A secure RESTful Todo API built with FastAPI, SQLAlchemy 2.0, and SQLite. The API supports user authentication using JWT, user-specific task management, filtering, sorting, partial updates, and follows RESTful design principles.
- User registration
- User login
- Password hashing using pwdlib
- JWT authentication
- Protected endpoints
- Retrieve current authenticated user (
/users/me)
- Create new tasks
- Retrieve all tasks
- Retrieve a task by ID
- Update existing tasks
- Delete individual tasks
- Delete all completed tasks
- Search tasks by name
- Filter tasks by:
- Priority
- Completion status
- Due date
- Tasks without a due date
- Sort tasks by:
- Task name
- Priority
- Due date
- Completion status
- User-specific task ownership
- Request & response validation using Pydantic
- SQLAlchemy 2.0 ORM
- Proper HTTP status codes and exception handling
- Interactive API documentation with Swagger UI
- Python 3.11
- FastAPI
- SQLAlchemy 2.0
- SQLite
- Pydantic v2
- Pwdlib
- PyJWT
- Uvicorn
todo/
├── assets/
│ └── swagger.png
├── routes/
│ ├── auth.py
│ └── tasks.py
├── utils/
│ ├── jwt_handler.py
│ └── security.py
├── database.py
├── models.py
├── schemas.py
├── main.py
├── requirements.txt
├── .env.example
├── .gitignore
└── README.md
Clone the repository:
git clone https://github.com/qw3rty-dev/fastapi-todo-api.gitNavigate to the project directory:
cd fastapi-todo-apiCreate a virtual environment:
python -m venv venvActivate it.
venv\Scripts\activatesource venv/bin/activateInstall dependencies:
pip install -r requirements.txtCreate a .env file from .env.example:
SECRET_KEY=your_secret_key_hereRun the development server:
uvicorn main:app --reloadMost task endpoints require authentication.
- Register a new account.
- Login using your email and password.
- Click Authorize in Swagger UI.
- Enter your email in the Username field.
- Enter your password.
- Leave Client ID and Client Secret empty.
- Click Authorize.
Swagger will automatically attach the JWT to all protected requests.
| Method | Endpoint | Description |
|---|---|---|
| POST | /users/register | Register a new user |
| POST | /users/login | Login and receive JWT |
| GET | /users/me | Retrieve current authenticated user |
| Method | Endpoint | Description |
|---|---|---|
| POST | /tasks | Create a task |
| GET | /tasks | Retrieve all tasks |
| GET | /tasks/{task_id} | Retrieve a task by ID |
| PATCH | /tasks/edit/{task_id} | Update a task |
| DELETE | /tasks/{task_id} | Delete a task |
| DELETE | /tasks/completed | Delete all completed tasks |
Once the server is running, open:
http://127.0.0.1:8000/docs
GET /tasks?priority=high
GET /tasks?completed=true
GET /tasks?sort=priority&descending_order=true
GET /tasks?task_name=study
GET /tasks?show_null_due_date=true- JWT Authentication
- Password Hashing
- User Authorization
- CRUD Operations
- Dynamic Filtering
- Dynamic Sorting
- Partial Updates (PATCH)
- SQLAlchemy 2.0 ORM
- SQLite Integration
- Pydantic Validation
- Response Validation
- Session Management
- RESTful API Design
- Refresh Tokens
- Email Verification
- Password Reset
- Pagination
- Docker Support
- PostgreSQL
- Alembic Migrations
- Automated Testing
- CI/CD Pipeline
