Building a Production LLM API Server: FastAPI + vLLM Complete Guide (2026)
Complete guide to production LLM APIs: FastAPI wrapper for vLLM with authentication, token-aware rate limiting, SSE streaming, and observability.
Running vllm serve gets you an API in thirty seconds. Getting that API to production takes considerably longer.
The gap isn't about the model. vLLM handles inference beautifully. PagedAttention keeps memory efficient. Continuous batching maximizes throughput. The engine does its job.
The gap is everything around the model. Who's allowed to call this API? How do you stop one user from consuming all your GPU capacity? What happens when requests pile up faster than you can process them? How do you know when something breaks at 3am?
These aren't ML problems. They're software engineering problems that happen to involve ML. And they're the reason most LLM projects stall between "working demo" and "production system."
This guide covers how to build that production layer. We'll use FastAPI as the wrapper around vLLM, giving you control over every aspect of the request lifecycle. The patterns here work whether you're serving a fine-tuned model or running an open-source base model off the shelf.
Why Wrap vLLM Instead of Using Its Built-in Server
vLLM ships with an OpenAI-compatible server. Point it at a model, run one command, and you have a working API. For development and testing, this is perfect.
For production, it's a starting point.
The built-in server handles inference. Your production API needs to handle everything else: authenticating requests, enforcing per-user limits, logging for compliance, custom error messages, graceful degradation under load, and integration with your existing infrastructure.
You could fork vLLM's server code and modify it. But then you're maintaining a fork, dealing with merge conflicts on every update, and mixing inference logic with application logic.
The cleaner approach: use vLLM as a library inside your own FastAPI application. vLLM handles GPU optimization. FastAPI handles HTTP concerns. Your code handles business logic. Each layer does what it's good at.
This separation also makes testing easier. You can mock the vLLM engine and test your middleware independently. You can swap inference backends without rewriting your API layer. You can run the API logic locally without a GPU.
How Requests Flow Through the System
Before diving into components, here's the big picture:
Request arrives
↓
Authentication middleware checks credentials
↓
Rate limiter checks user's quota (requests + tokens)
↓
Request enters queue if GPU is busy
↓
vLLM processes the request
↓
Response streams back (or returns complete)
↓
Metrics recorded, usage logged
Each step can reject the request. Authentication fails? 401. Rate limit exceeded? 429. Queue full? 503. Model throws an error? 500. The request only reaches the GPU if it passes every gate.
This layered approach protects your expensive GPU resources. By the time a request reaches inference, you know it's from a valid user, within their quota, and the system has capacity to handle it.
The middleware runs in order. Authentication first, because there's no point checking rate limits for an invalid user. Rate limiting second, because there's no point queuing a request that would exceed quotas anyway. Each layer reduces load on the layers below it.
Authentication That Scales
Two patterns dominate LLM API authentication: API keys and JWT tokens. Each fits different use cases.
API keys work well for machine-to-machine calls. Your backend calls your LLM API. A partner integration calls your LLM API. A CLI tool calls your LLM API. The caller is a system, not a person, and the key identifies which system.
API keys are simple to implement and simple to revoke. Store hashed keys in your database, look them up on each request, cache the results in Redis. When a key leaks, delete it from the database and the cache invalidates.
The tradeoff: API keys don't carry information. You look up the key, then look up the user, then look up their permissions. Three database calls per request unless you cache aggressively.
JWT tokens work better for user-facing applications. Your chat interface authenticates users through OAuth, issues a JWT, and includes it in API calls. The token carries the user ID, their tier, their permissions, and an expiration time. No database lookup needed to validate the request.
The tradeoff: JWTs can't be revoked individually. If a token leaks, you either wait for expiration or rotate your signing key (which invalidates all tokens). Short expiration times help, but then you need refresh token logic.
Most production systems use both. JWTs for end-user applications where you control the client. API keys for external integrations where you can't control how credentials are stored.
For either approach, the middleware pattern is the same: extract credentials from the request, validate them, attach user information to the request context, and pass control to the next layer. If validation fails, return an error before the request goes further.
Rate Limiting for LLMs Is Different
Traditional rate limiting counts requests. "100 requests per minute per user." This works for most APIs because requests have roughly similar costs.
