Complete Syllabus

10 Modules. 70+ Topics. Django + FastAPI + React + Deploy.

Click any module to expand. This module teaches Django REST Framework (enterprise standard) AND FastAPI (the fastest-growing Python framework) — students learn both. The frontend uses React 19 with TypeScript and Vite. Django Templates are taught only as context — the real frontend is React.

01

⭐ Django 5 Foundations & REST APIs

Project setup, models, ORM, and building REST APIs with Django REST Framework

1.1 Django Project Setup & Architecture

django-admin startproject, startapp. Project structure: settings.py, urls.py, wsgi/asgi.py. Apps as modules: models.py, views.py, serializers.py, urls.py. Virtual environments (venv/pipenv/poetry). requirements.txt and pyproject.toml. Django 5.x new features: simplified form rendering, async view improvements.

1.2 Models & Django ORM

Model definition: CharField, IntegerField, DateTimeField, ForeignKey, ManyToManyField. Relationships: one-to-many (ForeignKey), many-to-many, one-to-one. Meta class: ordering, unique_together, verbose_name. Custom model managers. QuerySet API: filter(), exclude(), annotate(), aggregate(), select_related(), prefetch_related(). The N+1 problem and how select_related/prefetch_related fixes it.

1.3 Database Migrations

makemigrations → migrate workflow. Migration files: what they contain, why they're version-controlled. Data migrations (RunPython). Squashing migrations. Rolling back migrations. Why migrations matter: schema changes are versioned, repeatable, team-safe. Conflicts and how to resolve them. Django's migration system vs Flyway/Alembic — Django's is built-in and excellent.

1.4 Django REST Framework: Serializers & ViewSets

DRF installation and setup. Serializers: ModelSerializer, nested serializers, validation (validate_field, validate). ViewSets: ModelViewSet (CRUD in one class), custom actions (@action decorator). Routers: DefaultRouter auto-generates URL patterns. Browsable API (DRF's built-in API explorer). Pagination: PageNumberPagination, LimitOffsetPagination. Filtering: django-filter integration, SearchFilter, OrderingFilter.

1.5 Request Validation & Error Handling

Serializer validation: field-level (validate_email), object-level (validate), custom validators. raise serializers.ValidationError with structured errors. Custom exception handler: override DRF's default to return consistent error format. HTTP status codes: 400 (validation), 401 (auth), 403 (permission), 404 (not found), 500 (server). Error response contract with the frontend team.

1.6 Admin Panel & Django Shell

Django admin: register models, customise list_display, list_filter, search_fields. ModelAdmin for advanced customisation: inline editing, custom actions, fieldsets. django-admin-interface for modern admin UI. Django shell (manage.py shell_plus): interactive ORM queries for debugging. Admin is a PRODUCTIVITY TOOL — not a customer-facing UI. Use it for data management during development.

1.7 Environment Config & Settings Management

django-environ: load settings from .env files. Separate settings: base.py, development.py, production.py. SECRET_KEY, DEBUG, ALLOWED_HOSTS, DATABASE_URL from environment variables. Never commit secrets to Git. python-decouple as an alternative. The 12-Factor App pattern applied to Django. Why settings.py with hardcoded values breaks in production.

Placement relevance: Django + DRF is the #1 Python backend framework for enterprise applications — used at Instagram, Spotify, Dropbox, and most Python-stack Indian startups. "Build a REST API with DRF" is the standard Python full-stack interview assignment. Understanding serializers, ViewSets, and the ORM is what separates "Django tutorial follower" from "Django developer."
02

Authentication, Permissions & Security

JWT auth, role-based access, social login, and securing Django APIs

2.1 Django Authentication System

Django's built-in auth: User model, authenticate(), login(), logout(). Custom User model (AbstractUser or AbstractBaseUser) — always create a custom User model from day one. Password hashing with PBKDF2/bcrypt/Argon2. User registration with email verification. Why Django's auth is battle-tested and extensible.

2.2 JWT Authentication with djangorestframework-simplejwt

Token-based auth: access token (short-lived, 5–30 min) + refresh token (long-lived, 7 days). Login flow: POST /api/auth/login → validate → return access + refresh tokens. Token refresh: POST /api/auth/refresh → return new access token. Token blacklisting for logout. Custom claims in JWT payload. Frontend integration: store tokens, attach Authorization header.

2.3 Permissions & RBAC

DRF permissions: IsAuthenticated, IsAdminUser, AllowAny. Custom permissions: IsOwner (user can only edit their own objects). Object-level permissions. Groups and group-based permissions. @permission_classes decorator on viewsets. Permission hierarchy: admin > moderator > user. How to structure permissions for multi-role applications.

