1:"$Sreact.fragment"
2:I[88754,["/_next/static/chunks/0a3f498ef71c618e.js","/_next/static/chunks/61bc785dc6bd3109.js","/_next/static/chunks/a676f0ced11453e9.js","/_next/static/chunks/4b778b2e48718709.js","/_next/static/chunks/95a5e382a1e8200a.js","/_next/static/chunks/06fe5961b16f81d0.js","/_next/static/chunks/8c955ce35598c7b8.js","/_next/static/chunks/15c613f0f258455e.js"],"ClientPageWrapper"]
3:I[79520,["/_next/static/chunks/0a3f498ef71c618e.js","/_next/static/chunks/61bc785dc6bd3109.js","/_next/static/chunks/a676f0ced11453e9.js","/_next/static/chunks/4b778b2e48718709.js","/_next/static/chunks/95a5e382a1e8200a.js","/_next/static/chunks/06fe5961b16f81d0.js","/_next/static/chunks/8c955ce35598c7b8.js","/_next/static/chunks/15c613f0f258455e.js"],""]
5:I[73552,["/_next/static/chunks/0a3f498ef71c618e.js","/_next/static/chunks/61bc785dc6bd3109.js","/_next/static/chunks/a676f0ced11453e9.js","/_next/static/chunks/4b778b2e48718709.js","/_next/static/chunks/95a5e382a1e8200a.js","/_next/static/chunks/06fe5961b16f81d0.js","/_next/static/chunks/8c955ce35598c7b8.js","/_next/static/chunks/15c613f0f258455e.js"],"AnimatedText"]
6:I[22016,["/_next/static/chunks/0a3f498ef71c618e.js","/_next/static/chunks/61bc785dc6bd3109.js","/_next/static/chunks/a676f0ced11453e9.js","/_next/static/chunks/4b778b2e48718709.js","/_next/static/chunks/95a5e382a1e8200a.js","/_next/static/chunks/06fe5961b16f81d0.js","/_next/static/chunks/8c955ce35598c7b8.js","/_next/static/chunks/15c613f0f258455e.js"],""]
7:I[3601,["/_next/static/chunks/0a3f498ef71c618e.js","/_next/static/chunks/61bc785dc6bd3109.js","/_next/static/chunks/a676f0ced11453e9.js","/_next/static/chunks/4b778b2e48718709.js","/_next/static/chunks/95a5e382a1e8200a.js","/_next/static/chunks/06fe5961b16f81d0.js","/_next/static/chunks/8c955ce35598c7b8.js","/_next/static/chunks/15c613f0f258455e.js"],"AnimatedSection"]
13:I[85437,["/_next/static/chunks/0a3f498ef71c618e.js","/_next/static/chunks/61bc785dc6bd3109.js","/_next/static/chunks/a676f0ced11453e9.js","/_next/static/chunks/4b778b2e48718709.js","/_next/static/chunks/95a5e382a1e8200a.js","/_next/static/chunks/06fe5961b16f81d0.js","/_next/static/chunks/8c955ce35598c7b8.js","/_next/static/chunks/15c613f0f258455e.js"],"Image"]
15:I[97367,["/_next/static/chunks/ff1a16fafef87110.js","/_next/static/chunks/247eb132b7f7b574.js"],"OutletBoundary"]
16:"$Sreact.suspense"
4:T472,{"@context":"https://schema.org","@type":"BlogPosting","headline":"Ship Your Backend in 10 Minutes: The Niya FastAPI Template","description":"A production-ready FastAPI template with Supabase auth, rate limiting, connection pooling, and clean architecture — built so you never waste another week on backend boilerplate.","datePublished":"2025-03-01T00:00:00.000Z","dateModified":"2025-03-01T00:00:00.000Z","author":{"@type":"Person","name":"Hussein Maghrabi","url":"https://h-maghrabi.tech/","sameAs":["https://www.linkedin.com/in/hussein-maghrabi/","https://www.linkedin.com/in/hussein-maghrabi/"]},"publisher":{"@type":"Person","name":"Hussein Maghrabi","url":"https://h-maghrabi.tech/"},"url":"https://h-maghrabi.tech//blogs/niya-fastapi-starter-template","mainEntityOfPage":{"@type":"WebPage","@id":"https://h-maghrabi.tech//blogs/niya-fastapi-starter-template"},"image":"https://h-maghrabi.tech//blogs/niya-fastpi.png","keywords":"FastAPI, Python, Supabase, Backend, API","wordCount":768,"timeRequired":"PT6M","inLanguage":"en-US","isPartOf":{"@type":"Blog","name":"Hussein Maghrabi's