LLM APIs break this assumption.
One user sends a 50-word prompt and requests 100 tokens of output. Another sends a 10,000-word document and requests 2,000 tokens. Both count as "one request." But the second costs 50x more in compute time and 20x more in GPU memory.
If you only count requests, the heavy user consumes most of your capacity while the light user wonders why latency is terrible. You need to limit tokens, not just requests.
Token-aware rate limiting tracks three things:
Requests per minute catches rapid-fire abuse. Even cheap requests add overhead.
Tokens per minute prevents any single user from monopolizing the GPU. Prompt tokens (input) and completion tokens (output) both count, though you might weight them differently.
Tokens per day enforces spending caps. This is where tier differentiation happens. Free users get 10,000 tokens per day. Pro users get 1,000,000.
The implementation uses Redis for shared state across API instances. Each request estimates its token count (based on prompt length and max_tokens parameter), checks against limits, and rejects if the user would exceed their quota. After processing, actual usage gets recorded.
Estimation matters because you need to check limits before processing. You can't wait until after inference to discover the user is over quota. Estimate conservatively, then record actual usage for accurate tracking.
One subtlety: token limits need different time windows than request limits. Tokens per minute prevents burst abuse. Tokens per day prevents sustained abuse. Tokens per month might matter for billing. Track all three.
What Happens When GPUs Get Busy
GPUs process requests in batches. vLLM's continuous batching is excellent at keeping the GPU fed, but there's still a maximum throughput. When requests arrive faster than you can process them, you have three options:
Drop requests immediately. Return 503, tell the client to retry. Simple, but frustrating for users.
Queue requests and wait. The request sits in memory until GPU capacity frees up. Better user experience, but you need to manage memory and timeouts.
Scale up GPUs. More hardware, more capacity. Expensive, and doesn't help with sudden spikes.
Most production systems combine all three. A queue handles normal load variation. Autoscaling handles sustained increases. Dropping requests handles extreme spikes that would overwhelm even the queue.
The queue needs careful design. Each queued request holds memory. If your queue grows unbounded, you'll run out of RAM before you run out of patience. Set a maximum queue size and reject requests when it's full.
Timeouts are equally important. A request that waits 60 seconds in queue provides a terrible user experience. Set a deadline: if the request hasn't started processing within 30 seconds, return a timeout error. The user can retry or give up, but they're not stuck waiting indefinitely.
The queue also enables batching at the application level. Instead of sending requests to vLLM one at a time, you can collect several requests and submit them together. vLLM handles batching internally too, but application-level batching reduces the overhead of individual API calls.
For production deployments, queue depth is a critical metric. If the queue is consistently full, you need more GPU capacity. If it's consistently empty, you might be over-provisioned.
Streaming Responses: Why and How
LLMs generate text token by token. Traditional APIs wait until generation finishes, then return the complete response. Streaming APIs send each token as it's generated.
Why streaming matters: perceived latency.
A 500-token response might take 5 seconds to generate. With traditional APIs, the user sees nothing for 5 seconds, then the complete response appears. With streaming, the user sees the first token in 200ms, then watches the response build. The total time is identical, but the experience feels faster.
Streaming also enables early termination. If the model starts generating nonsense, the user can cancel the request. Without streaming, they'd wait for the complete nonsense response before knowing something went wrong.
Server-Sent Events (SSE) is the standard protocol for LLM streaming. It's simpler than WebSockets (unidirectional, no handshake complexity) and works through most proxies and load balancers. OpenAI uses SSE. Anthropic uses SSE. Your API probably should too.
The implementation streams tokens as they're generated, formatted as SSE events. Each event contains a JSON object with the token content. A final event signals completion. Clients use the browser's EventSource API or equivalent libraries to consume the stream.
Production gotchas to watch for:
- Proxy buffering.
Nginx and other reverse proxies buffer responses by default. A 5-second response gets buffered for 5 seconds, then sent all at once, defeating the purpose of streaming. Disable buffering with X-Accel-Buffering: no header.
- Connection timeouts.
If token generation pauses (the model is "thinking"), idle connections might get closed. Send periodic heartbeat comments (: heartbeat\n\n) to keep connections alive.
- Client disconnection.
