Skip to content

Release Notes

Latest Changes

  • ♻️ Update FastAPI People GitHub Action to send the PR as github-actions. PR #2201 by @tiangolo.
  • 🔧 Update FastAPI People GitHub Action config, run monthly. PR #2199 by @tiangolo.
  • 🐛 Fix FastAPI People GitHub Action Docker dependency, strike 1 ⚾. PR #2198 by @tiangolo.
  • 🐛 Fix FastAPI People GitHub Action Docker dependencies. PR #2197 by @tiangolo.
  • 🐛 Fix FastAPI People GitHub Action when there's nothing to change. PR #2196 by @tiangolo.
  • 👥 Add new section FastAPI People. PR #2195 by @tiangolo.
  • 🌐 Add Portuguese translation for External Links. PR #1443 by @Serrones.
  • 🌐 Add Japanese translation for Tutorial - CORS. PR #2125 by @tokusumi.
  • 🌐 Add Japanese translation for Contributing. PR #2067 by @komtaki.
  • 🌐 Add Japanese translation for Project Generation. PR #2050 by @tokusumi.
  • 🌐 Add Japanese translation for Alternatives. PR #2043 by @Attsun1031.
  • ✏ Fix typo in Spanish tutorial index. PR #2020 by @aviloncho.
  • 🌐 Add Japanese translation for History Design and Future. PR #2002 by @komtaki.
  • 🌐 Add Japanese translation for Benchmarks. PR #1992 by @komtaki.
  • 🌐 Add Japanese translation for Tutorial - Header Parameters. PR #1935 by @SwftAlpc.
  • ⬆️ Upgrade GitHub Action Latest Changes. PR #2190 by @tiangolo.
  • ⬆️ Upgrade GitHub Action Label Approved. PR #2189 by @tiangolo.
  • 🌐 Add Portuguese translation for Tutorial - First Steps. PR #1861 by @jessicapaz.
  • 🌐 Add Portuguese translation for Python Types. PR #1796 by @izaguerreiro.
  • 🌐 Add Japanese translation for Help FastAPI. PR #1692 by @tokusumi.
  • 🌐 Add Japanese translation for Tutorial - Body. PR #1683 by @tokusumi.
  • 🌐 Add Japanese translation for Tutorial - Query Params. PR #1674 by @tokusumi.
  • 🌐 Add Japanese translation for tutorial/ PR #1671 by @tokusumi.
  • 🌐 Add Japanese translation for tutorial/ PR #1658 by @tokusumi.
  • 🌐 Add Japanese translation for tutorial/ PR #1656 by @tokusumi.
  • 🌐 Add translation to Portuguese for Project Generation. PR #1602 by @Serrones.
  • 🔧 Update GitHub Action Label Approved, run at 12:00. PR #2185 by @tiangolo.
  • 🌐 Add Japanese translation for Features. PR #1625 by @tokusumi.
  • 👷 Upgrade GitHub Action Latest Changes. PR #2184 by @tiangolo.
  • 🌐 Initialize new language Korean for translations. PR #2018 by @hard-coders.
  • 🌐 Add Portuguese translation of Deployment. PR #1374 by @Serrones.
  • 👷 Set GitHub Action Label Approved to run daily, not every minute. PR #2163 by @tiangolo.
  • 🔥 Remove pr-approvals GitHub Action as it's not compatible with forks. Use the new one. PR #2162 by @tiangolo.
  • 👷 Add GitHub Action Latest Changes. PR #2160.
  • 👷 Add GitHub Action Label Approved. PR #2161.



  • Fix issues using jsonable_encoder with SQLAlchemy models directly. PR #1987.




  • Improve docs maintainability by updating hl_lines syntax to use ranges. PR #1863 by @la-mar.



  • Add support for injecting HTTPConnection (as Request and WebSocket). Useful for sharing app state in dependencies. PR #1827 by @nsidnev.
  • Export WebSocketDisconnect and add example handling WebSocket disconnections to docs. PR #1822 by @rkbeatss.

