Skip to content

Release Notes

Latest changes

0.35.0

0.34.0

  • Upgrade Starlette supported range to include the latest 0.12.7. The new range is 0.11.1,<=0.12.7. PR #367 by @dedsm.

  • Add test for OpenAPI schema with duplicate models from PR #333 by @dmontagu. PR #385.

0.33.0

  • Upgrade Pydantic version to 0.30.0. PR #384 by @jekirl.

0.32.0

  • Fix typo in docs for features. PR #380 by @MartinoMensio.

  • Fix source code limit for example in Query Parameters. PR #366 by @Smashman.

  • Update wording in docs about OAuth2 scopes. PR #371 by @cjw296.

  • Update docs for Enums to inherit from str and improve Swagger UI rendering. PR #351.

  • Fix regression, add Swagger UI deep linking again. PR #350.

  • Add test for having path templates in prefix of .include_router. PR #349.

  • Add note to docs: Include the same router multiple times with different prefix. PR #348.

  • Fix OpenAPI/JSON Schema generation for two functions with the same name (in different modules) with the same composite bodies.

    • Composite bodies' IDs are now based on path, not only on route name, as the auto-generated name uses the function names, that can be duplicated in different modules.
    • The same new ID generation applies to response models.
    • This also changes the generated title for those models.
    • Only composite bodies and response models are affected because those are generated dynamically, they don't have a module (a Python file).
    • This also adds the possibility of using .include_router() with the same APIRouter multiple times, with different prefixes, e.g. /api/v2 and /api/latest, and it will now work correctly.
    • PR #347.

0.31.0

  • Upgrade Pydantic supported version to 0.29.0.
    • New supported version range is "pydantic >=0.28,<=0.29.0".
    • This adds support for Pydantic Generic Models, kudos to @dmontagu.
    • PR #344.

0.30.1

0.30.0

  • Add support for Pydantic's ORM mode:

    • Updated documentation about SQL with SQLAlchemy, using Pydantic models with ORM mode, SQLAlchemy models with relations, separation of files, simplification of code and other changes. New docs: SQL (Relational) Databases.
    • The new support for ORM mode fixes issues/adds features related to ORMs with lazy-loading, hybrid properties, dynamic/getters (using @property decorators) and several other use cases.
    • This applies to ORMs like SQLAlchemy, Peewee, Tortoise ORM, GINO ORM and virtually any other.
    • If your path operations return an arbitrary object with attributes (e.g. my_item.name instead of my_item["name"]) AND you use a response_model, make sure to update the Pydantic models with orm_mode = True as described in the docs (link above).
    • New documentation about receiving plain dicts as request bodies: Bodies of arbitrary dicts.
    • New documentation about returning arbitrary dicts in responses: Response with arbitrary dict.
    • Technical Details:
      • When declaring a response_model it is used directly to generate the response content, from whatever was returned from the path operation function.
      • Before this, the return content was first passed through jsonable_encoder to ensure it was a "jsonable" object, like a dict, instead of an arbitrary object with attributes (like an ORM model). That's why you should make sure to update your Pydantic models for objects with attributes to use orm_mode = True.
      • If you don't have a response_model, the return object will still be passed through jsonable_encoder first.
      • When a response_model is declared, the same response_model type declaration won't be used as is, it will be "cloned" to create an new one (a cloned Pydantic Field with all the submodels cloned as well).
      • This avoids/fixes a potential security issue: as the returned object is passed directly to Pydantic, if the returned object was a subclass of the response_model (e.g. you return a UserInDB that inherits from User but contains extra fields, like hashed_password, and User is used in the response_model), it would still pass the validation (because UserInDB is a subclass of User) and the object would be returned as-is, including the hashed_password. To fix this, the declared response_model is cloned, if it is a Pydantic model class (or contains Pydantic model classes in it, e.g. in a List[Item]), the Pydantic model class(es) will be a different one (the "cloned" one). So, an object that is a subclass won't simply pass the validation and returned as-is, because it is no longer a sub-class of the cloned response_model. Instead, a new Pydantic model object will be created with the contents of the returned object. So, it will be a new object (made with the data from the returned one), and will be filtered by the cloned response_model, containing only the declared fields as normally.
    • PR #322.
  • Remove/clean unused RegEx code in routing. PR #314 by @dmontagu.

