Sources

In projects like the Robot Factory and our AI healthcare platform, we used FastAPI to build performant, asynchronous APIs. The lightweight nature of FastAPI enabled rapid development and easy integration with machine learning models and external services. However, we also navigated its limitations, such as a smaller ecosystem of extensions compared to Django. These experiences underscore that FastAPI is a powerful choice for projects where performance and scalability are paramount, but it requires careful consideration of tooling and long-term maintainability. … ### Limited Maturity While being vastly popular among global market giants, FastAPI, which was created in 2018, might be considered less mature in consideration of more time-honored frameworks like Flask and Django, created in 2010 and 2005, respectively. Assessing FastAPI’s current maturity grade pertains to factors such as the stability of the framework, the availability of long-term backing, and the all-around ecosystem. Developers and stakeholders should essentially be aware that FastAPI supports the employment of fewer third-party libraries and instruments in contrast to more established frameworks, possibly limiting the extensibility and versatility of their projects. ### Documentation Gaps In the context of the framework’s documentation, FastAPI may comprise areas where it lacks transparency and wholeness. Thus, software engineers might confront obstacles in discovering information or handling issues, affecting their comprehension of guidance and development efficiency. Addressing these gaps is critical for ensuring a smooth development process. ### Size and Resource Consumption FastAPI applications may have a larger footprint compared to lighter frameworks like Flask or microframeworks Bottle and Falcon. Estimating the scale and resource management is necessary, primarily for projects with strict restrictions on resource allocation so developers should make relevant decisions based on their unique project requirements. ### Compatibility and Integration Challenges While FastAPI is designed to integrate smoothly, it’s essential for developers to assess compatibility smoothness, especially with the recently-released technologies carefully. Staying informed about updates and community discussions can help address integration challenges and ensure a seamless development process. … Developers should weigh the potential weaknesses prior to the process, considering the maturity of the framework, documentation gaps, resource consumption, and compatibility challenges. In cases where FastAPI aligns with project priorities and offers features that resonate with development goals, the framework can deliver a highly productive and efficient development experience. The choice of a framework is always a nuanced decision, and developers should approach it with a clear understanding of their project’s special demands.

## Disadvantages of FastAPI ### 1. **Learning Curve (Requires Understanding Asynchronous Processing)** FastAPI heavily emphasizes asynchronous processing, which may increase the learning curve for developers unfamiliar with `async`/ `await` concepts in Python. **Asynchronous Programming Required**: Developers must grasp asynchronous programming to use FastAPI effectively. **Complex Debugging and Testing**: Debugging and testing asynchronous code can be more challenging compared to synchronous approaches. ### 2. **Lacks Full-Stack Framework Features Like Django** While FastAPI excels at API development, it lacks the comprehensive features of full-stack frameworks like Django. For projects requiring complete authentication systems or admin panels, additional libraries are necessary. **Missing Full-Stack Features**: Features such as authentication and admin panels are not included, requiring manual implementation or third-party libraries. **Increased Setup Effort**: Combining and integrating additional tools can increase development time. ### 3. **Smaller Community and Ecosystem** FastAPI is relatively new compared to Django and Flask, resulting in a smaller community and ecosystem. This can make finding third-party libraries or troubleshooting more challenging. **Limited Community Support**: Resolving complex issues may be more difficult due to fewer resources and community contributions. **Fewer Extensions**: Specialized libraries and extensions for FastAPI are not as extensive as those for older frameworks. ### 4. **Limited Use in Large-Scale Projects** Due to its novelty, FastAPI lacks extensive adoption in large-scale projects. This can make long-term scalability and operational reliability less certain compared to more established frameworks. **Few Large-Scale Case Studies**: Limited feedback on scalability and maintenance in enterprise-level applications necessitates cautious evaluation. … However, FastAPI’s reliance on asynchronous processing may pose a learning challenge for beginners, and its smaller community and ecosystem can make it less ideal for complex or large-scale projects. Additionally, its lack of built-in full-stack features requires extra effort for tasks like authentication or admin panel creation. **FastAPI** is best suited for **API-focused development** and projects emphasizing speed and scalability. With a growing ecosystem and increasing adoption, it is poised to remain a leading tool in API development.