2.4 Social Login: Google & GitHub OAuth2

django-allauth or dj-rest-auth for social authentication. Google OAuth2 flow: redirect → Google consent → callback → create/login user. GitHub OAuth2 for developer-focused apps. Connecting social accounts to existing user accounts. When to use social login vs email/password (consumer apps → social, enterprise → email/password).

2.5 Security Best Practices

CSRF protection (Django's middleware). XSS prevention (Django's template auto-escaping). SQL injection prevention (ORM parameterised queries — never use raw SQL with user input). CORS configuration: django-cors-headers for React frontend. Rate limiting with django-ratelimit or DRF throttling. Security headers: HSTS, X-Content-Type-Options, X-Frame-Options. OWASP Top 10 awareness.

Placement relevance: "Implement JWT authentication" is the #1 full-stack security interview question. Django's CSRF, XSS, and SQL injection protections are asked in security discussions. CORS configuration is the first bug every full-stack developer hits. Social login is expected at consumer-facing startups. Understanding auth flow end-to-end (React → JWT → DRF) is what full-stack interviews evaluate.
03

FastAPI: High-Performance Async APIs

The fastest-growing Python framework — async, auto-docs, and type-safe

3.1 FastAPI Setup & Core Concepts

pip install fastapi uvicorn. First endpoint: @app.get("/"). Path parameters, query parameters, request body (Pydantic models). Automatic API documentation: /docs (Swagger UI) and /redoc. Async by default: async def endpoints with await. Type hints as contracts — FastAPI validates automatically from types. Why FastAPI is 3–10x faster than Django for API-heavy workloads.

3.2 Pydantic Models & Validation

Pydantic v2: BaseModel for request/response schemas. Field validation: Field(min_length=1, max_length=100). Custom validators with @field_validator. Nested models. Optional fields. Model inheritance. Pydantic vs DRF Serializers: Pydantic is faster, type-safe, and reusable outside FastAPI. Response models: response_model parameter controls what's returned.

3.3 SQLAlchemy + Alembic (FastAPI Database)

SQLAlchemy ORM: declarative models, sessions, queries. Async SQLAlchemy (2.0 style). Alembic for migrations: alembic init, alembic revision --autogenerate, alembic upgrade head. Dependency injection: get_db session per request. Repository pattern for database operations. When to use SQLAlchemy (FastAPI) vs Django ORM (Django) — each is excellent in its ecosystem.

3.4 FastAPI Auth & Middleware

OAuth2PasswordBearer for JWT authentication. Dependency injection for current_user. Custom middleware for logging, timing, CORS. Background tasks: BackgroundTasks for fire-and-forget operations. WebSocket support in FastAPI. When to choose FastAPI (microservices, ML serving, high-performance APIs) vs Django (full-featured web apps, admin panel, ORM).

Placement relevance: FastAPI is the fastest-growing Python web framework — adopted by Microsoft, Netflix, Uber for internal tools. Startups increasingly choose FastAPI over Django for API-only backends. Knowing BOTH Django and FastAPI makes a candidate versatile — "I can use the right tool for the job" vs "I only know one framework." FastAPI knowledge is a differentiator in 2025–26 interviews.
04

Advanced Backend: Celery, Redis, File Upload & Email

Production features beyond CRUD — task queues, caching, file handling, and notifications

4.1 Celery: Async Task Queue

Why task queues: don't block the request thread for slow operations (email, reports, image processing). Celery setup: broker (Redis), worker, beat (scheduled tasks). @shared_task decorator. Calling tasks: .delay() and .apply_async(). Monitoring: Flower dashboard. Use cases: send welcome email after registration, generate PDF report, process uploaded images. The #1 Django production tool after DRF.

4.2 Redis: Caching & Session Store

django-redis for cache backend. @cache_page for view-level caching. Low-level cache: cache.get(), cache.set() for custom caching logic. Cache invalidation strategies: TTL, manual invalidation on write. Redis as session backend (faster than database sessions). Redis as Celery broker. When to cache: product listings, user profiles, API responses for read-heavy data.

4.3 File Upload & Cloud Storage

Django FileField and ImageField. File validation: size limits, allowed types. Local storage during development. django-storages + boto3 for AWS S3 in production. Serving media files: WhiteNoise for static, S3/CloudFront for media. Image processing: Pillow for thumbnails, format conversion. Profile picture upload flow: React form → multipart POST → Django saves to S3 → return URL.