  • Use default response status code descriptions for additional responses. PR #313 by @duxiaoyao.

  • Upgrade Pydantic support to 0.28. PR #320 by @jekirl.

0.29.1

0.29.0

  • Add support for declaring a Response parameter:

0.28.0

  • Implement dependency cache per request.

    • This avoids calling each dependency multiple times for the same request.
    • This is useful while calling external services, performing costly computation, etc.
    • This also means that if a dependency was declared as a path operation decorator dependency, possibly at the router level (with .include_router()) and then it is declared again in a specific path operation, the dependency will be called only once.
    • The cache can be disabled per dependency declaration, using use_cache=False as in Depends(your_dependency, use_cache=False).
    • Updated docs at: Using the same dependency multiple times.
    • PR #292.
  • Implement dependency overrides for testing.

0.27.2

0.27.1

  • Fix auto_error=False handling in HTTPBearer security scheme. Do not raise when there's an incorrect Authorization header if auto_error=False. PR #282.

  • Fix type declaration of HTTPException. PR #279.

0.27.0

0.26.0

0.25.0

  • Add support for Pydantic's include, exclude, by_alias.

  • Add CONTRIBUTING.md file to GitHub, to help new contributors. PR #255 by @wshayes.

  • Add support for Pydantic's skip_defaults:

0.24.0

  • Add support for WebSockets with dependencies and parameters.

  • Upgrade the compatible version of Pydantic to 0.26.0.

    • This includes JSON Schema support for IP address and network objects, bug fixes, and other features.
    • PR #247 by @euri10.

0.23.0

  • Upgrade the compatible version of Starlette to 0.12.0.

    • This includes support for ASGI 3 (the latest version of the standard).
    • It's now possible to use Starlette's StreamingResponse with iterators, like file-like objects (as those returned by open()).
    • It's now possible to use the low level utility iterate_in_threadpool from starlette.concurrency (for advanced scenarios).
    • PR #243.
  • Add OAuth2 redirect page for Swagger UI. This allows having delegated authentication in the Swagger UI docs. For this to work, you need to add {your_origin}/docs/oauth2-redirect to the allowed callbacks in your OAuth2 provider (in Auth0, Facebook, Google, etc).

    • For example, during development, it could be http://localhost:8000/docs/oauth2-redirect.
    • Have in mind that this callback URL is independent of whichever one is used by your frontend. You might also have another callback at https://yourdomain.com/login/callback.
    • This is only to allow delegated authentication in the API docs with Swagger UI.
    • PR #198 by @steinitzu.
  • Make Swagger UI and ReDoc route handlers (path operations) be async functions instead of lambdas to improve performance. PR #241 by @Trim21.

  • Make Swagger UI and ReDoc URLs parameterizable, allowing to host and serve local versions of them and have offline docs. PR #112 by @euri10.

0.22.0

  • Add support for dependencies parameter:

    • A parameter in path operation decorators, for dependencies that should be executed but the return value is not important or not used in the path operation function.
    • A parameter in the .include_router() method of FastAPI applications and routers, to include dependencies that should be executed in each path operation in a router.
      • This is useful, for example, to require authentication or permissions in specific group of path operations.
      • Different dependencies can be applied to different routers.
    • These dependencies are run before the normal parameter dependencies. And normal dependencies are run too. They can be combined.
    • Dependencies declared in a router are executed first, then the ones defined in path operation decorators, and then the ones declared in normal parameters. They are all combined and executed.
    • All this also supports using Security with scopes in those dependencies parameters, for more advanced OAuth 2.0 security scenarios with scopes.
    • New documentation about dependencies in path operation decorators.
    • New documentation about dependencies in the include_router() method.
    • PR #235.
  • Fix OpenAPI documentation of Starlette URL convertors. Specially useful when using path convertors, to take a whole path as a parameter, like /some/url/{p:path}. PR #234 by @euri10.

  • Make default parameter utilities exported from fastapi be functions instead of classes (the new functions return instances of those classes). To be able to override the return types and fix mypy errors in FastAPI's users' code. Applies to Path, Query, Header, Cookie, Body, Form, File, Depends, and Security. PR #226 and PR #231.

  • Separate development scripts test.sh, lint.sh, and format.sh. PR #232.

  • Re-enable black formatting checks for Python 3.7. PR #229 by @zamiramir.