Breaking Changes

  • Require Pydantic > 1.0.0.
    • Remove support for deprecated Pydantic 0.32.2. This improves maintainability and allows new features.
    • In FastAPI and APIRouter:
      • Remove path operation decorators related/deprecated parameter response_model_skip_defaults (use response_model_exclude_unset instead).
      • Change path operation decorators parameter default for response_model_exclude from set() to None (as is in Pydantic).
    • In encoders.jsonable_encoder:
      • Remove deprecated skip_defaults, use instead exclude_unset.
      • Set default of exclude from set() to None (as is in Pydantic).
    • PR #1862.
  • In encoders.jsonable_encoder remove parameter sqlalchemy_safe.
    • It was an early hack to allow returning SQLAlchemy models, but it was never documented, and the recommended way is using Pydantic's orm_mode as described in the tutorial: SQL (Relational) Databases.
    • PR #1864.



  • Add Flake8 linting. Original PR #1774 by @MashhadiNima.
  • Disable Gitter bot, as it's currently broken, and Gitter's response doesn't show the problem. PR #1853.



  • Add debugging logs for GitHub actions to introspect GitHub hidden context. PR #1764.
  • Use OS preference theme for online docs. PR #1760 by @adriencaccia.
  • Upgrade Starlette to version 0.13.6 to handle a vulnerability when using static files in Windows. PR #1759 by @jamesag26.
  • Pin Swagger UI temporarily, waiting for a fix for swagger-api/swagger-ui#6249. PR #1763.
  • Update GitHub Actions, use commit from PR for docs preview, not commit from pre-merge. PR #1761.
  • Update GitHub Actions, refactor Gitter bot. PR #1746.


  • Add GitHub Action to watch for missing preview docs and trigger a preview deploy. PR #1740.
  • Add custom GitHub Action to get artifact with docs preview. PR #1739.
  • Add new GitHub Actions to preview docs from PRs. PR #1738.
  • Add XML test coverage to support GitHub Actions. PR #1737.
  • Update badges and remove Travis now that GitHub Actions is the main CI. PR #1736.
  • Add GitHub Actions for CI, move from Travis. PR #1735.
  • Add support for adding OpenAPI schema for GET requests with a body. PR #1626 by @victorphoenix3.




  • Deep merge OpenAPI responses to preserve all the additional metadata. PR #1577.
  • Mention in docs that only main app events are run (not sub-apps). PR #1554 by @amacfie.
  • Fix body validation error response, do not include body variable when it is not embedded. PR #1553 by @amacfie.
  • Fix testing OAuth2 security scopes when using dependency overrides. PR #1549 by @amacfie.
  • Fix Model for JSON Schema keyword not as a JSON Schema instead of a list. PR #1548 by @v-do.
  • Add support for OpenAPI servers. PR #1547 by @mikaello.








  • Update database test setup. PR #1226.
  • Improve test debugging by showing response text in failing tests. PR #1222 by @samuelcolvin.







  • Re-export utils from Starlette:
    • This allows using things like from fastapi.responses import JSONResponse instead of from starlette.responses import JSONResponse.
    • It's mainly syntax sugar, a convenience for developer experience.
    • Now Request, Response, WebSocket, status can be imported directly from fastapi as in from fastapi import Response. This is because those are frequently used, to use the request directly, to set headers and cookies, to get status codes, etc.
    • Documentation changes in many places, but new docs and noticeable improvements:
    • PR #1064.


  • Add link to Release Notes from docs about pinning versions for deployment. PR #1058.
  • Upgrade code to use the latest version of Starlette, including:
    • Several bug fixes.
    • Optional redirects of slashes, with or without ending in /.
    • Events for routers, "startup", and "shutdown".
    • PR #1057.
  • Add docs about pinning FastAPI versions for deployment: Deployment: FastAPI versions. PR #1056.