4.4 Email & Notifications

Django email backend: SMTP (Gmail, SendGrid, AWS SES). HTML email templates with Django's template engine. Use cases: welcome email, password reset, order confirmation. Sending via Celery (non-blocking). Email verification flow: register → send verification link → user clicks → activate account. Rate limiting email sending to avoid spam flags.

4.5 API Documentation & Versioning

DRF: drf-spectacular for OpenAPI 3.0 auto-generation. Swagger UI and ReDoc endpoints. Schema customisation with @extend_schema. API versioning: URL-based (/api/v1/) or header-based. Deprecating old versions gracefully. FastAPI: auto-docs are built-in (the best in any framework). Why API documentation is a TEAM CONTRACT, not an afterthought.

Placement relevance: Celery is asked in every production Django interview — "How do you handle long-running tasks?" Redis caching is standard at any company with traffic. File upload with S3 is real-world production code. These features transform a "tutorial project" into a "production-quality application" that interviewers take seriously.
05

Frontend Foundations: HTML, CSS, JavaScript & TypeScript

Web fundamentals + TypeScript — the prerequisites for React development

5.1 HTML5 & Accessible Forms

Semantic tags, form input types, validation attributes. Accessibility: labels, ARIA, alt text. Why semantic HTML matters for SEO and screen readers. Django templates (server-rendered HTML) are taught here AS CONTEXT — the real frontend uses React. Understanding server-rendered vs client-rendered: Django templates = SSR, React = CSR.

5.2 CSS3, Flexbox, Grid & Tailwind CSS

Flexbox for component layout, CSS Grid for page layout. Responsive design with media queries. Tailwind CSS: utility-first classes, responsive modifiers (md:, lg:), dark mode, component extraction with @apply. Why Tailwind dominates modern frontend styling. Custom Tailwind config for brand colours and fonts.

5.3 Modern JavaScript (ES6+)

let/const, arrow functions, template literals, destructuring, spread/rest, optional chaining, nullish coalescing. Array methods: map, filter, reduce. Promises, async/await, fetch API. Modules: import/export. These are the JavaScript features React uses — they're prerequisites, not optional.

5.4 TypeScript Fundamentals

Type annotations, interfaces, type aliases, generics, union types, enums. TypeScript with React: typing props, state, events, API responses. Why TypeScript is the modern standard — product companies expect it. tsconfig.json setup with Vite.

Placement relevance: Flexbox, responsive design, ES6+, and TypeScript are tested in every frontend interview. Tailwind CSS is the fastest-growing styling framework. Django templates understanding provides context for SSR vs CSR architectural discussions. TypeScript is expected at product companies — "We use TypeScript" is the norm in 2025–26.
06

⭐ React 19: Components, Hooks & Routing

Building interactive UIs with the world's most popular frontend library

6.1 React Project Setup with Vite

npm create vite@latest -- --template react-ts. Project structure: components/, pages/, services/, hooks/. JSX syntax. React DevTools. Hot Module Replacement. Why Vite replaced CRA: 10x faster dev server, native ESM, better build optimization.

6.2 Components, Props & Conditional Rendering

Functional components with TypeScript props. Children props. Component composition. Key prop for lists. Conditional rendering: ternary, &&, early return. Thinking in components: break UI into reusable, testable pieces.

6.3 Hooks: useState, useEffect, useRef

useState for component state. useEffect for side effects (API calls, subscriptions). Dependency array rules. Cleanup functions. useRef for DOM references. Rules of Hooks. Custom hooks: useAuth, useFetch, useDebounce.

6.4 State Management: Context + Zustand

React Context for simple global state (auth, theme). Zustand for complex state (lightweight Redux alternative). When to use Context vs Zustand vs Redux. Why Redux is often overkill.

6.5 React Router v6+

BrowserRouter, Routes, Route, Link, NavLink. Dynamic routes with useParams. Nested routes with Outlet. Protected routes: redirect unauthenticated users. useNavigate for programmatic navigation. Route-based code splitting with React.lazy + Suspense.

Placement relevance: React is THE most in-demand frontend skill — used at Flipkart, Swiggy, Zomato, and most startups. "Build a React component with hooks" is the standard frontend interview task. Vite + TypeScript is the modern standard. React Router is fundamental for SPAs — every multi-page app needs it.
07

React ↔ Django/FastAPI Integration

Connecting frontend to backend — auth flow, API calls, forms, and real-time features

7.1 API Integration: Axios & React Query

Axios with interceptors: auto-attach JWT, base URL config. React Query (TanStack Query): useQuery for GET, useMutation for POST/PUT/DELETE. Caching, background refetching, loading/error states — all handled automatically. Why React Query eliminates manual loading state management with useEffect.

