FastAPI vs. The Competition: A Security Feature Showdown with a Proposed Model for Enhanced Protection

Abstract

API security is of paramount importance in modern web applications, as it protects sensitive data and ensures authorized access to resources. FastAPI, a Python-based web framework, offers various security features to developers for building secure APIs. This paper examines the security features provided as well as supported by FastAPI, The provided features consists of OAuth2 authentication, Dependency injection and Security Schemas and Scopes, whereas the supported security features includes Json Web Token (JWT) authentication, Cross Site Request Forgery (CSRF) token support and HTTPS support. The supported features can be implemented by using python libraries and middlewares. The proposed model combines the JWT token authentication, OAuth2 authentication, and Security Scopes and schema security features to enhance the security in the FastAPI application. The proposed model defines scopes for users and uses JWT to generate tokens and using OAuth2 authentication service to only allow a user who has the specific permissions and scopes to access and perform actions in the scope specific API endpoints. The model hence allows secure and safe working of applications by eliminating the threat of unauthorized users to corrupt the application code. The focus on performance and security makes FastAPI an excellent choice for developers seeking to build secure APIs. Overall, this paper highlights the importance of API security and showcases FastAPI's security features, demonstrating how developers can leverage FastAPI to build robust, performant, and secure APIs. Key Words: FastAPI, Flask, Django, OAuth2, JWT (JSON Web Token), CSRF (Cross Site Request Forgery)