  • Fix path operation duplicated parameters when used in dependencies and the path operation function. PR #994 by @merowinger92.
  • Update Netlify previews deployment GitHub action as the fix is already merged and there's a new release. PR #1047.
  • Move mypy configurations to config file. PR #987 by @hukkinj1.
  • Temporary fix to Netlify previews not deployable from PRs from forks. PR #1046 by @mariacamilagl.




  • Fix model filtering in response_model, cloning sub-models. PR #889.
  • Fix FastAPI serialization of Pydantic models using ORM mode blocking the event loop. PR #888.





  • Add GitHub social preview images to git. PR #752.
  • Update PyPI "trove classifiers". PR #751.
  • Add full support for Python 3.8. Enable Python 3.8 in full in Travis. PR 749.
  • Update "new issue" templates. PR #749.
  • Fix serialization of errors for exotic Pydantic types. PR #748 by @dmontagu.




  • Add dependencies with yield, a.k.a. exit steps, context managers, cleanup, teardown, ...
    • This allows adding extra code after a dependency is done. It can be used, for example, to close database connections.
    • Dependencies with yield can be normal or async, FastAPI will run normal dependencies in a threadpool.
    • They can be combined with normal dependencies.
    • It's possible to have arbitrary trees/levels of dependencies with yield and exit steps are handled in the correct order automatically.
    • It works by default in Python 3.7 or above. For Python 3.6, it requires the extra backport dependencies:
      • async-exit-stack
      • async-generator
    • New docs at Dependencies with yield.
    • Updated database docs SQL (Relational) Databases: Main FastAPI app.
    • PR #595.
  • Fix sitemap.xml in website. PR #598 by @samuelcolvin.


  • Upgrade required Starlette to 0.12.9, the new range is >=0.12.9,<=0.12.9.
    • Add State to FastAPI apps at app.state.
    • PR #593.
  • Improve handling of custom classes for Requests and APIRoutes.
    • This helps to more easily solve use cases like:
      • Reading a body before and/or after a request (equivalent to a middleware).
      • Run middleware-like code only for a subset of path operations.
      • Process a request before passing it to a path operation function. E.g. decompressing, deserializing, etc.
      • Processing a response after being generated by path operation functions but before returning it. E.g. adding custom headers, logging, adding extra metadata.
    • New docs section: Custom Request and APIRoute class.
    • PR #589 by @dmontagu.
  • Fix preserving custom route class in routers when including other sub-routers. PR #538 by @dmontagu.



  • Allow path parameters to have default values (e.g. None) and discard them instead of raising an error.
    • This allows declaring a parameter like user_id: str = None that can be taken from a query parameter, but the same path operation can be included in a router with a path /users/{user_id}, in which case will be taken from the path and will be required.
    • PR #464 by @jonathanunderwood.
  • Add support for setting a default_response_class in the FastAPI instance or in include_router. Initial PR #467 by @toppk.
  • Add support for type annotations using strings and from __future__ import annotations. PR #451 by @dmontagu.



  • Add recent articles to External Links and recent opinions. PR #490.
  • Upgrade support range for Starlette to include 0.12.8. The new range is >=0.11.1,<=0.12.8". PR #477 by @dmontagu.
  • Upgrade support to Pydantic version 0.32.2 and update internal code to use it (breaking change). PR #463 by @dmontagu.



  • Fix implementation for skip_defaults when returning a Pydantic model. PR #422 by @dmontagu.
  • Fix OpenAPI generation when using the same dependency in multiple places for the same path operation. PR #417 by @dmontagu.
  • Allow having empty paths in path operations used with include_router and a prefix.
    • This allows having a router for /cats and all its path operations, while having one of them for /cats.
    • Now it doesn't have to be only /cats/ (with a trailing slash).
    • To use it, declare the path in the path operation as the empty string ("").
    • PR #415 by @vitalik.
  • Fix mypy error after merging PR #415. PR #462.



  • Upgrade Starlette supported range to include the latest 0.12.7. The new range is 0.11.1,<=0.12.7. PR #367 by @dedsm.

