A secure, production-ready Notes API built with FastAPI, MongoDB, and JWT authentication. This service lets users sign up, log in, and manage notes (create, read, update, delete).

• ✅ User Authentication — Secure signup & login with JWT tokens
• ✅ Notes CRUD — Create, read, update, and delete notes
• ✅ MongoDB Integration — Async database operations using Motor
• ✅ Password Hashing — Uses bcrypt for secure password storage
• ✅ Dockerized — Easily deployable anywhere
• ✅ Swagger Docs — Interactive API documentation
• ✅ Environment Configs — .env based settings for secrets & DB

Python 3.10+

MongoDB (local or Atlas)

Docker (optional for containerized setup)

git clone https://github.com/<your-username>/fastapi-notes-api.git
cd fastapi-notes-api

python -m venv venv
source venv/bin/activate   # macOS/Linux
venv\Scripts\activate      # Windows

pip install -r requirements.txt

Copy the example file:

    cp .env.example .env

Edit .env:

# MongoDB Root Credentials
MONGO_ROOT_USERNAME=root
MONGO_ROOT_PASSWORD=your_secure_root_password_here

# MongoDB Initial Admin User
MONGO_INIT_ADMIN_USERNAME=admin
MONGO_INIT_ADMIN_EMAIL=admin@yourdomain.com
MONGO_INIT_ADMIN_PASSWORD=your_pre_hashed_password_here  # Make sure this is pre-hashed

# FastAPI Settings
SECRET_KEY=your_secure_jwt_key_here

uvicorn app.main:app --reload

The app should be live at:
👉 http://localhost:8000

Method	Endpoint	Description

POST	/auth/signup	Register a new user
POST	/auth/login	Log in & receive JWT token

• Method Endpoint Description
• GET /notes/ Get all notes for the user
• POST /notes/ Create a new note
• PUT /notes/{note_id} Update a note
• DELETE /notes/{note_id} Delete a note

All /notes routes require an Authorization header: Authorization: Bearer <your_access_token>

docker-compose up --build

This spins up:

• FastAPI app on port 8000
• MongoDB on port 27017

FastAPI automatically generates documentation:

• Swagger UI → http://localhost:8000/docs
• ReDoc → http://localhost:8000/redoc

• User Signup → /auth/signup → Passwords are hashed with bcrypt before saving.

• User Login → /auth/login → Returns a JWT token with expiration.

• Authorized Routes → /notes/* → Require Authorization: Bearer header.

• Layer Technology
• Backend FastAPI
• Database MongoDB (Motor async driver)
• Auth JWT
• Containerization Docker & Docker Compose
• Language Python 3.11

• Role-based permissions (Admin/User)
• Refresh tokens for longer sessions
• File attachments for notes
• Integration tests with Pytest
• Rate limiting & CORS policies

Sudhakar P
Software Engineer | Cybersecurity Enthusiast
Certificates: CEH, CND, AZ-305, SC-100, AZ-500
[p.sudhakar963@gmail.com]