In this talk we explore some of the common challenges in building FastAPI apps, and share how we solved them: 1. Minimizing the global state with dependency injection 2. Reducing the complexity of testing a FastAPI app 3. Pitfalls of async FastAPI 4. Supporting multiple authentication schemes 5. Modeling the relations between patch, response, and database models … {ts:237} there because fast API itself is defined in the global State um why is the bad practice it's pretty hard to patch um in unit tests for example or if you want to um have access to the global State you have to import it from another file you easily end up in circular dependencies {ts:255} or inline import statements and the moment you start doing that you should know that you're doing things wrong like I did um so I had to read a little bit of documentation and change some codes um so what is the most easy solution um for avoiding a little bit of global {ts:273} state is make that connection in your endpoint this is also okay but the downside of this is that when you're connecting to a database um these clients usually have um connection pools so if you do this what you see here um you don't really use the connection pools because you're always setting up {ts:292} the database connection when there is an incoming request so this is not super efficient either um so so the thing is um fast API has a mechanism called dependency injection if you know a little bit of spring in Java you're familiar with the dependency injection mechanism um in Python is not really common but fast API adopted the … {ts:1218} um with dependency injection this is the part that I struggled a bit with um because in the last function you see okay we want a user so we inject that user and then on uh above that function you see we inject the odd scheme and then the odd scheme tries to fetch uh {ts:1238} the fake decode token tries to fetch a user from the database um the big downside I see here or that I experience here is that you have to do that on every endpoint that you write so it's a lot of duplication of codes um that's the first thing I I dislike a bit and {ts:1255} the second thing I struggled with is if you want to support two authentication schemes you have to basically write it like this you try to fetch a JWT token or an API key but the problem is that if there is no JWT token present the first statement will already fail so it {ts:1275} basically becomes an end operation so they both have to be present you can solve this in an easy way by making both of them um not F like make them both fail silently um like setting Auto error to false but then you're actually … {ts:1461} code um but what were the issues we had with this is that um yeah the BS become hard to to read um and um if you want to change the API contract we couldn't um unless we did the database migration and the other way around if we want to change a model a {ts:1481} field in the database which then automatically reflects into a breaking change in the API contract and our apis are exposed to our customers or to our clients and you cannot easily make um you cannot EAS break your contract

Most FastAPI performance problems aren't caused by FastAPI itself. They're caused by architectural issues - N+1 database queries, missing indexes, poor caching strategies. I covered these bigger problems in my previous post about Python's speed, and fixing those will give you 10-100x performance improvements. … - Use FastAPI CLI production mode instead of development settings - Implement Pure ASGI middleware instead of BaseHTTPMiddleware - Avoid duplicate validation between request parsing and response models … ## Mixing Async and Sync Functions Incorrectly This is critical and commonly misunderstood. The choice between `async def` and `def` fundamentally changes how FastAPI handles your endpoint, and getting it wrong can destroy performance. **How FastAPI handles each approach:** - `async def` functions run in the main event loop alongside other requests - `def` functions are offloaded to a separate thread pool (limited to 40 threads by default) **When to use `async def`:** - I/O-bound operations: database calls, HTTP requests, file operations - Operations that call other async functions - Light computational work: JSON parsing, data validation, simple transformations **When to use regular `def`:** - CPU-intensive operations: image processing, heavy calculations, data analysis - Calling libraries that aren't async-compatible and do significant work - Operations that would benefit from running on a separate CPU core ``` import httpx ... Using async database drivers like `asyncpg` (PostgreSQL) or `aiomysql` (MySQL) with async endpoints can provide 3-5x better throughput under concurrent load. This is because your entire request pipeline becomes truly asynchronous - no blocking operations. With 40 default threads, if you have 41 users hitting sync endpoints simultaneously, one user waits for a thread to become available. With 1000 concurrent users hitting sync endpoints, 960 are queued waiting for threads - creating massive delays. ## Overusing Pydantic Models Throughout Your Application Pydantic is excellent for data validation at API boundaries, but using it everywhere in your application creates significant performance overhead that many developers don't realize. The problem is subtle: Pydantic models look like regular Python classes, so it's tempting to use them as your primary data structures throughout your application. This creates what's known as "serialization/deserialization debt" - you're paying validation and conversion costs even when you don't need validation: - Pydantic object creation is 6.5x slower than Python dataclasses - Memory usage is 2.5x higher due to validation metadata storage - JSON operations are 1.5x slower across serialization and deserialization This overhead compounds quickly. If you're creating thousands of objects during request processing, using Pydantic models internally can add significant latency. … ## Using Small Thread Pool for Sync Operations When you use a regular `def` function in FastAPI, it doesn't run in the main event loop. Instead, it runs in a thread pool - a collection of worker threads that handle synchronous operations. By default, FastAPI provides only 40 threads. If 41 users hit a sync endpoint simultaneously, one waits for a thread. With 1000 concurrent users, 960 are stuck waiting. This creates massive response time degradation. … ## Making Users Wait for Background Work Background tasks let you queue work that runs after the HTTP response is sent. Users get their response immediately while non-essential operations happen in the background. Instead of a 3-second response (1s user creation + 2s email sending), users get a 1-second response while the email sends behind the scenes. … If you have a type hint or `response_model`, return raw data (dicts, database objects) and let FastAPI handle model creation. Double validation can add 20-50% overhead to response processing. … ## The Reality Check These optimizations provide meaningful performance improvements - typically 20-50% for well-architected applications. But they won't save you from fundamental design problems. If your API is slow because of N+1 database queries, missing indexes, or poor caching, fix those first. They'll give you 10-100x improvements that dwarf any FastAPI-specific optimizations.

