FastAPI DevSecOps Demo: A Production-Ready Microservice from Zero to Deployment

A REST API (Representational State Transfer Application Programming Interface) is a way for applications to communicate with servers over the internet using standard HTTP methods. In a REST API, the client (such as a web or mobile app) sends requests using methods like GET, POST, PUT, and DELETE to specific URLs, and the server responds with data, usually in JSON format. REST APIs do not handle user interfaces; they only transfer data. The client application then uses this data to display information or perform actions. REST APIs are widely used because they are simple, scalable, language-independent, and work efficiently over the web.

When I open an app like Instagram and view a user's profile, the app sends a request to Instagram's backend using an API (REST-style). This API is part of Instagram's server and is responsible for fetching the required data, such as the user's profile details, from the database. The server returns this data in a structured format (like JSON), and the app then displays it in a user-friendly interface. The API itself does not show anything to the user; it only transfers data between the app and the server.

When I open a food delivery app like Uber Eats and search for a restaurant, the app sends a request to the backend using a REST API. This API is part of the server and handles the request using an HTTP method such as GET to retrieve the restaurant's details from the database. The server then returns the data in a structured format like JSON, and the app displays this information on the screen. The REST API does not show anything by itself; it simply acts as a communication layer that transfers data between the app and the server.

A REST API is a server-side interface that receives requests from an app, fetches or updates data, and sends the data back for the app to display.

A REST API is not a separate program or service that fetches data on its own; instead, it is an architectural style that defines rules and best practices for how communication between a client and a server should happen over the internet. These rules include using HTTP methods such as GET for reading data, POST for creating data, PUT for updating data, and DELETE for removing data, along with structured URLs and data formats like JSON.

FastAPI is a Python framework that developers use to build an API that follows these REST principles. When a client application, such as a mobile or web app, sends a request (for example, searching for a restaurant or viewing a user profile), FastAPI receives the request on the server, interprets the HTTP method and URL according to REST rules, executes the backend logic, interacts with the database or other services to fetch or modify data, and then sends the response back to the client in a REST-compliant format. In simple terms, REST defines how an API should behave, while FastAPI is the actual tool that implements those rules and performs the real work of handling requests, processing data, and returning responses.

REST API should be understood as an architectural blueprint or a set of rules rather than something that actually runs or executes code. REST defines how communication between an application and a server should happen, such as using URLs to represent resources, using HTTP methods like GET, POST, PUT, and DELETE to perform actions, exchanging data in formats like JSON, and keeping interactions stateless. REST itself does not fetch data, does not execute logic, and does not exist as a software component; it is simply a set of guidelines.

FastAPI, on the other hand, is a real Python framework that runs on a server and is responsible for implementing these REST principles. When a user searches for something like "Chipotle" in an app, the app sends a REST-style request such as GET /restaurants?name=chipotle. FastAPI receives this request, identifies the HTTP method, endpoint, and parameters, executes the backend Python code, queries the database, and retrieves the relevant data. FastAPI then sends the response back to the client in a REST-compliant format, typically JSON, following REST rules such as stateless communication and clear resource-based responses.

Therefore, the correct mental model is that FastAPI is the actual API that performs all the work, while REST simply describes how that API should behave. In real-world usage, when people say terms like "Instagram REST API" or "Uber Eats REST API," they are referring to an API built using REST principles, not a separate REST component.

Consider a real-world food delivery application where the backend order service is built using FastAPI and needs to run reliably on different machines such as developer laptops, testing servers, and cloud production servers. To solve the problem of environment differences, the development team creates a Docker image, which is a packaged, read-only template containing the application code, the required Python runtime, all necessary libraries, and instructions on how to start the service. This Docker image itself does not run; it simply represents the standardized version of the application.

When this image is executed on a server, it creates a Docker container, which is a running instance of the application capable of handling real user requests. During peak usage, such as a busy evening when many users place food orders, the same Docker image can be run multiple times to create several containers of the order service, allowing traffic to be distributed across them. Each container runs independently while using the same image, ensuring consistency, scalability, and reliability. In this setup, the image acts as the blueprint for the application, while containers are the actual running copies that keep the service responsive and stable in real-world production environments.

Traditionally, applications handled increased traffic by adding more servers, which is known as horizontal scaling, or by upgrading a single server's resources, which is called vertical scaling. With containers, scaling happens at the application level rather than immediately at the server level. When traffic increases, such as on a Friday night for a food delivery app like Uber Eats, the system can start additional containers of the same application on existing servers, allowing requests to be distributed across them. This approach is still horizontal scaling, but it focuses on scaling the application using containers instead of directly adding servers. New servers are only added when existing servers reach their capacity, making container-based scaling more efficient, faster, and cost-effective.

Kubernetes is a container orchestration platform that manages how containerized applications run at scale across multiple servers. While Docker is responsible for packaging an application into an image and running it as containers, Kubernetes takes over the responsibility of controlling those containers in production. In a real-world scenario like a food delivery app experiencing heavy traffic on a Friday night, Kubernetes automatically monitors application load and starts additional containers when demand increases, distributing them across available servers. If a container crashes or a server goes down, Kubernetes detects the failure and replaces the container automatically, ensuring the application remains available. When traffic decreases, Kubernetes scales the containers back down to save resources. In this way, Kubernetes provides automated scaling, self-healing, load balancing, and efficient resource management, allowing applications to run reliably and smoothly without manual intervention.