If the user closes their browser, you're still generating tokens for nobody. Check for disconnection periodically and cancel generation when the client is gone. This saves GPU cycles.
- Error mid-stream.
What if generation fails halfway through? You've already sent partial content. You can't change the HTTP status code. Send an error event and let the client handle it.
Thinking About Errors
Errors in LLM APIs fall into predictable categories. How you handle each category shapes user experience.
Authentication errors (401) mean the user provided invalid credentials. The message should say what's wrong (missing key, expired token, invalid signature) without leaking information that helps attackers.
Rate limit errors (429) mean the user exceeded their quota. Include a Retry-After header telling them when to try again. Include which limit they hit (requests, tokens, daily cap) so they can adjust their usage.
Validation errors (400) mean the request is malformed. Prompt too long, invalid parameters, missing required fields. Be specific about what's wrong so users can fix it.
Queue/capacity errors (503) mean the system is overloaded. This is temporary. Include Retry-After. Consider whether to queue the request or reject immediately based on queue depth.
Model errors (500) mean something went wrong during inference. Out of memory, model crashed, unexpected output format. Log the full error internally but return a generic message externally.
The principle: tell users what they need to know to fix the problem or decide what to do next, without exposing internal details that could help attackers or confuse non-technical users.
For retriable errors (429, 503), set the Retry-After header and expect clients to implement exponential backoff. Good clients will respect this automatically. Bad clients will hammer your server, so rate limiting catches them anyway.
One often-missed case: partial success in streaming. If you stream 80% of a response successfully, then hit an error, you've already sent data. You can't return a clean error response. Document this behavior and send an error event in the stream so clients can detect it.
Monitoring What Actually Matters
Generic API metrics (request count, error rate, latency) matter, but LLM APIs need additional metrics specific to how LLMs work.
Time to first token (TTFT) measures perceived responsiveness. This is the time from request received to first token streamed. For interactive applications, TTFT matters more than total latency. Users will wait for a slow response if they see progress. They'll abandon a fast response that shows nothing for 3 seconds.
Tokens per second measures throughput efficiency. This varies by model, hardware, and load. Track it to understand capacity and detect degradation.
Queue depth and queue time measure capacity health. If requests wait in queue, you're approaching capacity limits. If queue time exceeds your timeout threshold, you're dropping requests.
Token usage by user enables cost allocation and abuse detection. One user consuming 90% of tokens is either your best customer or a problem. You need to know which.
GPU utilization tells you whether you're getting value from your hardware. High utilization with low queue depth means you're well-provisioned. High utilization with high queue depth means you need more GPUs. Low utilization means you're over-provisioned (or something is broken).
KV cache utilization is vLLM-specific but important. The KV cache stores attention state for ongoing generations. When it fills up, new requests get queued even if the GPU has compute capacity. vLLM exposes this metric; track it.
For practical LLM observability, combine these metrics in Grafana dashboards. Set alerts on queue depth, error rate, and TTFT percentiles. When something breaks at 3am, you want to know immediately and understand the scope quickly.
vLLM exposes Prometheus metrics at /metrics by default. Add your own metrics for the application layer. The combination gives you visibility into both inference performance and API behavior.
The Build vs Buy Question
By now you understand what production LLM serving requires. Authentication, rate limiting, queuing, streaming, error handling, monitoring. Each piece is individually straightforward. Together, they're a significant engineering investment.
And we haven't discussed: GPU provisioning, autoscaling, model versioning, A/B testing, blue-green deployments, security patches, compliance audits, on-call rotations.
Building this yourself makes sense when:
- You need deep customization that platforms don't support
- You have existing infrastructure and team expertise
- Cost at scale justifies the engineering investment
- You're learning and want to understand the system deeply
Using a managed platform makes sense when:
- You want to ship faster and iterate on the model, not the infrastructure
- You lack GPU/MLOps expertise on your team
- Compliance requirements (SOC 2, GDPR, HIPAA) would require significant security work
- Your usage doesn't justify dedicated infrastructure
Platforms like Prem handle the infrastructure complexity. You upload datasets, fine-tune models, run evaluations, and deploy to production without managing GPU clusters or writing middleware. The platform handles authentication, rate limiting, monitoring, and scaling.