Blog","url":"https://h-maghrabi.tech//blogs"}}0:{"buildId":"pOVubU_Kt6m3SrfLgqzM-","rsc":["$","$1","c",{"children":[["$","$L2",null,{"children":[["$","$L3",null,{"id":"schema-blog-post","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$4"}}],["$","$L3",null,{"id":"schema-breadcrumb-post","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https://h-maghrabi.tech/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blogs\",\"item\":\"https://h-maghrabi.tech//blogs\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Ship Your Backend in 10 Minutes: The Niya FastAPI Template\",\"item\":\"https://h-maghrabi.tech//blogs/niya-fastapi-starter-template\"}]}"}}],["$","article",null,{"className":"max-w-3xl mx-auto px-4 sm:px-6 py-8","children":[["$","$L5",null,{"delay":0,"children":["$","nav",null,{"aria-label":"Breadcrumb","className":"mb-6","children":["$","ol",null,{"className":"flex items-center gap-1.5 text-sm text-muted-foreground","children":[["$","li",null,{"children":["$","$L6",null,{"href":"/","className":"hover:text-foreground transition-colors","children":"Home"}]}],["$","li",null,{"aria-hidden":"true","children":["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right w-3.5 h-3.5","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}]}],["$","li",null,{"children":["$","$L6",null,{"href":"/blogs","className":"hover:text-foreground transition-colors","children":"Blogs"}]}],["$","li",null,{"aria-hidden":"true","children":["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right w-3.5 h-3.5","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}]}],["$","li",null,{"className":"text-foreground font-medium truncate max-w-[200px] sm:max-w-[300px]","aria-current":"page","children":"Ship Your Backend in 10 Minutes: The Niya FastAPI Template"}]]}]}]}],["$","$L7",null,{"direction":"up","children":["$","header",null,{"className":"mb-8","children":[["$","div",null,{"className":"flex flex-wrap gap-2 mb-4","children":[["$","span","FastAPI",{"className":"inline-flex items-center px-2.5 py-1 rounded-md text-xs font-medium bg-primary/10 text-primary border border-primary/20","children":"FastAPI"}],["$","span","Python",{"className":"inline-flex items-center px-2.5 py-1 rounded-md text-xs font-medium bg-primary/10 text-primary border border-primary/20","children":"Python"}],"$L8","$L9","$La"]}],"$Lb","$Lc","$Ld"]}]}],"$Le","$Lf","$L10"]}]]}],["$L11"],"$L12"]}],"loading":null,"isPartial":false}
8:["$","span","Supabase",{"className":"inline-flex items-center px-2.5 py-1 rounded-md text-xs font-medium bg-primary/10 text-primary border border-primary/20","children":"Supabase"}]
9:["$","span","Backend",{"className":"inline-flex items-center px-2.5 py-1 rounded-md text-xs font-medium bg-primary/10 text-primary border border-primary/20","children":"Backend"}]
a:["$","span","API",{"className":"inline-flex items-center px-2.5 py-1 rounded-md text-xs font-medium bg-primary/10 text-primary border border-primary/20","children":"API"}]
b:["$","h1",null,{"className":"font-heading text-3xl sm:text-4xl md:text-5xl leading-tight text-foreground mb-4","children":"Ship Your Backend in 10 Minutes: The Niya FastAPI Template"}]
c:["$","p",null,{"className":"text-lg text-muted-foreground leading-relaxed mb-6","children":"A production-ready FastAPI template with Supabase auth, rate limiting, connection pooling, and clean architecture — built so you never waste another week on backend boilerplate."}]
