A secure and efficient Todo List API built with FastAPI and SQLModel, featuring OAuth2.0 authentication with Password Flow and JWT Bearer Tokens for secure access control.
The API leverages SQLite as the database, using SQLModel—a modern ORM built on top of SQLAlchemy and Pydantic—to handle database operations efficiently.
- Secure authentication using OAuth2.0 Password Flow with JWT Tokens
- Password hashing with bcrypt for enhanced security
- Full CRUD operations for task management
- Category-based organization of tasks with proper relationships
- SQLite database with SQLModel ORM
- FastAPI-based architecture for high performance and built-in OpenAPI documentation
Create a .env file in the root directory with the following variables:
SECRET_KEY=your-secure-secret-key
ACCESS_TOKEN_EXPIRE_MINUTES=30
Note: Make sure to use a secure secret key in production. Never commit your .env file to version control.
- FastAPI – High-performance framework for building APIs
- SQLModel – ORM combining SQLAlchemy and Pydantic
- SQLite – Lightweight, file-based database
- OAuth2.0 (Password Flow) – Secure authentication mechanism
- JWT (JSON Web Tokens) – Token-based authentication
- Passlib (bcrypt) – Secure password hashing
- Uvicorn – ASGI server for running FastAPI applications
This API follows OAuth2.0 Password Flow, allowing users to authenticate using their username and password. Upon successful authentication, a JWT Bearer Token is issued, which must be included in all authenticated requests.
- User Registration: Create an account by providing a username and password.
- Token Generation: Authenticate using credentials to receive a JWT Token.
- Authenticated Requests: Use the Bearer Token in all API requests requiring authentication.
GET /todos/ Authorization: Bearer YOUR_ACCESS_TOKEN
- Migrate from SQLite to PostgreSQL for better scalability
- Implement Role-Based Access Control (RBAC) to restrict access based on user roles
- Enhance logging and monitoring for better observability
- Containerize the application with Docker
- Add comprehensive test coverage with Pytest
This project is licensed under the MIT License.