0.21.0

  • On body parsing errors, raise from previous exception, to allow better introspection in logging code. PR #192 by @ricardomomm.

  • Use Python logger named "fastapi" instead of root logger. PR #222 by @euri10.

  • Upgrade Pydantic to version 0.25. PR #225 by @euri10.

  • Fix typo in routing. PR #221 by @djlambert.

0.20.1

  • Add typing information to package including file py.typed. PR #209 by @meadsteve.

  • Add FastAPI bot for Gitter. To automatically announce new releases. PR #189.

0.20.0

0.19.0

0.18.0

  • Add docs for HTTP Basic Auth. PR #177.

  • Upgrade HTTP Basic Auth handling with automatic headers (automatic browser login prompt). PR #175.

  • Update dependencies for security. PR #174.

  • Add docs for Middleware. PR #173.

0.17.0

0.16.0

0.15.0

0.14.0

  • Improve automatically generated names of path operations in OpenAPI (in API docs). A function read_items instead of having a generated name "Read Items Get" will have "Read Items". PR #155.

  • Add docs for: Testing FastAPI. PR #151.

  • Update /docs Swagger UI to enable deep linking. This allows sharing the URL pointing directly to the path operation documentation in the docs. PR #148 by @wshayes.

  • Update development dependencies, Pipfile.lock. PR #150.

  • Include Falcon and Hug in: Alternatives, Inspiration and Comparisons.

0.13.0

  • Improve/upgrade OAuth2 scopes support with SecurityScopes:
    • SecurityScopes can be declared as a parameter like Request, to get the scopes of all super-dependencies/dependants.
    • Improve Security handling, merging scopes when declaring SecurityScopes.
    • Allow using SecurityBase (like OAuth2) classes with Depends and still document them. Security now is needed only to declare scopes.
    • Updated docs about: OAuth2 with Password (and hashing), Bearer with JWT tokens.
    • New docs about: OAuth2 scopes.
    • PR #141.

0.12.1

  • Fix bug: handling additional responses in APIRouter.include_router(). PR #140.

  • Fix typo in SQL tutorial. PR #138 by @mostaphaRoudsari.

  • Fix typos in section about nested models and OAuth2 with JWT. PR #127 by @mmcloud.

0.12.0

  • Add additional responses parameter to path operation decorators to extend responses in OpenAPI (and API docs).
    • It also allows extending existing responses generated from response_model, declare other media types (like images), etc.
    • The new documentation is here: Additional Responses.
    • responses can also be added to .include_router(), the updated docs are here: Bigger Applications.
    • PR #97 originally initiated by @barsi.
  • Update scripts/test-cov-html.sh to allow passing extra parameters like -vv, for development.

0.11.0

  • Add auto_error parameter to security utility functions. Allowing them to be optional. Also allowing to have multiple alternative security schemes that are then checked in a single dependency instead of each one verifying and returning the error to the client automatically when not satisfied. PR #134.

  • Update SQL Tutorial to close database sessions even when there are exceptions. PR #89 by @alexiri.

  • Fix duplicate dependency in pyproject.toml. PR #128 by @zxalif.

0.10.3

0.10.2

  • Fix OpenAPI (JSON Schema) for declarations of Python Union (JSON Schema additionalProperties). PR #121.

  • Update Background Tasks with a note on Celery.

  • Document response models using unions and lists, updated at: Extra Models. PR #108.

0.10.1

0.10.0

0.9.1

0.9.0

0.8.0

  • Make development scripts executable. PR #76 by @euri10.

  • Add support for adding tags in app.include_router(). PR #55 by @euri10. Documentation updated in the section: Bigger Applications.

  • Update docs related to Uvicorn to use new --reload option from version 0.5.x. PR #74.

  • Update isort imports and scripts to be compatible with newer versions. PR #75.

0.7.1

0.7.0

0.6.4

0.6.3

  • Add Favicons to docs. PR #53.

0.6.2

0.6.1

0.6.0

0.5.1

0.5.0

0.4.0

0.3.0

0.2.1

  • Fix jsonable_encoder for Pydantic models with Config but without json_encoders: #29.

0.2.0

  • Fix typos in Security section: #24 by @kkinder.

  • Add support for Pydantic custom JSON encoders: #21 by @euri10.

0.1.19

  • Upgrade Starlette version to the current latest 0.10.1: #17 by @euri10.