ββββββββ ββββββ βββββββββββββββββ ββββββ βββββββ βββ βββ ββββββββββ βββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββ βββ ββββββββββββββββββββ
ββββββ ββββββββββββββββ βββ βββββββββββββββββββ ββββββββ ββββββββββββββββ
ββββββ ββββββββββββββββ βββ βββββββββββββββ βββ βββββββββββββββ βββββββββ
βββ βββ βββββββββββ βββ βββ ββββββ βββ ββββββββββββββββββββ
βββ βββ βββββββββββ βββ βββ ββββββ βββ βββββββββββ βββββββ
Enterprise rate limiting for FastAPI using HTTP 420 "Enhance Your Calm".
This is a quick overview β security theory, architecture, and full walkthroughs are in the learn modules.
- Three implementation methods: middleware (global), decorator (per route), dependency injection
- Sliding Window, Token Bucket, and Fixed Window rate limiting algorithms
- Redis support with automatic in-memory fallback when Redis is unavailable
- Scoped rate limiters for applying different limits to endpoint groups
- Fingerprint levels (RELAXED, NORMAL, STRICT) for client identification granularity
- Multiple stacking rules where the most restrictive limit applies
uv add fastapi-420from fastapi import FastAPI
from fastapi_420 import RateLimiter, RateLimiterSettings
app = FastAPI()
limiter = RateLimiter(RateLimiterSettings(default_limit="69/minute"))
app.add_middleware(limiter.middleware)For Redis support: uv add fastapi-420[redis]
Tip
This project uses just as a command runner. Type just to see all available commands.
Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Security theory and real-world breaches |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
AGPL 3.0