  • Add test for OpenAPI schema with duplicate models from PR #333 by @dmontagu. PR #385.


  • Upgrade Pydantic version to 0.30.0. PR #384 by @jekirl.


  • Fix typo in docs for features. PR #380 by @MartinoMensio.

  • Fix source code limit for example in Query Parameters. PR #366 by @Smashman.

  • Update wording in docs about OAuth2 scopes. PR #371 by @cjw296.

  • Update docs for Enums to inherit from str and improve Swagger UI rendering. PR #351.

  • Fix regression, add Swagger UI deep linking again. PR #350.

  • Add test for having path templates in prefix of .include_router. PR #349.

  • Add note to docs: Include the same router multiple times with different prefix. PR #348.

  • Fix OpenAPI/JSON Schema generation for two functions with the same name (in different modules) with the same composite bodies.

    • Composite bodies' IDs are now based on path, not only on route name, as the auto-generated name uses the function names, that can be duplicated in different modules.
    • The same new ID generation applies to response models.
    • This also changes the generated title for those models.
    • Only composite bodies and response models are affected because those are generated dynamically, they don't have a module (a Python file).
    • This also adds the possibility of using .include_router() with the same APIRouter multiple times, with different prefixes, e.g. /api/v2 and /api/latest, and it will now work correctly.
    • PR #347.


  • Upgrade Pydantic supported version to 0.29.0.
    • New supported version range is "pydantic >=0.28,<=0.29.0".
    • This adds support for Pydantic Generic Models, kudos to @dmontagu.
    • PR #344.



  • Add support for Pydantic's ORM mode:

    • Updated documentation about SQL with SQLAlchemy, using Pydantic models with ORM mode, SQLAlchemy models with relations, separation of files, simplification of code and other changes. New docs: SQL (Relational) Databases.
    • The new support for ORM mode fixes issues/adds features related to ORMs with lazy-loading, hybrid properties, dynamic/getters (using @property decorators) and several other use cases.
    • This applies to ORMs like SQLAlchemy, Peewee, Tortoise ORM, GINO ORM and virtually any other.
    • If your path operations return an arbitrary object with attributes (e.g. instead of my_item["name"]) AND you use a response_model, make sure to update the Pydantic models with orm_mode = True as described in the docs (link above).
    • New documentation about receiving plain dicts as request bodies: Bodies of arbitrary dicts.
    • New documentation about returning arbitrary dicts in responses: Response with arbitrary dict.
    • Technical Details:
      • When declaring a response_model it is used directly to generate the response content, from whatever was returned from the path operation function.
      • Before this, the return content was first passed through jsonable_encoder to ensure it was a "jsonable" object, like a dict, instead of an arbitrary object with attributes (like an ORM model). That's why you should make sure to update your Pydantic models for objects with attributes to use orm_mode = True.
      • If you don't have a response_model, the return object will still be passed through jsonable_encoder first.
      • When a response_model is declared, the same response_model type declaration won't be used as is, it will be "cloned" to create an new one (a cloned Pydantic Field with all the submodels cloned as well).
      • This avoids/fixes a potential security issue: as the returned object is passed directly to Pydantic, if the returned object was a subclass of the response_model (e.g. you return a UserInDB that inherits from User but contains extra fields, like hashed_password, and User is used in the response_model), it would still pass the validation (because UserInDB is a subclass of User) and the object would be returned as-is, including the hashed_password. To fix this, the declared response_model is cloned, if it is a Pydantic model class (or contains Pydantic model classes in it, e.g. in a List[Item]), the Pydantic model class(es) will be a different one (the "cloned" one). So, an object that is a subclass won't simply pass the validation and returned as-is, because it is no longer a sub-class of the cloned response_model. Instead, a new Pydantic model object will be created with the contents of the returned object. So, it will be a new object (made with the data from the returned one), and will be filtered by the cloned response_model, containing only the declared fields as normally.
    • PR #322.
  • Remove/clean unused RegEx code in routing. PR #314 by @dmontagu.

