The full project including FastAPI authentication, models, SQLAlchemy setup, and routes.
Before installing dependencies, we create a dedicated folder for the project. For example, we can create a directory named fastapi-auth-service and open it in our preferred IDE such as VS Code, PyCharm, or any code editor.
Inside this folder, we initialize a new Git repository so that every important change is tracked. Version control is a standard practice in real-time projects and helps in rollback, collaboration, and code reviews.
We then create basic starter files such as main.py or app/main.py for the FastAPI application, a requirements.txt file to store Python dependencies, and optionally a .env.example file to list environment variables like database URL and secret keys.
By completing these steps, we ensure our project has a clean, professional starting point that is ready for installation, configuration, and deployment.
Installation Commands:
pip install fastapi
pip install uvicorn[standard]
Run a basic FastAPI server:
uvicorn main:app --reload
Create Virtual Environment:
python -m venv venv
Activate (Windows):
venv\Scripts\activate
Activate (Mac/Linux):
source venv/bin/activate
FastAPI is a modern, high-performance framework for building APIs with Python. It uses Python type hints and automatically gives us request validation, response validation, and interactive API documentation (Swagger and ReDoc).
In this step we install FastAPI and an ASGI server (like uvicorn) using pip. Once this is done, we can quickly run a small “hello world” API to confirm that our development environment is ready for building advanced authentication features.
A virtual environment isolates project dependencies so that one project’s libraries do not conflict with another’s. This is how real-time microservices are managed in production.
We create a virtual environment (for example, using python -m venv venv) and activate it. From this point onwards, all pip install commands are run inside this environment, keeping the FastAPI Authentication project clean, reproducible, and easy to deploy.
A well-designed folder structure makes the project easy to maintain and extend. Instead of keeping everything inside a single file, we separate routes, models, schemas, database logic, and security logic into different modules.
For example, we use folders like routers for API routes, models for SQLAlchemy models, schemas for Pydantic models, db for database connection, and core for security and JWT-related code. This is similar to how production-grade FastAPI services are structured.
Install SQLAlchemy:
pip install sqlalchemy
Install Database Drivers (example):
PostgreSQL: pip install psycopg2-binary
MySQL: pip install pymysql
SQLite: (built-in, no installation required)
Download & Install MySQL (Local):
Download MySQL Community Server from: https://dev.mysql.com/downloads/mysql/
During installation, note the username (for example, root) and password you set; we will use them in the connection string.
Local MySQL Connection Details (Example):
Host: localhost, Port: 3306, Database: auth_db, User: root, Password: your_password
SQLAlchemy is the ORM that allows us to work with relational databases using Python classes instead of raw SQL. We configure a database engine using a proper connection string (for PostgreSQL, MySQL, SQLite, etc.).
We also define a SessionLocal for opening database sessions and a shared Base class for our models. In real-time projects, sensitive values like database usernames and passwords are loaded from environment variables instead of being hardcoded in the code.
The User model is the backbone of our authentication system. We define fields such as id, email, hashed_password, is_active, is_verified, and timestamps like created_at and updated_at.
Using SQLAlchemy’s model definitions, these fields are converted into a real database table. Every important feature later—signup, login, JWT token mapping, social login, OTP verification—will read or update data in this table, so we design it carefully from the beginning.
Pydantic models define how data should look when it enters or leaves our API. For example, a signup request may contain fields like email and password, and a login response may return a JWT token and basic user information.
Pydantic automatically validates types and required fields. If a client sends invalid data, FastAPI will return a clear 422 error response, which improves reliability and security of the authentication layer.
from fastapi import FastAPI
app = FastAPI()
@app.get("/")
def home():
return {"message": "FastAPI Authentication Project Running"}
from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker
# Local MySQL database connection
# Make sure MySQL is running and the database 'auth_db' exists
DATABASE_URL = "mysql+pymysql://root:your_password@localhost:3306/auth_db"
engine = create_engine(
DATABASE_URL,
pool_pre_ping=True,
)
SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
Base = declarative_base()
Download MySQL Community Server:
https://dev.mysql.com/downloads/mysql/
During installation, set username (example: root) and password, which will be used in the connection string.
Create Database:
CREATE DATABASE auth_db;
Install MySQL Driver:
pip install pymysql
Step 1: Configure Database URL
Below code connects to MySQL database auth_db using SQLAlchemy. Replace your_password with your real MySQL password.
from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker
# Local MySQL database connection
DATABASE_URL = "mysql+pymysql://root:your_password@localhost:3306/auth_db"
engine = create_engine(
DATABASE_URL,
pool_pre_ping=True,
)
SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
Base = declarative_base()
What this code does:
DATABASE_URL → MySQL connection string.engine → Creates connection to the DB.SessionLocal → Session factory for executing queries.Base → Base class for creating DB models.✅ You can now run raw SQL or ORM queries using engine or SessionLocal.
Below is the SQLAlchemy model for the users table.
from sqlalchemy import Column, Integer, String, Boolean, DateTime
from sqlalchemy.sql import func
from database import Base # ensure your Base import matches your file structure
class User(Base):
__tablename__ = "users"
id = Column(Integer, primary_key=True, index=True)
email = Column(String(255), unique=True, index=True, nullable=False)
hashed_password = Column(String(255), nullable=False)
is_active = Column(Boolean, default=True)
is_verified = Column(Boolean, default=False)
created_at = Column(DateTime(timezone=True), server_default=func.now())
updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
# Run this only once to create the table
# from database import engine
# Base.metadata.create_all(bind=engine)
What this model contains:
is_active, is_verifiedcreated_at, updated_at✨ Basic Create Table Query (Matches SQLAlchemy Model)
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL UNIQUE,
hashed_password VARCHAR(255) NOT NULL,
is_active BOOLEAN DEFAULT TRUE,
is_verified BOOLEAN DEFAULT FALSE,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
);
🚀 Optimized Real-Time Production Query
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
hashed_password VARCHAR(255) NOT NULL,
is_active TINYINT(1) DEFAULT 1,
is_verified TINYINT(1) DEFAULT 0,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
UNIQUE KEY idx_users_email (email),
INDEX idx_users_active (is_active)
);
💡 Production version uses TINYINT for booleans + indexing for better performance.