FastAPI authorization: Get fine-grained access control

Published by Alex Olivier on September 10, 2023
image

The application programming interface or API is a core component of contemporary system architecture, allowing applications to be modularized and decoupled. FastAPI is a Python-based high-performance web framework for building APIs. FastAPI is easy to use with simple, clear documentation and is a favourite of tech giants such as Microsoft.

Cerbos offers an authorization service that enables organizations to define and enforce access control policies in their FastAPI applications. Implementing Cerbos with a FastAPI app can be accomplished by following these simple steps:

Step 1: Install the Cerbos service

Cerbos binaries are available for various different operating systems and architectures. For a list of all available downloads, please visit our releases page on GitHub.

Step 2: Install required dependencies

Make sure you have both Cerbos SDK and FastAPI installed. You can install Cerbos SDK using pip, a package management system written in Python.

Step 3: Define your policies

Once Cerbos is installed you will need to define your access control policies. Cerbos make this easy to do using Cerbos Policy Language. Access policies need to specify who will be granted access to which digital resources and under what conditions. 

Step 4: Create a configuration file for Cerbos

The Cerbos configuration file needs to specify the location of your access policy files and other relevant settings that will be necessary to implement your access control protocols. 

Step 5: Integrate Cerbos with FastAPI

With your policies defined replace the authorization logic within your FastAPI app with a call out to a running Cerbos instance.

Step 6: Conduct testing of your authorization policies

Now it’s time to test your Cerbos implementation by making requests to your FastAPI endpoints. If all goes according to plan Cerbos will automatically enforce the access control policies you established. 

Make sure to tailor your access policies to your specific needs and to conduct thorough testing before going live.

Benefits of Integrating Cerbos with FastAPI

The following are just some of the benefits you’ll enjoy by integrating Cerbos with FastAPI.

Centralized policy management: With Cerbos you get a simple way to implement centralized management of your access control policies. Define and manage all your access control policies in one place and enjoy faster and easier updating and maintenance of your access control rules.

Fine-grained access: Cerbos enables you to define access control policies via attributes assigned to users, resources and contextual situations. When you integrate Cerbos with FastAPI you are able to enforce access control at the API level thereby providing greater security for key resources.

Enhanced auditing capability: When you integrate Cerbos with FastAPI RBAC you’ll gain greater control and insight into user activity. Track access to control decisions, audit access requests, investigate security incidents and enhance compliance with GDPR and other data protection regulations by integrating Cerbos with FastAPI.

Greater cross service compatibility: Both Cerbos and FastAPI are well-suited for creating microservice architectures. Cerbos is particularly well-suited to working with different APIs. When you integrate Cerbos with FastAPI you ensure more consistent access control between your various microservices while simultaneously providing greater security and data handling compliance throughout your distributed system.

Real-time access control decisions: Because Cerbos supports dynamic policy evaluation you are able to make access control decisions based on real-time context. The simplest, but hardly the only, example of this is determining whether to allow access to a specific resource based on the time of day. Cerbos’ dynamic evaluation can be easily integrated with FastAPI authorization to enhance access control.

Ease of integration: “Ease” is a relative term but not an inappropriate one in this context. FastAPI is well-known for being easy to use and extensible, while Cerbos provides a host of relevant documentation along with client libraries that will help you get started. 

Multi-tenancy support: When you integrate Cerbos with FastAPI you are able to more easily enforce access rules in cases where your application serves multiple tenants or organizations. Cerbos will also allow you to develop and implement access control policies based on each tenant’s specific access requirements.

Why more FastAPI developers choose Cerbos

  • Versatility: Cerbos enables you to formulate and integrate effective access control policies while scaling with you as you grow.
  • A clear audit trail: Cerbos produces a clear audit trail that enables you to uncover compliance issues quickly and easily.
  • Cost-effective: Cerbos arrives ready to go. All you need do is define your access control policies and plug it in.
GUIDE

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team