First Run Guide¶
This guide walks you through verifying your installation, creating the admin user, and testing the main features.
Verification Checklist¶
Before diving deeper, verify everything is working.
1. Check Services¶
2. Test API Documentation¶
Open these in a browser:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
3. Health Check¶
Expected response:
4. Database Tables¶
Check that tables were created:
You should see tables like user, tiers, rate_limits, api_keys, key_usage, key_permissions.
Initial Setup¶
Create the first admin user and the default tier.
Prerequisites
Make sure the database tables are created before running this. With CREATE_TABLES_ON_STARTUP=true (default), this happens automatically the first time the app boots.
Create Admin User and Default Tier¶
The admin credentials come from ADMIN_NAME, ADMIN_EMAIL, ADMIN_USERNAME, and ADMIN_PASSWORD in backend/.env.
This creates:
- A default tier (used as the fallback for new users)
- The admin user (with
is_superuser=true)
Testing Core Features¶
Authentication Flow (Sessions)¶
This boilerplate uses server-side sessions with HTTP-only cookies — no JWT.
1. Log In¶
curl -X POST "http://localhost:8000/api/v1/auth/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin&password=your_admin_password" \
-c cookies.txt
Response sets an HTTP-only session_id cookie and returns a CSRF token:
cookies.txt now holds your session — pass it back with -b cookies.txt on subsequent requests.
2. Get the Current User¶
3. Create a New User¶
curl -X POST "http://localhost:8000/api/v1/users/" \
-H "Content-Type: application/json" \
-d '{
"name": "John Doe",
"username": "johndoe",
"email": "john@example.com",
"password": "securepassword123"
}'
(User creation is open — no auth required.)
4. Check Auth Status¶
Returns {"authenticated": true, "user": {...}, "session": {...}} when logged in.
5. Log Out¶
API Keys¶
For programmatic access (machine-to-machine clients), create an API key while logged in:
curl -X POST "http://localhost:8000/api/v1/api-keys/" \
-H "Content-Type: application/json" \
-b cookies.txt \
-d '{
"name": "My Integration Key",
"permissions": {},
"usage_limits": {}
}'
⚠️ The full API key is shown once in the response. Store it securely.
List your keys:
Tiers and Rate Limits¶
# List tiers
curl http://localhost:8000/api/v1/tiers/
# Get a tier by name
curl http://localhost:8000/api/v1/tiers/free
# List rate limits
curl http://localhost:8000/api/v1/rate-limits/
Caching¶
Repeat a request twice and watch the timing — the second one should hit Redis:
curl http://localhost:8000/api/v1/users/johndoe -b cookies.txt -w "\nTime: %{time_total}s\n"
curl http://localhost:8000/api/v1/users/johndoe -b cookies.txt -w "\nTime: %{time_total}s\n"
Background Tasks (Taskiq)¶
Background processing is enabled out of the box but no example endpoint ships with the starter. To register and dispatch your own task, see Background Tasks.
To start a worker locally:
Adding Your First Feature Module¶
The codebase uses vertical-slice modules — each feature owns its models, schemas, CRUD, service, and routes in one folder under backend/src/modules/.
For a step-by-step walkthrough of adding a new module, see the Development Guide.
Debugging Common Issues¶
Application Logs¶
Database Logs¶
Run Migrations Manually¶
If you need to re-run migrations:
Reset Everything (Docker)¶
Next Steps¶
You've verified your install and tested the main features. Now:
Essential Reading¶
- Project Structure - How the code is organized
- Database Guide - Models, schemas, CRUD
- Authentication - Sessions, OAuth, API keys
Advanced Features¶
- Caching - Redis-backed cache
- Background Tasks - Async jobs with Taskiq
- Rate Limiting - Per-tier rate limits
Development Workflow¶
- Development Guide - Extend the boilerplate
- Testing - Test your features
- Production - Deploy
Getting Help¶
- Check the logs for error messages
- Verify your
backend/.envhas the right values - Search GitHub Issues for similar problems
- Open a new issue with details