What are the key responsibilities for Nginx versus Uvicorn?
This tests the reverse-proxy versus ASGI-server boundary. A strong answer gives Nginx TLS termination, static files, buffering, and load balancing, while Uvicorn runs the Python app and async workers.
Walk me through a basic Dockerfile for a FastAPI app
WHAT IT TESTS: Docker layering and build cache for Python containers. ANSWER OUTLINE: Slim base, install deps before app code to cache layers, expose port, exec-form CMD for Uvicorn. RED FLAG: Shell-form CMD or code-before-requirements, killing cache.
How do you broadcast WebSocket messages to all clients across server nodes?
Tests WebSocket horizontal scaling and pub/sub backplanes. A strong answer names a broker like Redis, describes cross-node fan-out, and keeps connection state purely local.
How do you define a WebSocket endpoint in FastAPI?
WHAT IT TESTS: async endpoint wiring and the accept-receive-send lifecycle. ANSWER OUTLINE: import WebSocket, use @app.websocket, await accept, receive_text, then send_text. RED FLAG: forgetting accept or treating it like a standard HTTP route.
How do you disable FastAPI docs but keep the OpenAPI schema?
Tests FastAPI constructor routing: docs_url, redoc_url, and openapi_url. Answer: pass docs_url=None and redoc_url=None while keeping openapi_url="/openapi.json", gated by env var. Red flag: middleware or manual route deletion instead of native configuration.
How do you group FastAPI endpoints under tags and describe groups?
Tests FastAPI's two-step tag system: decorators label routes, and openapi_tags supplies group descriptions. Good answers cover tagging paths with tags=["users"], then defining metadata in FastAPI(openapi_tags=[...]) with matching names.
How do you document multiple response schemas in OpenAPI?
This tests FastAPI OpenAPI schema generation for error responses. A strong answer covers the decorator responses dict mapping status codes to Pydantic models and descriptions, plus manually returning JSONResponse with that code.
What are FastAPI's two default interactive documentation UIs and URL paths?
This tests whether you know FastAPI's built-in auto-generated docs. A strong answer names Swagger UI at /docs and ReDoc at /redoc, then notes the OpenAPI schema at /openapi.json. A weak answer confuses these with external tools or custom routes.
Add summary and description to a FastAPI endpoint for Swagger UI
This tests FastAPI path operation decorator configuration. Pass summary and description to @app.get, or use function docstring for description. A red flag is setting metadata inside the function body or confusing docs with Pydantic Field descriptions.
How do you add a title, description, and version to FastAPI auto-docs?
Tests if you know FastAPI's metadata kwargs for OpenAPI docs. Pass title, description, and version to the FastAPI() constructor; Swagger UI and ReDoc render them automatically.
Design DB transaction middleware and identify the background-task pitfall
Tests request-scoped DB lifecycle awareness. Strong answer: middleware closes the session on response, yet BackgroundTasks run afterward, so sharing that session causes crashes or leaks. Red flag: saying background tasks can reuse the request transaction.
How do OAuth2 scopes enable granular permissions in FastAPI versus role-based checks?
Tests OAuth2 scope granularity vs RBAC and FastAPI SecurityScopes. Strong answers mention JWT claim strings, SecurityScopes per endpoint, and that RBAC is coarse while scopes are fine-grained. Red flag: treating scopes as roles or skipping claim checks.
Implement RBAC in FastAPI with a JWT role dependency
WHAT IT TESTS: FastAPI dependency composition for JWT role validation. ANSWER OUTLINE: build a dependency that decodes the JWT, checks the role, raises 403 if not admin, and inject via Depends. RED FLAG: parsing headers inside route not using dependencies.
Implement OAuth2 Password Flow in FastAPI
Tests FastAPI security integration and stateless auth patterns. A strong answer covers the POST /token endpoint returning a JWT, the OAuth2PasswordBearer dependency, and get_current_user decoding the JWT sub.
What are the three components of a JWT?
Tests if you know JWT structure beyond library usage. A strong answer lists header, payload, and signature; notes Base64Url encoding; and gives a registered claim like exp. A red flag is confusing signing with encryption.
How do you protect a FastAPI endpoint using Depends and OAuth2PasswordBearer?
WHAT IT TESTS: your grasp of FastAPI dependency injection for security. ANSWER OUTLINE: OAuth2PasswordBearer sets the token URL, Depends injects it into the endpoint, and FastAPI validates the Bearer header.
Why synchronous DB libraries block async FastAPI endpoints and correct SQLAlchemy usage
This tests event loop blocking: sync DB calls in async def halt all requests. Answer: sync drivers block the loop despite releasing the GIL; use asyncpg with SQLAlchemy create_async_engine and AsyncSession. Red flag: recommending run_in_executor as default.
How do you use FastAPI dependency injection for database sessions?
WHAT IT TESTS: FastAPI Depends() for session lifecycle and testability. ANSWER OUTLINE: Build a generator dependency that yields a session and closes it after; inject via Depends(get_db).
Explain SQLAlchemy ORM vs Pydantic models in FastAPI
This tests separation of database schema from API contracts. A strong answer distinguishes SQLAlchemy table rows from Pydantic validation and OpenAPI generation, and notes that create schemas exclude auto-generated IDs.
Describe SQLAlchemy setup in FastAPI from database config to endpoint
Tests FastAPI dependency injection and SQLAlchemy session lifecycle. Good answers cover: engine with pooling, declarative models, a yield-based session dependency, and endpoint queries. Red flag: engine per request or global session shared everywhere.