Skip to content

Release Notes

Latest changes



  • Add support for declaring a Response parameter:


  • Implement dependency cache per request.

    • This avoids calling each dependency multiple times for the same request.
    • This is useful while calling external services, performing costly computation, etc.
    • This also means that if a dependency was declared as a path operation decorator dependency, possibly at the router level (with .include_router()) and then it is declared again in a specific path operation, the dependency will be called only once.
    • The cache can be disabled per dependency declaration, using use_cache=False as in Depends(your_dependency, use_cache=False).
    • Updated docs at: Using the same dependency multiple times.
    • PR #292.
  • Implement dependency overrides for testing.



  • Fix auto_error=False handling in HTTPBearer security scheme. Do not raise when there's an incorrect Authorization header if auto_error=False. PR #282.

  • Fix type declaration of HTTPException. PR #279.




  • Add support for Pydantic's include, exclude, by_alias.

  • Add file to GitHub, to help new contributors. PR #255 by @wshayes.

  • Add support for Pydantic's skip_defaults:


  • Add support for WebSockets with dependencies and parameters.

  • Upgrade the compatible version of Pydantic to 0.26.0.

    • This includes JSON Schema support for IP address and network objects, bug fixes, and other features.
    • PR #247 by @euri10.


  • Upgrade the compatible version of Starlette to 0.12.0.

    • This includes support for ASGI 3 (the latest version of the standard).
    • It's now possible to use Starlette's StreamingResponse with iterators, like file-like objects (as those returned by open()).
    • It's now possible to use the low level utility iterate_in_threadpool from starlette.concurrency (for advanced scenarios).
    • PR #243.
  • Add OAuth2 redirect page for Swagger UI. This allows having delegated authentication in the Swagger UI docs. For this to work, you need to add {your_origin}/docs/oauth2-redirect to the allowed callbacks in your OAuth2 provider (in Auth0, Facebook, Google, etc).

    • For example, during development, it could be http://localhost:8000/docs/oauth2-redirect.
    • Have in mind that this callback URL is independent of whichever one is used by your frontend. You might also have another callback at
    • This is only to allow delegated authentication in the API docs with Swagger UI.
    • PR #198 by @steinitzu.
  • Make Swagger UI and ReDoc route handlers (path operations) be async functions instead of lambdas to improve performance. PR #241 by @Trim21.

  • Make Swagger UI and ReDoc URLs parameterizable, allowing to host and serve local versions of them and have offline docs. PR #112 by @euri10.


  • Add support for dependencies parameter:

    • A parameter in path operation decorators, for dependencies that should be executed but the return value is not important or not used in the path operation function.
    • A parameter in the .include_router() method of FastAPI applications and routers, to include dependencies that should be executed in each path operation in a router.
      • This is useful, for example, to require authentication or permissions in specific group of path operations.
      • Different dependencies can be applied to different routers.
    • These dependencies are run before the normal parameter dependencies. And normal dependencies are run too. They can be combined.
    • Dependencies declared in a router are executed first, then the ones defined in path operation decorators, and then the ones declared in normal parameters. They are all combined and executed.
    • All this also supports using Security with scopes in those dependencies parameters, for more advanced OAuth 2.0 security scenarios with scopes.
    • New documentation about dependencies in path operation decorators.
    • New documentation about dependencies in the include_router() method.
    • PR #235.
  • Fix OpenAPI documentation of Starlette URL convertors. Specially useful when using path convertors, to take a whole path as a parameter, like /some/url/{p:path}. PR #234 by @euri10.

  • Make default parameter utilities exported from fastapi be functions instead of classes (the new functions return instances of those classes). To be able to override the return types and fix mypy errors in FastAPI's users' code. Applies to Path, Query, Header, Cookie, Body, Form, File, Depends, and Security. PR #226 and PR #231.

  • Separate development scripts,, and PR #232.

