure AD authentication
@app.get("/protected-route")
def protected_route(token: str = Depends(oauth2_scheme)):
    headers = {
        "Authorization": f"Bearer {token}"
    }
    url = "https://graph.microsoft.com/v1.0/me"
    response = requests.get(url, headers=headers)
    return response.json()

1. Update the code with the specific Azure AD credentials, such as the tenant_id and client_id, as needed for your application.
2. Use the oauth2_scheme dependency to authenticate the protected-route using Azure AD credentials. The DefaultAzureCredential will handle the authentication process and retrieve the access token required for authentication.
3. When accessing the protected route, the user will be required to authenticate via Azure AD. If the authentication is successful, the user will be able to access the protected route and retrieve the necessary data from the Azure AD service.

By following these steps, you can authenticate static routes in FastAPI with Azure AD using the azure-identity library.

How to authenticate static routes in FastAPI with custom authentication middleware?

To authenticate static routes in FastAPI with custom authentication middleware, you can create a custom authentication middleware that checks the incoming requests for authentication credentials and verifies them against your authentication system. Here is a general outline of how you can achieve this:

1. Create a custom authentication middleware class that inherits from starlette.middleware.Middleware:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

from starlette.middleware.base import BaseHTTPMiddleware
from starlette.requests import Request
from starlette.responses import JSONResponse

class CustomAuthMiddleware(BaseHTTPMiddleware):
    async def dispatch(self, request: Request, call_next):
        # Check if the request contains authentication credentials
        if "Authorization" not in request.headers:
            return JSONResponse(status_code=401, content={"detail": "Authorization header is missing"})

        # Extract the authentication token from the Authorization header
        token = request.headers["Authorization"]

        # Verify the authentication token against your authentication system
        if not custom_auth_function(token):
            return JSONResponse(status_code=403, content={"detail": "Unauthorized"})

        # If the authentication is successful, proceed with the request
        response = await call_next(request)
        return response

def custom_auth_function(token):
    # Implement your custom authentication logic here, such as verifying the token against a database of valid tokens
    return token == "valid_token"

1. Add the custom authentication middleware to your FastAPI application:

1
2
3
4
5
6

from fastapi import FastAPI
from my_custom_auth_middleware import CustomAuthMiddleware

app = FastAPI()

app.add_middleware(CustomAuthMiddleware)

1. Protect static routes by adding the custom authentication middleware to specific route handlers:

1
2
3
4
5
6
7

from fastapi import APIRouter

router = APIRouter()

@router.get("/protected-route")
async def protected_route():
    return {"message": "This route is protected by custom authentication middleware"}

By following these steps, you can authenticate static routes in FastAPI using custom authentication middleware. Customize the custom_auth_function to fit your authentication logic and secure your routes accordingly.