Skip to main content

FastAPI OpenAPI and Parameter Data Model

This data model diagram illustrates the relationships between FastAPI's OpenAPI specification models, security schemes, and request parameter definitions.

OpenAPI Specification Models

The core of the OpenAPI generation is the OpenAPI class, which aggregates metadata about the API. It contains an Info object for general API details and a collection of PathItem objects representing API endpoints. Each PathItem defines various Operation objects (GET, POST, etc.), which in turn define their expected Parameter and RequestBody structures. The Components class serves as a registry for reusable schemas and Introduction to Security Schemes definitions.

Security Schemes

FastAPI provides security utilities that map directly to OpenAPI security schemes. The OAuth2 security class (from fastapi.security.oauth2) wraps an OpenAPI OAuth2 model to define how authentication flows (like password or authorization code) are represented in the generated documentation. Subclasses like OAuth2PasswordBearer provide specific implementations for common flows.

Request Parameters and Dependencies

FastAPI uses a hierarchy of parameter classes to define how data is extracted from requests.

  • Param is the base for Path, Query, Header, and Cookie parameters.
  • Body is the base for Form and File parameters.
  • Depends and Security define the dependency injection system, where Security adds support for OAuth2 scopes.
  • The File parameter specifically interacts with the UploadFile data structure, which provides an async interface for handling uploaded file data.

The diagram uses standard ER notation to show composition and logical inheritance relationships between these domain entities.

Key Architectural Findings:

  • OpenAPI models in fastapi.openapi.models strictly follow the OpenAPI 3.1.0 specification using Pydantic models.
  • Security classes in fastapi.security act as bridges between runtime dependency injection and OpenAPI metadata generation.
  • Parameter classes in fastapi.params (Path, Query, Body, etc.) inherit from Pydantic's FieldInfo to integrate with Pydantic's validation logic.
  • UploadFile is a specialized data structure that wraps Starlette's UploadFile to provide Pydantic-compatible validation and async file operations.
  • The Depends and Security classes are the foundation of FastAPI's dependency injection system, with Security extending Depends to include OAuth2 scope requirements.
Loading diagram...