A modern, high-performance geospatial API framework that extends pygeoapi with authentication, authorization, and security features using FastAPI, OpenID Connect, and Open Policy Agent (OPA) ๐บ๏ธ๐.
ย ย ย ย
This diagram gives an overview of the basic architecture:
- OpenID Connect (OIDC) Integration - OAuth2/JWT Bearer token authentication with JWKS support
- API Key Authentication - Flexible API key-based authentication for programmatic access
- Open Policy Agent (OPA) - Policy-based authorization with fine-grained access control
- Multi-scheme Support - Seamlessly switch between authentication methods based on your needs
- FastAPI Framework - High-performance async API built on Starlette and Pydantic
- Async I/O - Non-blocking operations for better scalability
- Modern Python - Python 3.12+ with type hints and modern language features
- Fast Dependency Management - UV-based tooling for lightning-fast installations
- OGC API Compliance - Full support for OGC API - Features, Processes, and more
- OpenAPI Integration - Auto-generated, security-enhanced OpenAPI specifications
- Geospatial Data Access - Seamless access to vector and raster geospatial data
- pygeoapi Extension - Extends vanilla pygeoapi with enterprise-ready security
- Contract Testing - Automated OpenAPI contract validation with Schemathesis
- Security Scanning - OWASP ZAP integration for continuous security testing
- Pre-commit Hooks - Code quality checks with Ruff formatting and linting
- Comprehensive Test Coverage - Full test suite with pytest and coverage reporting
- pygeoapi
- fastapi-opa
- An OpenID Connect provider (Keycloak, WSO2, etc)
- Open Policy Agent (OPA)
You can install fastgeoapi via pip from PyPI:
pip install fastgeoapiInstall UV - a fast Python package installer and resolver:
macOS / Linux:
curl -sSf https://install.ultraviolet.dev | shWindows (PowerShell):
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"After cloning the repository, use UV to install dependencies:
git clone https://github.com/geobeyond/fastgeoapi.git
cd fastgeoapi
uv syncThis automatically:
- Creates a virtual environment in
.venv - Installs all required dependencies including git-based packages (pygeoapi, pygeofilter, fencer)
- Sets up fastgeoapi in development mode
macOS / Linux:
source .venv/bin/activateWindows (PowerShell):
.venv\Scripts\Activate.ps1Once Keycloak and OPA have been started, configure the required environment variables:
export PYGEOAPI_CONFIG=pygeoapi-config.yml
export PYGEOAPI_OPENAPI=pygeoapi-openapi.yml
export FASTGEOAPI_CONTEXT='/geoapi'Start fastgeoapi in development mode:
uv run fastapi run app/main.py --app app --host 0.0.0.0 --port 5000 --reload# Update dependencies
uv sync --upgrade
# View installed packages
uv pip list
# Install a new package
uv pip install package-name
# Install dev dependencies
uv pip install --group devFor more details, see uv.md.
Please see the Command-line Reference for details.
Please have a look at the docker-compose.yml file under scripts/iam to start the stack with Keycloak and Open Policy Agent locally. There is a README.md file that explains how to use it.
The file scripts/iam/keycloak/realm-export.json can be used to import an already configured realm into Keycloak.
The files under scripts/postman can be used to setup Postman with a configuration that is ready to perform the requests for the whole stack.
Contributions are very welcome. To learn more, see the Contributor Guide.
Distributed under the terms of the MIT license, fastgeoapi is free and open-source software.
If you encounter any problems, please file an issue along with a detailed description.
This project was generated from @cjolowicz's Hypermodern Python Cookiecutter template.