Open-source Backend-as-a-Service built with FastAPI
Project description
FastCMS
The modular Python BaaS — auth, realtime, files, dynamic collections. AI via plugins, install only what you need.
FastCMS gives your frontend a complete backend in minutes — dynamic schemas, JWT auth, real-time WebSocket subscriptions, file storage with thumbnails, webhooks, and an admin dashboard. Build on top of FastAPI + SQLAlchemy. Drop in plugins when you need AI, custom fields, or integrations.
Install
From PyPI (recommended)
pip install pyfastcms
fastcms init my-app
cd my-app
fastcms dev
You now have an admin at http://localhost:8000/admin and an OpenAPI playground at http://localhost:8000/docs.
With cloud storage backends
pip install 'pyfastcms[s3]' # AWS S3 / MinIO / DigitalOcean Spaces
pip install 'pyfastcms[azure]' # Azure Blob
pip install 'pyfastcms[storage]' # both at once
Docker (multi-service: FastCMS + Postgres + Redis)
git clone https://github.com/aalhommada/fastCMS && cd fastCMS
cp .env.example .env # set SECRET_KEY (openssl rand -hex 32) inside
docker compose up -d
The compose file in this repo wires up Postgres + Redis for production-grade
real-time and persistence. For SQLite-only dev, the pip install path
above is simpler.
From source (for contributors)
git clone https://github.com/aalhommada/fastCMS && cd fastCMS
python -m venv .venv && source .venv/bin/activate
pip install -e '.[storage]'
cp .env.example .env # set SECRET_KEY
fastcms dev
Quick start
After fastcms dev is running:
1. Create your first user
curl -X POST http://localhost:8000/api/v1/auth/register \
-H 'Content-Type: application/json' \
-d '{
"email": "you@example.com",
"password": "YourPassword123!",
"password_confirm": "YourPassword123!",
"name": "Your Name"
}'
The response includes an access_token. Save it as TOKEN for the next
calls. To make the user an admin:
sqlite3 data/app.db "UPDATE users SET role='admin' WHERE email='you@example.com';"
2. Create a collection
curl -X POST http://localhost:8000/api/v1/collections \
-H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"name": "posts",
"type": "base",
"schema": [
{"name": "title", "type": "text", "validation": {"required": true}},
{"name": "content", "type": "editor"},
{"name": "published", "type": "bool"}
]
}'
FastCMS auto-creates the table, REST endpoints, and admin UI for it.
3. Add a record
curl -X POST http://localhost:8000/api/v1/collections/posts/records \
-H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"data": {"title": "Hello", "content": "World", "published": true}}'
4. Query
# filter
curl "http://localhost:8000/api/v1/collections/posts/records?filter=published=true" \
-H "Authorization: Bearer $TOKEN"
# full-text search
curl "http://localhost:8000/api/v1/collections/posts/records?search=hello" \
-H "Authorization: Bearer $TOKEN"
# sort newest first
curl "http://localhost:8000/api/v1/collections/posts/records?sort=-created" \
-H "Authorization: Bearer $TOKEN"
See fastcms.org for
the full filter operator list (=, !=, >, >=, <, <=, ~,
?=), date macros (@today, @day-7), expansion, and pagination.
Add AI (optional)
AI features live in separate plugins so the core install stays lightweight. Install only what you need:
fastcms plugin install ai-core # LLM provider abstraction (OpenAI, Anthropic, Ollama)
fastcms plugin install ai-vectors # embedding storage + semantic search
fastcms plugin install ai-rag # retrieval-augmented Q&A on your docs
fastcms plugin install ai-agents # autonomous agents with tool calling
Then restart the server, configure a provider via the admin UI at
/admin/ai, or POST to /api/v1/plugins/ai/configure. No API key
required if you run Ollama locally.
Plugins source: https://github.com/aalhommada/fastcms-plugins.