d:["$","div",null,{"className":"flex flex-wrap items-center gap-4 text-sm text-muted-foreground pb-6 border-b border-border","children":[["$","address",null,{"className":"flex items-center gap-1.5 not-italic","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-user w-4 h-4","children":[["$","path","975kel",{"d":"M19 21v-2a4 4 0 0 0-4-4H9a4 4 0 0 0-4 4v2"}],["$","circle","17ys0d",{"cx":"12","cy":"7","r":"4"}],"$undefined"]}],["$","a",null,{"rel":"author","href":"https://h-maghrabi.tech/","className":"hover:text-foreground transition-colors","children":"Hussein Maghrabi"}]]}],["$","time",null,{"dateTime":"2025-03-01T00:00:00.000Z","className":"flex items-center gap-1.5","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-calendar w-4 h-4","children":[["$","path","1cmpym",{"d":"M8 2v4"}],["$","path","4m81vk",{"d":"M16 2v4"}],["$","rect","1hopcy",{"width":"18","height":"18","x":"3","y":"4","rx":"2"}],["$","path","8toen8",{"d":"M3 10h18"}],"$undefined"]}],"March 1, 2025"]}],["$","span",null,{"className":"flex items-center gap-1.5","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-clock w-4 h-4","children":[["$","circle","1mglay",{"cx":"12","cy":"12","r":"10"}],["$","polyline","68esgv",{"points":"12 6 12 12 16 14"}],"$undefined"]}],6," min read"]}]]}]
e:["$","$L7",null,{"direction":"up","delay":0.05,"children":["$","figure",null,{"className":"mb-10","children":["$","$L13",null,{"src":"/blogs/niya-fastpi.png","alt":"Ship Your Backend in 10 Minutes: The Niya FastAPI Template","width":768,"height":400,"className":"w-full h-auto rounded-lg border border-border object-cover","priority":true}]}]}]
14:T2071,I wrote the same backend boilerplate five times. Authentication middleware, rate limiting, database connection pooling, structured error responses, CORS configuration, Pydantic models — every new project started with a full week of plumbing before I wrote a single endpoint that mattered.
So I extracted it into Niya FastAPI Template — a production-ready FastAPI starter that gives you everything you need to build scalable backends without the infrastructure setup. Clone it, add your Supabase credentials, and you have a fully authenticated, rate-limited API running in 10 minutes.
Repo: github.com/namanbarkiya/niya-fastapi-template
What You Get Out of the Box
| Feature |
Status |
Details |
| Supabase Auth |
✅ |
JWT-based authentication with HttpOnly cookies |
| Rate Limiting |
✅ |
Configurable per-endpoint abuse prevention |
| Connection Pooling |
✅ |
Optimized Supabase/Postgres connection handling |
| Input Validation |
✅ |
Pydantic v2 models with detailed error messages |
| Error Handling |
✅ |
Structured JSON error responses with proper HTTP codes |
| CORS |
✅ |
Configurable cross-origin support |
| Logging |
✅ |
Structured request/error logging |
| Security |
✅ |
HttpOnly cookies, JWT validation, input sanitization |
| API Docs |
✅ |
Auto-generated Swagger + Postman collection included |
| Testing |
✅ |
Strategies, examples, and testing guide |
This isn't a TODO list. Every feature is implemented, tested, and documented.
Architecture: Clean and Scalable
The template uses a layered architecture that separates concerns cleanly:
niya-fastapi/
├── config/ # Configuration & database connections
├── core/ # Exceptions, logging, shared utilities
├── middleware/ # Auth verification & rate limiting
├── models/ # Pydantic request/response models
├── repositorys/ # Data access layer (DAL)
├── services/ # Business logic
├── controller/ # API endpoint handlers
├── docs/ # Comprehensive documentation
├── postman/ # Ready-to-import Postman collection
└── main.py # Application entry point
Why This Pattern?
Each layer has one job:
- Controllers handle HTTP — parse requests, return responses, set status codes.
- Services contain business logic — validation rules, orchestration, transformations.
- Repositories talk to the database — queries, inserts, transactions.