  • Re-enable black formatting checks for Python 3.7. PR #229 by @zamiramir.


  • On body parsing errors, raise from previous exception, to allow better introspection in logging code. PR #192 by @ricardomomm.

  • Use Python logger named "fastapi" instead of root logger. PR #222 by @euri10.

  • Upgrade Pydantic to version 0.25. PR #225 by @euri10.

  • Fix typo in routing. PR #221 by @djlambert.


  • Add typing information to package including file py.typed. PR #209 by @meadsteve.

  • Add FastAPI bot for Gitter. To automatically announce new releases. PR #189.




  • Add docs for HTTP Basic Auth. PR #177.

  • Upgrade HTTP Basic Auth handling with automatic headers (automatic browser login prompt). PR #175.

  • Update dependencies for security. PR #174.

  • Add docs for Middleware. PR #173.





  • Improve automatically generated names of path operations in OpenAPI (in API docs). A function read_items instead of having a generated name "Read Items Get" will have "Read Items". PR #155.

  • Add docs for: Testing FastAPI. PR #151.

  • Update /docs Swagger UI to enable deep linking. This allows sharing the URL pointing directly to the path operation documentation in the docs. PR #148 by @wshayes.

  • Update development dependencies, Pipfile.lock. PR #150.

  • Include Falcon and Hug in: Alternatives, Inspiration and Comparisons.


  • Improve/upgrade OAuth2 scopes support with SecurityScopes:
    • SecurityScopes can be declared as a parameter like Request, to get the scopes of all super-dependencies/dependants.
    • Improve Security handling, merging scopes when declaring SecurityScopes.
    • Allow using SecurityBase (like OAuth2) classes with Depends and still document them. Security now is needed only to declare scopes.
    • Updated docs about: OAuth2 with Password (and hashing), Bearer with JWT tokens.
    • New docs about: OAuth2 scopes.
    • PR #141.


  • Fix bug: handling additional responses in APIRouter.include_router(). PR #140.

  • Fix typo in SQL tutorial. PR #138 by @mostaphaRoudsari.

  • Fix typos in section about nested models and OAuth2 with JWT. PR #127 by @mmcloud.


  • Add additional responses parameter to path operation decorators to extend responses in OpenAPI (and API docs).
    • It also allows extending existing responses generated from response_model, declare other media types (like images), etc.
    • The new documentation is here: Additional Responses.
    • responses can also be added to .include_router(), the updated docs are here: Bigger Applications.
    • PR #97 originally initiated by @barsi.
  • Update scripts/ to allow passing extra parameters like -vv, for development.


  • Add auto_error parameter to security utility functions. Allowing them to be optional. Also allowing to have multiple alternative security schemes that are then checked in a single dependency instead of each one verifying and returning the error to the client automatically when not satisfied. PR #134.

  • Update SQL Tutorial to close database sessions even when there are exceptions. PR #89 by @alexiri.

  • Fix duplicate dependency in pyproject.toml. PR #128 by @zxalif.



  • Fix OpenAPI (JSON Schema) for declarations of Python Union (JSON Schema additionalProperties). PR #121.

  • Update Background Tasks with a note on Celery.

  • Document response models using unions and lists, updated at: Extra Models. PR #108.






  • Make development scripts executable. PR #76 by @euri10.

  • Add support for adding tags in app.include_router(). PR #55 by @euri10. Documentation updated in the section: Bigger Applications.

  • Update docs related to Uvicorn to use new --reload option from version 0.5.x. PR #74.

  • Update isort imports and scripts to be compatible with newer versions. PR #75.





  • Add Favicons to docs. PR #53.









  • Fix jsonable_encoder for Pydantic models with Config but without json_encoders: #29.


  • Fix typos in Security section: #24 by @kkinder.

  • Add support for Pydantic custom JSON encoders: #21 by @euri10.


  • Upgrade Starlette version to the current latest 0.10.1: #17 by @euri10.