Core features
Every feature below ships in the pyfastcms wheel — no plugin needed.
| Feature | Highlights |
|---|---|
| Dynamic Collections | Define schema via API; auto-creates table + REST endpoints + admin UI |
| Auth Collections | Multiple user pools (customers, vendors, admins) with JWT + bcrypt |
| View Collections | Virtual collections backed by SQL queries (joins, aggregations) |
| Authentication | JWT + refresh tokens, OAuth (Google/GitHub/Microsoft), 2FA/TOTP, API keys, magic links |
| Real-time | WebSocket subscriptions per-collection, presence, Redis pub/sub for multi-server |
| File storage | Local / S3 / Azure Blob with automatic image thumbnails (3 sizes) |
| Access control | Per-collection rule expressions for read/create/update/delete |
| Hooks | Drop a .py file in hooks/ to react to record events |
| Webhooks | HMAC-signed delivery, exponential backoff, full retry/audit log |
| Backup & restore | One-click DB snapshots via API or admin |
| CSV import/export | Move data between environments |
| Admin dashboard | Web UI for everything — collections, records, users, files, settings |
| CLI | fastcms init, fastcms dev, fastcms collections, fastcms users, fastcms plugin |
Configuration
Settings come from environment variables (or a .env file). The most
common ones:
SECRET_KEY=... # required — generate with: openssl rand -hex 32
DATABASE_URL=sqlite+aiosqlite:///./data/app.db
# or: postgresql+asyncpg://user:pass@host/db
ACCESS_TOKEN_EXPIRE_MINUTES=1440 # 1 day default
CORS_ORIGINS=http://localhost:3000,https://yourapp.com
STORAGE_TYPE=local # local | s3 | azure
REDIS_ENABLED=false # set true for multi-server real-time
See .env.example for the full list including OAuth,
SMTP, S3, and Azure settings.
Production checklist
- Strong
SECRET_KEY(32+ random bytes) -
DEBUG=falseandENVIRONMENT=production - Postgres instead of SQLite (set
DATABASE_URL) - Redis enabled if running multiple instances (
REDIS_ENABLED=true) - Specific
CORS_ORIGINS(not*) - Cloud storage if you serve uploads at scale (
STORAGE_TYPE=s3) - Reverse proxy with TLS (the included
docker-compose.ymlis a good starting point)
Documentation
Full docs: https://fastcms.org
Highlights:
Common questions
Where is my data stored? SQLite at data/app.db by default. Switch
to Postgres in production via DATABASE_URL.
Do I need AI? No — the core works without any plugin. Install AI plugins only if you want them.
Can I add my own field types or endpoints? Yes — write a plugin and
drop it in plugins/. See the
plugin development guide.
Is it production-ready? The current release is 0.1.x — APIs may
still evolve before 1.0. Several teams run it in production today; see
CHANGELOG.md for what's stable and what's recently
fixed.
License
MIT — see LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyfastcms-0.1.3.tar.gz.
File metadata
- Download URL: pyfastcms-0.1.3.tar.gz
- Upload date:
- Size: 479.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3796ed6e01f0056dfda1b9e27faffdab33c5523ef809c3aaa27d12f46e941c83
|
|
| MD5 |
f7b96abd31e541ffd2505399869aa49a
|
|
| BLAKE2b-256 |
a76f54bae0e021ee623bc95f5638b97c52e144a657a5a581f11f1b62e39a8113
|
File details
Details for the file pyfastcms-0.1.3-py3-none-any.whl.
File metadata
- Download URL: pyfastcms-0.1.3-py3-none-any.whl
- Upload date:
- Size: 368.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a445caf728e13e63fb1f9b385d82dff31d481f0aa715877f218b0645be044f1a
|
|
| MD5 |
a5a70740947b4e9f961ee22f00f27ffe
|
|
| BLAKE2b-256 |
db70c3ef80c2eaae5fd630af7118420291ba6b18d5d2828207a09dc288703d85
|
