Routes¶
You'll find here the routes exposed by FastAPI Users. Note that you can also review them through the interactive API docs.
Auth router¶
Each authentication backend you generate a router for will produce the following routes. Take care about the prefix you gave it, especially if you have several backends.
POST /login
¶
Login a user against the method named name
. Check the corresponding authentication method to view the success response.
422 Validation Error
POST /logout
¶
Logout the authenticated user against the method named name
. Check the corresponding authentication method to view the success response.
401 Unauthorized
Missing token or inactive user.
200 OK
The logout process was successful.
Register router¶
POST /register
¶
Register a new user. Will call the on_after_register
handler on successful registration.
201 Created
422 Validation Error
400 Bad Request
Password validation failed.
Reset password router¶
POST /forgot-password
¶
Request a reset password procedure. Will generate a temporary token and call the on_after_forgot_password
handler if the user exists.
To prevent malicious users from guessing existing users in your database, the route will always return a 202 Accepted
response, even if the user requested does not exist.
202 Accepted
POST /reset-password
¶
Reset a password. Requires the token generated by the /forgot-password
route.
Payload
200 OK
422 Validation Error
400 Bad Request
Password validation failed.
Verify router¶
POST /request-verify-token
¶
Request a user to verify their e-mail. Will generate a temporary token and call the on_after_request_verify
handler if the user exists, active and not already verified.
To prevent malicious users from guessing existing users in your database, the route will always return a 202 Accepted
response, even if the user requested does not exist, not active or already verified.
202 Accepted
POST /verify
¶
Verify a user. Requires the token generated by the /request-verify-token
route. Will call the call the on_after_verify
handler on success.
Payload
200 OK
422 Validation Error
400 Bad Request
Bad token, not existing user or not the e-mail currently set for the user.
OAuth router¶
Each OAuth router you define will expose the two following routes.
GET /authorize
¶
Return the authorization URL for the OAuth service where you should redirect your user.
Query parameters
scopes
: Optional list of scopes to ask for. Expected format:scopes=a&scopes=b
.
200 OK
422 Validation Error
Invalid parameters - e.g. unknown authentication backend.
GET /callback
¶
Handle the OAuth callback.
Query parameters
code
: OAuth callback code.state
: State token.error
: OAuth error.
Depending on the situation, several things can happen:
- The OAuth account exists in database and is linked to a user:
- OAuth account is updated in database with fresh access token.
- The user is authenticated following the chosen authentication method.
- The OAuth account doesn't exist in database but a user with the same email address exists:
- OAuth account is linked to the user.
- The user is authenticated following the chosen authentication method.
- The OAuth account doesn't exist in database and no user with the email address exists:
- A new user is created and linked to the OAuth account.
- The user is authenticated following the chosen authentication method.
400 Bad Request
Invalid token.
Users router¶
GET /me
¶
Return the current authenticated active user.
200 OK
401 Unauthorized
Missing token or inactive user.
PATCH /me
¶
Update the current authenticated active user.
200 OK
401 Unauthorized
Missing token or inactive user.
400 Bad Request
Password validation failed.
400 Bad Request
A user with this email already exists.
422 Validation Error
GET /{user_id}
¶
Return the user with id user_id
.
200 OK
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.
PATCH /{user_id}
¶
Update the user with id user_id
.
Payload
200 OK
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.
400 Bad Request
Password validation failed.
400 Bad Request
A user with this email already exists.
DELETE /{user_id}
¶
Delete the user with id user_id
.
204 No content
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.