### Cons of FastAPI Although FastAPI provides several benefits, developers may encounter some challenges and limitations. Here are the most significant ones: - **Cluttered Main File:** FastAPI tends to centralize everything in the main.py file, which can result in crowding and maintenance issues, especially as the project gets larger. As such, your team may need to improve code organization by creating dedicated files for exception handlers and router inclusion. - **DI Doesn't Support Singletons:** Although reliable, Dependency Injection (DI) lacks native support for singleton, enabling teams to manage shared resources through singleton classes manually or making use of third-party DI libraries. - **Syntax Learning Curve: ** Despite its many advantages, the framework uses a specific syntax that increases the learning curve for developers who are not familiar with asynchronous programming or standard Python type hints. It can take some time to learn the tool and enforce data models using Pydantic. - **Unintuitive Error Handling:** An occasionally confusing error-handling mechanism makes it challenging for developers to troubleshoot and debug issues. In complex applications with multiple error scenarios, this can lead to longer debugging times. - **Limited ORM Support:** Although there is support for ORMs (Object-Relational Mapping), such as SQLAlchemy and Tortoise ORM, other frameworks offer better integration with ORM to make the application and the database smoother. Despite these limitations, FastAPI's performance, scalability, and toolkit make it a strong contender for building high-quality web APIs. It is certainly worth considering in case any issues might be a dealbreaker for a particular project. … While the framework garners a few distinctions, there are a few instances concerning its unpolished updates and performance downgrades. One user noted a significantly lower request throughput compared to Node.js and Golang on the same machine during a benchmark test. Concerns were also raised about poor middleware performance and an almost 50% performance loss when using annotated dependencies.

**Summary** – In the race to deliver high-performance APIs, CIOs must also ensure long-term structure, maintainability and cost control for critical applications. FastAPI shines with automatic OpenAPI docs, asynchronous performance via Starlette and rigorous validation with Pydantic, but its lack of batteries-included components, complex ORM handling and risk of architectural drift demand a solid framework. *Solution*: invest in initial design (modular architecture, API conventions, data schema), implement CI/CD pipelines, monitoring and continuous governance to turn rapid delivery into a sustainable business platform. ... However, for a CIO or CTO responsible for critical, long-lasting business applications, the promise of an “ultra-fast” framework is not sufficient to justify a technical choice. Structuring, maintainability, governance, and long-term cost issues weigh just as heavily as initial operational efficiency. ... ## The Challenges of Architecture and Maintainability **The lack of advanced built-in components requires assembling multiple open-source libraries to cover authentication, role management, or database migrations. Project structuring responsibility rests entirely on the team’s maturity.** ### Absence of “Batteries Included” and Usage Fragmentation Unlike more comprehensive frameworks like Django, FastAPI does not offer an out-of-the-box admin module, permission management, or ready-to-use UI. Every requirement necessitates third-party library integration, which complicates the dependency chain. This fragmentation can become a hindrance when you multiply plugins that evolve at different paces. The team must manage updates, verify compatibility, and sometimes fork projects to preemptively fix bugs, which increases budget and maintenance load. ### Complexity of ORM Management and Migrations FastAPI does not oppose SQLAlchemy but does not integrate it by default either. Configuring a full ORM with Alembic for migrations requires advanced expertise to handle schema evolutions, especially with enums or column modifications in production. Migration scripts must be rigorous and tested against large databases, otherwise deployments risk downtime or data corruption. Best practices are essential but not enforced by the framework. ### Risks of Long-Term Architectural Drift Without a predefined structure, each developer may organize code as they see fit, undermining overall coherence over time. The absence of strong conventions can lead to a patchwork of disparate modules that are difficult to refactor. To avoid technical debt, it is crucial to define from the outset a modular architecture, decoupling principles, and coding guidelines. These rules must be formalized and rigorously followed; otherwise the project fragments. A healthcare services provider found that after two years of development without an architectural roadmap, the application had become so complex that adding a simple reporting feature required three months of refactoring first. This illustrates the importance of governance from the design phase.

