Skip to content

FastAPI — Intermediate (50+ Coding Exercises)

  1. Split routes into auth, users, items routers with /api/v1 prefix.
  2. Implement OAuth2 password flow endpoints (/token) using OAuth2PasswordBearer (basic).
  3. Implement JWT creation and verification (HS256) and protect /me.
  4. Implement refresh token flow (store refresh tokens server-side with TTL).
  5. Implement role-based access control using JWT claims and dependency checks.
  6. Create a SQLAlchemy (or SQLModel) setup with User and Item models.
  7. Implement DB session dependency per request with proper cleanup/rollback.
  8. Implement CRUD for items backed by the database.
  9. Add Alembic migrations and create an initial migration.
  10. Add a new indexed column to items and generate migration.
  11. Implement cursor-based pagination for item listing.
  12. Implement allowed-field sorting with validation (reject unknown sort fields).
  13. Implement filter dependency FilterParams and apply it to list endpoint.
  14. Implement Idempotency-Key support for create endpoints (store request hash + response).
  15. Implement request validation error handler with consistent error envelope.
  16. Implement custom exception class and handler for domain errors.
  17. Add logging middleware for request latency + status code.
  18. Add request ID middleware and propagate to logs and response header.
  19. Implement rate limiting per IP using in-memory cache (simple fixed window).
  20. Implement rate limiting per user when authenticated.
  21. Implement file uploads streaming to disk and enforce max size.
  22. Implement background job enqueue stub for sending emails (use BackgroundTasks first).
  23. Implement task queue integration skeleton (Celery/RQ) and switch from background task.
  24. Implement StreamingResponse that streams a generated CSV export of items.
  25. Implement ETag support for GET item endpoints (hash of representation).
  26. Implement If-None-Match handling returning 304 when unchanged.
  27. Implement caching headers (Cache-Control) for read-only endpoints.
  28. Implement OpenAPI customization: title, description, servers list.
  29. Group endpoints by tags and add descriptions/examples.
  30. Implement dependency overrides for tests (DB session to SQLite memory).
  31. Add pytest fixtures for app client and DB session.
  32. Write tests for auth flows (token, protected endpoint, invalid token).
  33. Write tests for DB-backed CRUD endpoints.
  34. Write tests for pagination correctness (cursor next page).
  35. Implement async endpoints that use async DB calls (if using async engine) and test them.
  36. Add CORS config for SPA: allow origin, methods, headers, credentials properly.
  37. Add a /metrics endpoint that returns basic counters (requests, errors) in JSON.
  38. Add a middleware that increments metrics counters.
  39. Add input sanitization/normalization for user emails (lowercase) and enforce uniqueness.
  40. Implement password hashing (bcrypt/argon2) and verify on login.
  41. Implement account lockout after N failed logins (cache-based).
  42. Implement email verification token generation and verification endpoint.
  43. Implement a “forgot password” token flow (generate + reset).
  44. Implement database transaction around multi-step create (user + profile + default settings).
  45. Implement bulk create items endpoint and validate payload size limit.
  46. Implement partial update (PATCH) with Pydantic models (optional fields).
  47. Implement response models that hide internal fields (response_model_exclude).
  48. Implement dependency that parses common pagination params and reuse it across endpoints.
  49. Implement content negotiation for returning CSV vs JSON based on query param.
  50. Implement per-route timeouts (conceptual via middleware / server settings) with stubs.
  51. Implement structured logging JSON lines output for all requests.
  52. Implement an integration test that spins up the app and verifies OpenAPI schema includes your routes.