  • Use default response status code descriptions for additional responses. PR #313 by @duxiaoyao.

  • Upgrade Pydantic support to 0.28. PR #320 by @jekirl.



  • Add support for declaring a Response parameter:


  • Implement dependency cache per request.

    • This avoids calling each dependency multiple times for the same request.
    • This is useful while calling external services, performing costly computation, etc.
    • This also means that if a dependency was declared as a path operation decorator dependency, possibly at the router level (with .include_router()) and then it is declared again in a specific path operation, the dependency will be called only once.
    • The cache can be disabled per dependency declaration, using use_cache=False as in Depends(your_dependency, use_cache=False).
    • Updated docs at: Using the same dependency multiple times.
    • PR #292.
  • Implement dependency overrides for testing.



  • Fix auto_error=False handling in HTTPBearer security scheme. Do not raise when there's an incorrect Authorization header if auto_error=False. PR #282.

  • Fix type declaration of HTTPException. PR #279.




  • Add support for Pydantic's include, exclude, by_alias.

  • Add file to GitHub, to help new contributors. PR #255 by @wshayes.

  • Add support for Pydantic's skip_defaults:


  • Add support for WebSockets with dependencies and parameters.

  • Upgrade the compatible version of Pydantic to 0.26.0.

    • This includes JSON Schema support for IP address and network objects, bug fixes, and other features.
    • PR #247 by @euri10.


  • Upgrade the compatible version of Starlette to 0.12.0.

    • This includes support for ASGI 3 (the latest version of the standard).
    • It's now possible to use Starlette's StreamingResponse with iterators, like file-like objects (as those returned by open()).
    • It's now possible to use the low level utility iterate_in_threadpool from starlette.concurrency (for advanced scenarios).
    • PR #243.
  • Add OAuth2 redirect page for Swagger UI. This allows having delegated authentication in the Swagger UI docs. For this to work, you need to add {your_origin}/docs/oauth2-redirect to the allowed callbacks in your OAuth2 provider (in Auth0, Facebook, Google, etc).

    • For example, during development, it could be http://localhost:8000/docs/oauth2-redirect.
    • Have in mind that this callback URL is independent of whichever one is used by your frontend. You might also have another callback at
    • This is only to allow delegated authentication in the API docs with Swagger UI.
    • PR #198 by @steinitzu.
  • Make Swagger UI and ReDoc route handlers (path operations) be async functions instead of lambdas to improve performance. PR #241 by @Trim21.

  • Make Swagger UI and ReDoc URLs parameterizable, allowing to host and serve local versions of them and have offline docs. PR #112 by @euri10.


  • Add support for dependencies parameter:

    • A parameter in path operation decorators, for dependencies that should be executed but the return value is not important or not used in the path operation function.
    • A parameter in the .include_router() method of FastAPI applications and routers, to include dependencies that should be executed in each path operation in a router.
      • This is useful, for example, to require authentication or permissions in specific group of path operations.
      • Different dependencies can be applied to different routers.
    • These dependencies are run before the normal parameter dependencies. And normal dependencies are run too. They can be combined.
    • Dependencies declared in a router are executed first, then the ones defined in path operation decorators, and then the ones declared in normal parameters. They are all combined and executed.
    • All this also supports using Security with scopes in those dependencies parameters, for more advanced OAuth 2.0 security scenarios with scopes.
    • New documentation about dependencies in path operation decorators.
    • New documentation about dependencies in the include_router() method.
    • PR #235.
  • Fix OpenAPI documentation of Starlette URL convertors. Specially useful when using path convertors, to take a whole path as a parameter, like /some/url/{p:path}. PR #234 by @euri10.

  • Make default parameter utilities exported from fastapi be functions instead of classes (the new functions return instances of those classes). To be able to override the return types and fix mypy errors in FastAPI's users' code. Applies to Path, Query, Header, Cookie, Body, Form, File, Depends, and Security. PR #226 and PR #231.