6][7] Recent updates and improvements have bolstered its performance, enabling it to manage up to 30,000 requests per second on a single server and significantly reduce development and testing times.[8] Furthermore, its support for asynchronous programming has made it particularly suitable for real-time applications, while its compatibility with microservices architec- ture allows teams to deploy updates with minimal downtime, thereby mitigating risks associated with system-wide failures.[8]. The growing community surrounding FastAPI continues to contribute to its ecosystem by providing extensive resources, third-party integrations, and an active support net- work for both new and experienced developers.[9][10] However, challenges remain, particularly in deployment complexity, scalability, and security concerns, which can impact production environments if not properly addressed.[11][12] Despite these challenges, FastAPI’s notable integration capabilities with emerging technologies like artificial intelligence and machine learning signal a promising future, positioning it as a vital framework in the ongoing digital transformation of industries.[7][13]. … ## Versioning and Compatibility ... Minor and patch updates help maintain application stability, allowing developers to optimize their workflows without fear of significant disruptions[15][16]. ... # Challenges and Considerations When deploying FastAPI applications in production, developers face several chal- lenges and considerations that can significantly impact the application’s performance and security. ## Deployment Complexity One major challenge is the complexity of deployment. FastAPI’s lightweight nature allows for minimal server administration, but ensuring a smooth transition from development to production requires adherence to best practices, such as maintaining parity between development and production environments[11]. The necessity for proper server management can complicate the deployment process, especially for teams lacking experience in cloud infrastructure. ## Scalability Issues Scalability is another critical consideration. While FastAPI is designed to be scalable, developers must ensure that their architecture can handle increased traffic without compromising performance. This involves choosing the right server setup, such as Gunicorn with Uvicorn, and optimizing the application to manage load effectively[- 11][22]. Without proper planning and testing, applications may struggle under heavy usage, leading to degraded user experiences. ## Security Concerns Security is paramount in any web application. FastAPI applications must implement robust security measures to protect against common vulnerabilities. Developers need to conduct thorough security testing and ensure that data protection protocols are in place, which can require additional resources and expertise[12]. Ensuring secure handling of APIs and user data is essential, as security breaches can lead to significant reputational and financial damage. ## Continuous Integration and Deployment Establishing effective continuous integration and deployment (CI/CD) practices poses a challenge as well. FastAPI applications benefit from CI/CD pipelines that automate testing and deployment processes, but setting these up requires a deep understanding of both the framework and the underlying infrastructure. Integrating CI/CD tools can streamline development but also necessitates careful configuration to avoid introducing new issues[11]. ## Community Support and Resources Finally, while FastAPI has a growing community, the relative novelty of the framework compared to more established alternatives means that developers may encounter limitations in available resources and third-party integrations[6]. Organizations may need to invest in training or seek external expertise to navigate these challenges effectively. Addressing these challenges is crucial for organizations to fully leverage FastAPI’s capabilities while ensuring reliability, performance, and security in their production environments.

## The Bad ### 1. Crowded main file In FastAPI, everything is tied to the ``` FastAPI app ``` . So, your ``` main.py ``` file can very easily become very crowded. Here is an example. … ### 2. No singleton in Dependency Injection Dependency Injection in FastAPI does no support ``` singleton ``` instances, according to this Github thread, but it supports single instance for each HTTP request. You either have to create singleton classes yourself or use a different DI library. ## The Ugly ### Request Validation My worst experience while working with FastAPI was handling request validations. It uses validation from ``` Pydantic ``` , and there is, to my knowledge, no straight forward way to pass down a validation message from the point of validation to the response. You have make do with whatever message is passed down by

