You can restrict form fields to only include those declared in a Pydantic model and forbid any extra field sent in the request using Pydantic's model_config = {"extra": "forbid"}
:
from typing import Annotated
from fastapi import FastAPI, Form
from pydantic import BaseModel
app = FastAPI()
class FormData(BaseModel):
username: str
password: str
model_config = {"extra": "forbid"}
@app.post("/login/")
async def login(data: Annotated[FormData, Form()]):
return data
Read the new docs: Form Models - Forbid Extra Form Fields.