7.2 Authentication Flow: Login → JWT → Protected Routes

Login form → POST /api/auth/login → receive tokens → store securely. AuthContext for global auth state. Axios interceptor: attach Authorization header. Protected route component. Auto-refresh tokens. Logout flow: clear tokens + redirect. The complete auth lifecycle from React to Django/FastAPI and back.

7.3 Form Handling: React Hook Form

React Hook Form: register, handleSubmit, formState. Validation: required, minLength, pattern, custom validators. Error messages. File upload forms. Multi-step forms. Integration with DRF validation errors (display server-side errors inline).

7.4 Pagination, Search & Filtering

Server-side pagination: page/size params → Django Paginator → React page controls. Debounced search input → API call. Multi-filter with URL query parameters. Infinite scroll vs page numbers. The pattern every admin dashboard and e-commerce site uses.

7.5 CORS, Environment Config & Error Contract

CORS: django-cors-headers configuration for React dev server. .env files: VITE_API_URL for frontend, .env for Django. Consistent error response format agreed between frontend and backend. Error interceptor in Axios → toast notifications. The "glue" that makes full-stack integration work without daily debugging.

7.6 UI: Tailwind + shadcn/ui + Responsive

Tailwind CSS for rapid styling. shadcn/ui for accessible component primitives. Lucide icons. Toast notifications. Loading skeletons. Dark mode. Mobile-first responsive layout. The UI toolkit that makes apps look professional without a designer.

Placement relevance: "Build a login/register flow connecting React to your Django API" is the #1 full-stack interview assignment. React Query is the modern standard for API integration. Pagination/search/filtering are tested in every admin panel interview task. CORS configuration is the first full-stack bug — knowing how to fix it saves hours.
08

Testing: Backend & Frontend

pytest, Factory Boy, API tests, React Testing Library — proving your code works

8.1 pytest & Django Testing

pytest over unittest (cleaner syntax, better fixtures). pytest-django: @pytest.mark.django_db, client fixture. Factory Boy: generate test data (UserFactory, ProductFactory) instead of fixtures. APIClient for testing DRF endpoints: client.post('/api/products/', data). Testing serializers, views, permissions. Coverage reporting: pytest-cov.

8.2 FastAPI Testing

TestClient from fastapi.testclient. httpx for async endpoint testing. pytest fixtures for database sessions. Dependency override: override get_db for test database. Testing validation, auth, and error responses. Why FastAPI's dependency injection makes testing clean.

8.3 React Testing: RTL & Vitest

React Testing Library: test behavior, not implementation. render(), screen queries, user events. Vitest as test runner (faster than Jest with Vite). MSW (Mock Service Worker): mock API responses. Testing forms, auth flows, and protected routes. Writing tests that give confidence to refactor.

Placement relevance: "Do you write tests?" is asked in every product company interview. pytest is the Python testing standard. Having tests in your portfolio project signals professional quality. Factory Boy for test data is a production practice. Frontend testing is a differentiator — most candidates skip it entirely.
09

Architecture: Monolith, Microservices & System Design Basics

When to use Django (monolith), when to add FastAPI (microservices), and how to think about architecture

9.1 Django as Monolith: When It's the Right Choice

Django's strength: batteries included (admin, ORM, auth, forms, migrations). Perfect for: MVPs, startups, content sites, internal tools. "Start with a monolith, split later when needed" — the pragmatic architecture advice. When Django apps within a project serve as module boundaries. Most successful companies started as monoliths (Instagram was Django).

9.2 Adding FastAPI Microservices

When to break out: a service needs different performance characteristics (ML inference, real-time processing, high-throughput ingestion). FastAPI as a separate service: own database, own deployment. Communication: REST APIs, message queues (Redis/RabbitMQ). API Gateway pattern. Service discovery (conceptual). Why "microservices for everything" is usually wrong for student projects.

9.3 System Design Basics for Interviews

Database selection: PostgreSQL (relational) vs MongoDB (document) vs Redis (cache). Caching strategy: what to cache, TTL, invalidation. Message queues: Celery + Redis for async processing. Load balancing concepts. CDN for static assets. Horizontal scaling: multiple Django instances behind a load balancer. The vocabulary needed for system design interview discussions.

Placement relevance: "Monolith vs microservices — when would you use each?" is asked at every product company. Understanding Django's strengths as a monolith AND FastAPI's strengths for microservices demonstrates architectural thinking. System design basics (caching, queues, load balancing) are asked in senior-role interviews and increasingly in entry-level product company rounds.
10

⭐ Docker, CI/CD & Cloud Deployment

Ship your application — from local development to production

10.1 Docker for Python Full Stack

Dockerfile for Django: multi-stage build (builder installs deps, runtime runs). Dockerfile for React: build stage + Nginx serve stage. docker-compose.yml: Django + PostgreSQL + Redis + Celery worker + React in one command. Docker volumes for database persistence. .dockerignore for excluding node_modules, __pycache__. The "docker compose up" that runs the entire stack.