  • Separate development scripts,, and PR #232.

  • Re-enable black formatting checks for Python 3.7. PR #229 by @zamiramir.


  • On body parsing errors, raise from previous exception, to allow better introspection in logging code. PR #192 by @ricardomomm.

  • Use Python logger named "fastapi" instead of root logger. PR #222 by @euri10.

  • Upgrade Pydantic to version 0.25. PR #225 by @euri10.

  • Fix typo in routing. PR #221 by @djlambert.


  • Add typing information to package including file py.typed. PR #209 by @meadsteve.

  • Add FastAPI bot for Gitter. To automatically announce new releases. PR #189.




  • Add docs for HTTP Basic Auth. PR #177.

  • Upgrade HTTP Basic Auth handling with automatic headers (automatic browser login prompt). PR #175.

  • Update dependencies for security. PR #174.

  • Add docs for Middleware. PR #173.





  • Improve automatically generated names of path operations in OpenAPI (in API docs). A function read_items instead of having a generated name "Read Items Get" will have "Read Items". PR #155.

  • Add docs for: Testing FastAPI. PR #151.

  • Update /docs Swagger UI to enable deep linking. This allows sharing the URL pointing directly to the path operation documentation in the docs. PR #148 by @wshayes.

  • Update development dependencies, Pipfile.lock. PR #150.

  • Include Falcon and Hug in: Alternatives, Inspiration and Comparisons.


  • Improve/upgrade OAuth2 scopes support with SecurityScopes:
    • SecurityScopes can be declared as a parameter like Request, to get the scopes of all super-dependencies/dependants.
    • Improve Security handling, merging scopes when declaring SecurityScopes.
    • Allow using SecurityBase (like OAuth2) classes with Depends and still document them. Security now is needed only to declare scopes.
    • Updated docs about: OAuth2 with Password (and hashing), Bearer with JWT tokens.
    • New docs about: OAuth2 scopes.
    • PR #141.


  • Fix bug: handling additional responses in APIRouter.include_router(). PR #140.

  • Fix typo in SQL tutorial. PR #138 by @mostaphaRoudsari.

  • Fix typos in section about nested models and OAuth2 with JWT. PR #127 by @mmcloud.


  • Add additional responses parameter to path operation decorators to extend responses in OpenAPI (and API docs).
    • It also allows extending existing responses generated from response_model, declare other media types (like images), etc.
    • The new documentation is here: Additional Responses.
    • responses can also be added to .include_router(), the updated docs are here: Bigger Applications.
    • PR #97 originally initiated by @barsi.
  • Update scripts/ to allow passing extra parameters like -vv, for development.


  • Add auto_error parameter to security utility functions. Allowing them to be optional. Also allowing to have multiple alternative security schemes that are then checked in a single dependency instead of each one verifying and returning the error to the client automatically when not satisfied. PR #134.

  • Update SQL Tutorial to close database sessions even when there are exceptions. PR #89 by @alexiri.

  • Fix duplicate dependency in pyproject.toml. PR #128 by @zxalif.



  • Fix OpenAPI (JSON Schema) for declarations of Python Union (JSON Schema additionalProperties). PR #121.

  • Update Background Tasks with a note on Celery.

  • Document response models using unions and lists, updated at: Extra Models. PR #108.






  • Make development scripts executable. PR #76 by @euri10.

  • Add support for adding tags in app.include_router(). PR #55 by @euri10. Documentation updated in the section: Bigger Applications.

  • Update docs related to Uvicorn to use new --reload option from version 0.5.x. PR #74.

  • Update isort imports and scripts to be compatible with newer versions. PR #75.





  • Add Favicons to docs. PR #53.









  • Fix jsonable_encoder for Pydantic models with Config but without json_encoders: #29.


  • Fix typos in Security section: #24 by @kkinder.

  • Add support for Pydantic custom JSON encoders: #21 by @euri10.


  • Upgrade Starlette version to the current latest 0.10.1: #17 by @euri10.