# Cons of FastAPI: 1. **Steep Learning Curve for Beginners** - **Why it matters:** Type hints, async, and DI can overwhelm newcomers. - **Impact:** - Junior devs may struggle with debugging async errors. - Misuse of Depends() or Pydantic can lead to silent failures. 1. **Limited Built-in ORM Support** - **Why it matters:** FastAPI doesn’t ship with an ORM like Django. - **Impact:** - You must choose and configure SQLAlchemy, Tortoise, or Prisma manually. - Async DB integration (e.g., with SQLAlchemy 2.0) requires careful setup. 1. **Async Pitfalls** - **Why it matters:** Mixing sync and async code can cause deadlocks or performance issues. - **Impact:** - Blocking calls (e.g., legacy DB drivers) can degrade performance. - Requires discipline in choosing async-compatible libraries. 1. **Limited Admin Interface** - **Why it matters:** Unlike Django, FastAPI has no built-in admin panel. - **Impact:** - You must build dashboards manually or integrate third-party tools. - Slows down internal tooling for CRUD-heavy apps. 1. **Rapid Ecosystem Changes** - **Why it matters**: FastAPI is evolving quickly, especially around async ORM and DI patterns. - **Impact:** - Breaking changes or deprecated patterns may affect long-term stability. - Documentation sometimes lags behind new features. ** ** ** ** ** **

Answer: Primary limitations of FastAPI include a smaller user base compared with established Python frameworks, fewer built-in features for template rendering or monolith support, and a learning curve for those new to async programming. ## Related FastAPI Questions And Answers

### Pain Point #1: Modern Apps Are Challenging to Manage Due to the Diversity of Deployment Environments Today, CIOs and CTOs can pick from a wide variety of application deployment modalities. This is a blessing because it enables far more choice in terms of performance, capabilities, and resilience. It’s also a curse because diversity leads to complexity and sprawl. For example, managing applications running in AWS requires different configurations, tools, and tribal knowledge than managing applications in Azure Cloud. … ### Pain Point #2: Apps Running in Many Environments and Spanning License Types Are Challenging to Secure The complexity of diverse environments can make it difficult to discover and monitor where modern apps are deployed and then apply the right security measures. Maybe you deployed NGINX Plus as your global load balancer and NGINX Open Source for various microservices, with each running in different clouds or on top of different types of applications. Additionally, they could be requiring different things for privacy, data protection, and traffic management. … ### Pain Point #3: Managing the Cost of Modern Apps Is Complex and Results in Waste In a shift-left world, every organization wants to empower developers and practitioners to do their jobs better, without filing a ticket or sending a Slack. The reality has been different. Some marginal abstraction of complexity has been achieved with Kubernetes, serverless, and other mechanisms for managing distributed applications and applications spanning on-prem, cloud, and multi-cloud environments. But this progress has largely been confined inside the container and application. It has not translated well to the layers around applications like networking, security, and observability, nor to CI/CD. I have hinted at these issues in the previous pain points, but the bottom line is this: complexity has great costs when it comes to hours and toil, compromised security, and resilience. Maintaining increasingly complex systems is fundamentally challenging and resource intensive. Pricing and license complexity adds another unhappy layer. NGINX has never been a “true-up” company that sticks it to users when they mistakenly overconsume.

The need for human involvement is high due to the complexity of NGINX's Linux-based terminology. More tactics and techniques can enhance its usability. Additionally, it is not a cost-effective solution for few applications. I would like the configuration process to be more simplified. Both Apache and NGINX involve some complex configuration steps. Easier configuration and troubleshooting would make it a perfect ten for me. … The solution must improve its performance. Sometimes, it could be because of how a customer has implemented the tool, but it is a potential bottleneck. The product must provide a holistic view of flows to help us understand the endpoints a particular transaction went through. The user interface could be improved. NGINX is also too poor with streaming. We could have a better solution for streaming besides NGINX. … The KPI on NGINX Plus should be more focused on load balancing and the latency in application calling from the end system. That is something currently lacking in the solution. I would also like to see a very interactive dashboard with all the KPI metrics that would help with application level troubleshooting. Finally, most people implementing this solution do not include a security model and it would be great if they could include that in the product. … I can’t speak to where the solution needs improvement. I’m just a user and I haven’t really gone in-depth in terms of looking for where the solution might have weak points. It would be great if there was even more automation to make it even easier to maintain. The center management system was not very good, maybe their new NGINX manager product is better. I'd like to see a good web management interface in the next release.