10.2 Production Setup: Gunicorn + Nginx

Gunicorn: production WSGI server (never use manage.py runserver in production). Uvicorn: production ASGI server for FastAPI and async Django. Nginx: reverse proxy, static file serving, SSL termination, load balancing. WhiteNoise for Django static files. Supervisor or systemd for process management. The production stack: Nginx → Gunicorn → Django → PostgreSQL.

10.3 CI/CD: GitHub Actions

On push: lint (ruff/flake8) → test (pytest) → build Docker image → push to registry → deploy. Parallel: backend tests + frontend tests simultaneously. Environment secrets in GitHub. Branch protection: tests must pass before merge. Why CI/CD matters: if tests pass in CI, the code works everywhere.

10.4 Cloud Deployment

Railway (easiest, free tier), Render (good free tier), AWS (Elastic Beanstalk or ECS for production). Deploying Django: configure DATABASE_URL, STATIC_URL, ALLOWED_HOSTS. Deploying React: Vercel or Netlify (free). Custom domain + HTTPS. Environment variables in cloud platforms. collectstatic for Django. Database backups. "Here's the live URL" — the strongest interview statement.

Placement relevance: A deployed project with a live URL is 10x more credible than a GitHub repo. Docker knowledge is expected for modern developer roles. Gunicorn + Nginx is the standard Python production stack — understanding it signals production experience. GitHub Actions CI/CD is the most popular automation platform. Cloud deployment completes the "I can build AND ship" narrative.
Portfolio Projects

2–3 Full Stack Projects Built and Deployed

E-Commerce Marketplace

Product catalog with categories, shopping cart, JWT auth, order history, Stripe/Razorpay payment integration (test mode), seller dashboard, image upload to S3, search + filtering with pagination, email notifications via Celery.

Django + DRFReactPostgreSQLRedisCeleryDockerS3

Real-Time Analytics Dashboard

FastAPI backend serving ML model predictions, WebSocket for live data updates, React dashboard with charts (Recharts), user auth, data export (CSV/PDF), background data processing with Celery, Redis caching for expensive queries.

FastAPIReactWebSocketPostgreSQLRedisTypeScript

Content Management Platform

Rich text editor (Tiptap/Quill), multi-author blog with roles (admin/editor/reader), commenting system, tag-based navigation, image upload, SEO metadata, social login, full-text search with PostgreSQL.

Django + DRFReactTypeScriptTailwindRailwayVercel
How We Deliver

Build While You Learn. Deploy Before You Leave.

Live Coding Sessions

Trainers build features live — from empty Django project to deployed application. Students code alongside. Every session adds a working feature.

Daily Feature Development

Between sessions, students implement features on their project. Git-based workflow: push to GitHub, trainer reviews pull requests.

Code Reviews

Trainers review code: naming, structure, security, testing. The feedback loop that transforms "works" into "works correctly and maintainably."

Deployment Day

Every student deploys to the cloud with a live URL. The URL goes on their resume. "Here's my deployed project" wins interviews.

Why Python Full Stack Matters

The Stack That Powers Startups and AI-Era Backends

Startups Choose Python

Instagram, Spotify, Dropbox, Pinterest — built with Django. Indian startups (Razorpay, Zomato's internal tools, CRED) use Python backends. Python's rapid development speed makes it the default choice for MVPs and scaling startups. Students who know Django + React are immediately employable at any Python-stack company.

AI/ML Integration = Python

LLM APIs, LangChain, RAG systems, ML model serving — the entire GenAI ecosystem is Python. FastAPI is the default framework for ML model deployment. A Python full-stack developer can build BOTH the AI backend and the user-facing frontend — the most valuable skill combination in 2025–26 tech hiring.

Portfolio Projects Win Interviews

A deployed Django + React project with JWT auth, Celery tasks, and a live URL is worth more than any certificate. When an interviewer asks "Tell me about a project," students have real code on GitHub, architecture decisions to explain, and a working deployment to demo.

Django + FastAPI = Maximum Versatility

Django for full-featured web apps (admin, ORM, auth). FastAPI for high-performance APIs and microservices. Learning both means students can choose the right tool for any project — and discuss architectural trade-offs in interviews. "When would you use Django vs FastAPI?" — they can answer from experience, not theory.