When you need to add a new feature (say, a /users/profile endpoint), you create one file per layer. The pattern is the same every time. New developers on your team understand the codebase in 15 minutes.
Authentication That's Actually Production-Ready
Most FastAPI auth tutorials show you a decorator and call it done. Niya's auth layer handles the real-world concerns:
# middleware/auth.py
async def verify_token(request: Request) -> dict:
token = request.cookies.get("access_token")
if not token:
raise UnauthorizedException("No token provided")
try:
payload = jwt.decode(token, JWT_SECRET, algorithms=["HS256"])
return payload
except jwt.ExpiredSignatureError:
raise UnauthorizedException("Token expired")
except jwt.InvalidTokenError:
raise UnauthorizedException("Invalid token")
Key details that matter:
- HttpOnly cookies — the token is never accessible from JavaScript (XSS-immune)
- Secure flag — cookies are only sent over HTTPS in production
- JWT validation — expiration, signature verification, and structured error responses
- Dependency injection — the auth middleware integrates with FastAPI's
Depends() system
Rate Limiting
One line of middleware protects your entire API from abuse:
# In your .env
RATE_LIMIT_PER_MINUTE=60
The rate limiter tracks by IP, returns proper 429 Too Many Requests responses with Retry-After headers, and is configurable per route if you need different limits for auth vs. data endpoints.
Performance Numbers
| Metric |
Value |
| Average response time |
~200ms |
| Error rate |
<1% |
| Security score |
8/10 |
| Scalability score |
8/10 |
These numbers are from a real deployment serving actual traffic. The connection pooling and async handlers make a significant difference under load.
The Documentation You Wish Every Template Had
Niya ships with comprehensive docs — not just a README:
Plus a ready-to-import Postman collection with environment variables pre-configured.
Quick Start
# Clone
git clone https://github.com/namanbarkiya/niya-fastapi-template.git
cd niya-fastapi
# Virtual environment
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# Install
pip install -r requirements.txt
# Configure
cp env.example .env
# Edit .env with your Supabase credentials
# Run
uvicorn main:app --reload --host 0.0.0.0 --port 8000
Open http://localhost:8000/docs — you'll see your fully documented, authenticated API ready to go.
Niya Frontend + Backend: The Full Stack
Niya FastAPI is designed to pair perfectly with the Niya SaaS Template (Next.js frontend). Together, they give you:
- Frontend: Next.js 15, Supabase Auth, Zustand, React Query, Magic UI
- Backend: FastAPI, Supabase, rate limiting, clean architecture
- Shared auth: Both use Supabase JWT tokens — single sign-on is built in
Clone both, point them at the same Supabase project, and you have a full-stack SaaS application with auth, dashboard, API, and documentation — all in under 15 minutes.
Star it if it's useful: github.com/namanbarkiya/niya-fastapi-template
f:["$","$L7",null,{"direction":"up","delay":0.1,"children":["$","section",null,{"className":"blog-content","dangerouslySetInnerHTML":{"__html":"$14"}}]}]
10:["$","$L7",null,{"direction":"up","delay":0.15,"className":"mt-16 pt-8 border-t border-border","children":["$","footer",null,{"className":"flex items-center justify-between","children":[["$","$L6",null,{"href":"/blogs","className":"inline-flex items-center justify-center text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 border border-input bg-background hover:bg-accent hover:text-accent-foreground h-10 px-4 py-2 rounded-lg gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-left w-4 h-4","children":[["$","path","1wnfg3",{"d":"m15 18-6-6 6-6"}],"$undefined"]}],"All posts"]}],["$","div",null,{"className":"text-sm text-muted-foreground","children":["Written by"," ",["$","$L6",null,{"href":"https://www.linkedin.com/in/hussein-maghrabi/","target":"_blank","rel":"noopener noreferrer","className":"font-medium text-foreground hover:text-primary transition-colors","children":"Hussein Maghrabi"}]]}]]}]}]
11:["$","script","script-0",{"src":"/_next/static/chunks/15c613f0f258455e.js","async":true}]
12:["$","$L15",null,{"children":["$","$16",null,{"name":"Next.MetadataOutlet","children":"$@17"}]}]
17:null