TechOverflow Logo
TechOverflow

FastAPI minimal example with HTTP basic auth

Example using username & password from Python

#!/usr/bin/env python3
from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import HTTPBasic, HTTPBasicCredentials
import secrets

app = FastAPI()
security = HTTPBasic()

# Demo credentials - in production use secure storage
USERNAME = "admin"
PASSWORD = "secret"

def verify_credentials(credentials: HTTPBasicCredentials = Depends(security)):
    correct_username = secrets.compare_digest(credentials.username, USERNAME)
    correct_password = secrets.compare_digest(credentials.password, PASSWORD)
    
    if not (correct_username and correct_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid credentials",
            headers={"WWW-Authenticate": "Basic"},
        )
    return credentials

@app.get("/")
async def read_root(credentials: HTTPBasicCredentials = Depends(verify_credentials)):
    return {"message": f"Hello, {credentials.username}!"}

if __name__ == "__main__":
    import uvicorn
    uvicorn.run(app, host="127.0.0.1", port=8000)

Example using pydantic settings to read username & password from environment variables

#!/usr/bin/env python3
from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import HTTPBasic, HTTPBasicCredentials
from pydantic_settings import BaseSettings
import secrets

class AppSettings(BaseSettings):
    HTTP_AUTH_USERNAME: str
    HTTP_AUTH_PASSWORD: str
    
    class Config:
        env_file = ".env"

app = FastAPI()
security = HTTPBasic()
settings = AppSettings()

def verify_credentials(credentials: HTTPBasicCredentials = Depends(security)):
    correct_username = secrets.compare_digest(credentials.username, settings.HTTP_AUTH_USERNAME)
    correct_password = secrets.compare_digest(credentials.password, settings.HTTP_AUTH_PASSWORD)
    
    if not (correct_username and correct_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid credentials",
            headers={"WWW-Authenticate": "Basic"},
        )
    return credentials

@app.get("/list")
async def read_root(credentials: HTTPBasicCredentials = Depends(verify_credentials)):
    return {"message": f"Hello, {credentials.username}!"}

if __name__ == "__main__":
    import uvicorn
    uvicorn.run(app, host="127.0.0.1", port=8000)

Use like this:

HTTP_AUTH_USERNAME=admin HTTP_AUTH_PASSWORD=123 python3 server.py