Website · Docs · Playground · Dashboard · Discord
Production-ready security middleware for FastAPI.
IP filtering, rate limiting, penetration detection, and 20+ per-route security decorators.
uv add fastapi-guard # uv (recommended)
pip install fastapi-guard # pip
poetry add fastapi-guard # poetryfrom fastapi import FastAPI
from guard import SecurityMiddleware, SecurityConfig
app = FastAPI()
config = SecurityConfig(
enable_rate_limiting=True,
rate_limit=30,
rate_limit_window=60,
enable_ip_banning=True,
auto_ban_threshold=5,
auto_ban_duration=86400,
custom_log_file="security.log",
rate_limit=100,
enforce_https=True,
enable_cors=True,
cors_allow_origins=["*"],
cors_allow_methods=["GET", "POST"],
cors_allow_headers=["*"],
cors_allow_credentials=True,
cors_expose_headers=["X-Custom-Header"],
cors_max_age=600,
block_cloud_providers={"AWS", "GCP", "Azure"},
)
app.add_middleware(SecurityMiddleware, config=config)Apply security rules at the endpoint level with composable decorators:
from guard import SecurityConfig, SecurityDecorator
config = SecurityConfig()
guard = SecurityDecorator(config)
@app.get("/api/payments")
@guard.require_auth(type="bearer")
@guard.rate_limit(requests=10, window=60)
@guard.block_countries(["CN", "RU"])
@guard.require_https()
async def process_payment():
return {"status": "ok"}Available decorator categories:
- Access ---
require_ip,block_countries,allow_countries,block_clouds,bypass - Auth ---
require_https,require_auth,api_key_auth,require_headers - Rate Limiting ---
rate_limit,geo_rate_limit - Content ---
block_user_agents,content_type_filter,max_request_size,require_referrer,custom_validation - Behavioral ---
usage_monitor,return_monitor,suspicious_frequency,behavior_analysis - Advanced ---
time_window,honeypot_detection,suspicious_detection
FastAPI Guard has a centralized cloud platform for real-time monitoring and threat analysis across all your applications.
- Dashboard --- real-time security events, threat intelligence, attack pattern analytics
- Playground --- try every security feature in-browser with real attack data from a live server
- Dynamic Rules --- update security configuration from the dashboard without redeploying
- GDPR Tools --- consent management, data export, account deletion
Connect your existing setup in 2 minutes:
uv add fastapi-guard-agent # or: pip install fastapi-guard-agentfrom collections.abc import AsyncGenerator
from contextlib import asynccontextmanager
from fastapi import FastAPI
from guard import SecurityConfig, SecurityMiddleware
from guard_agent import AgentConfig, guard_agent
security_config = SecurityConfig(
enable_agent=True,
agent_api_key="your-api-key",
agent_endpoint="https://api.fastapi-guard.com/api/v1",
agent_project_id="your-project-id",
agent_buffer_size=5000,
agent_flush_interval=2,
agent_enable_events=True,
agent_enable_metrics=True,
enable_dynamic_rules=True,
dynamic_rule_interval=60,
)
agent_config = AgentConfig(
api_key="your-api-key",
endpoint="https://api.fastapi-guard.com/api/v1",
project_id="your-project-id",
buffer_size=5000,
flush_interval=2,
)
agent = guard_agent(agent_config)
@asynccontextmanager
async def lifespan(_app: FastAPI) -> AsyncGenerator[None]:
await agent.start()
yield
await agent.stop()
app = FastAPI(lifespan=lifespan)
app.add_middleware(SecurityMiddleware, config=security_config)Free tier includes 10,000 events/month --- no credit card required.
The core library is fully self-contained and MIT licensed. The cloud dashboard is optional.
FastAPI Guard is built on guard-core, a framework-agnostic security engine. The same protection is available across frameworks:
| Package | Framework | PyPI |
|---|---|---|
| guard-core | Core engine |  |
| fastapi-guard | FastAPI / Starlette |  |
| flaskapi-guard | Flask |  |
| djapi-guard | Django |  |
| tornadoapi-guard | Tornado |  |
- Installation
- First Steps
- Configuration Reference
- Decorator Reference
- API Reference
- Example App
- Redis Integration
Contributions are welcome. See CONTRIBUTING.md for guidelines.
New security features (checks, detection patterns, handlers) should be contributed to guard-core. This repo covers the FastAPI/Starlette adapter layer.
This project is licensed under the MIT License. See the LICENSE file for details.
