Built a FastAPI service that exposes health and status endpoints, enforces request policies, applies middleware, and validates policy requests with typed models.
- Basic Python programming knowledge
- Understanding of REST APIs and HTTP methods
- Familiarity with JSON data format
- Linux command line experience
- Basic understanding of system monitoring concepts
- Operating System: Ubuntu 24.04 LTS cloud lab environment
- Primary User: toor
- Python Runtime: Python 3.12.x in a virtual environment
- Service Style: Local API development and CLI/API testing workflow
- Build a FastAPI service with multiple endpoints
- Implement system status monitoring endpoints
- Create policy enforcement mechanisms
- Handle HTTP requests and responses
- Apply middleware for request validation
- Test API endpoints using curl and Python requests
This lab was completed through the following high-level activities:
- Step 1: Create the Project Structure
- Step 2: Define Configuration Settings
- Step 3: Create Data Models
- Step 4: Implement Policy Logic
- Step 5: Build the Main FastAPI Application
- Step 1: Complete the Policy Functions
- Step 2: Complete the Data Models
- Step 3: Implement the API Endpoints
lab07-fastapi-status-and-policy-service/
├── README.md
├── commands.sh
├── output.txt
├── interview_qna.md
├── troubleshooting.md
└── project/
config.py
main.py
models.py
policies.py
- Test health endpoint
- Test system status
- Test policy check (valid request)
- Test policy check (invalid - too large)
- Test policy check (invalid method)
- List all policies
- Get resource limits
- View interactive API documentation
- How to structure a small FastAPI service with configuration, models, policies, and main application logic.
- How policy checks can enforce limits on request size, methods, and rate behavior.
- How middleware adds request logging and centralized control points.
- How psutil-backed status endpoints help surface runtime health data.
This lab is security-relevant because it combines request validation, policy enforcement, basic rate limiting, and observability in one service boundary.
Policy-aware service wrappers are common in API gateways, internal platforms, and service control layers. Pairing observability with request validation strengthens operational visibility and defensive controls.
- Internal API gateways and policy enforcement layers.
- Service health and status dashboards for operations teams.
- Microservice-side request validation and auditing.
Implemented and tested a FastAPI service that combined health reporting, policy enforcement, and middleware logging.
This lab strengthened my hands-on foundation in fastapi status and policy service and produced a clean set of project files, command history, execution output, interview notes, and troubleshooting guidance for portfolio use.
All code, commands, outputs, and support material used for this lab are organized in this folder for traceability and GitHub documentation readiness.