The models export to standard formats. If you later want to run your own vLLM deployment, you can. No lock-in.
For enterprises with data sovereignty requirements, Prem deploys to your own AWS VPC or on-premise infrastructure. Swiss jurisdiction and cryptographic verification address compliance concerns that would otherwise require significant security engineering.
The decision isn't permanent. Many teams start with a managed platform to ship quickly, then migrate to self-hosted as they scale and build expertise. Others start self-hosted for learning, then move to managed when operational burden outweighs educational value.
Implementation Reference
For those who want code, here are the key patterns for each section. These are starting points, not complete implementations.
Authentication Middleware
from fastapi import Request, HTTPException
import hashlib
async def verify_api_key(request: Request):
api_key = request.headers.get("X-API-Key")
if not api_key:
raise HTTPException(401, "Missing API key")
key_hash = hashlib.sha256(api_key.encode()).hexdigest()
user = await lookup_user_by_key_hash(key_hash) # Your database
if not user:
raise HTTPException(401, "Invalid API key")
request.state.user = user
return user
Token-Aware Rate Limiting
import redis
import time
async def check_rate_limits(user_id: str, estimated_tokens: int):
now = int(time.time())
minute_key = f"tokens:{user_id}:{now // 60}"
day_key = f"tokens:{user_id}:{now // 86400}"
current_minute = int(redis_client.get(minute_key) or 0)
current_day = int(redis_client.get(day_key) or 0)
if current_minute + estimated_tokens > TOKENS_PER_MINUTE:
raise HTTPException(429, "Token limit exceeded",
headers={"Retry-After": str(60 - now % 60)})
if current_day + estimated_tokens > TOKENS_PER_DAY:
raise HTTPException(429, "Daily token limit exceeded")
SSE Streaming
from fastapi.responses import StreamingResponse
import json
async def stream_response(llm, prompt, params, request):
async for token in llm.generate_stream(prompt, params):
if await request.is_disconnected():
break
yield f"data: {json.dumps({'content': token})}\n\n"
yield "data: [DONE]\n\n"
@app.post("/v1/chat/stream")
async def chat_stream(request: ChatRequest, http_request: Request):
return StreamingResponse(
stream_response(llm, request.prompt, request.params, http_request),
media_type="text/event-stream",
headers={"X-Accel-Buffering": "no"}
)
Prometheus Metrics
from prometheus_client import Counter, Histogram
TOKENS_PROCESSED = Counter(
"llm_tokens_total", "Tokens processed",
["type", "user_tier"] # input/output, free/pro
)
TTFT = Histogram(
"llm_time_to_first_token_seconds", "Time to first token",
buckets=[0.1, 0.25, 0.5, 1, 2, 5]
)
QUEUE_DEPTH = Gauge(
"llm_queue_depth", "Current queue size"
)
The full implementation combines these patterns with proper error handling, configuration management, and integration with your existing infrastructure. The concepts matter more than the specific code.
FAQ
Why FastAPI instead of Flask or Django?
FastAPI's async support is essential for LLM serving. Streaming responses, concurrent request handling, and non-blocking I/O all require async. Flask needs additional libraries. Django is heavier than needed. FastAPI is built for this use case.
How do I estimate tokens before processing?
Quick estimate: word count × 1.3 for English text. Accurate count: use the model's tokenizer. Cache tokenizer instances to avoid loading overhead. For rate limiting, estimate conservatively and record actual usage after processing.
What queue size should I use?
Depends on your timeout threshold and processing time. If requests take 5 seconds average and you allow 30 second timeouts, queue depth of 6 per GPU is reasonable. Start conservative and adjust based on metrics.
How do I handle model updates?
Blue-green deployment: run new model alongside old, shift traffic gradually, monitor metrics, roll back if needed. vLLM loads models quickly, so rolling restarts work for non-critical updates.
Should I use vLLM's async engine or synchronous calls?
Always async in production. Synchronous calls block the event loop, preventing concurrent request handling. The async engine integrates properly with FastAPI.
How many requests can one GPU handle?
Varies by model size, sequence length, and GPU memory. A 7B model on A100 80GB handles 50-100 concurrent requests with typical sequence lengths. Monitor queue depth and latency to find your limits.
When should I add more GPUs vs optimize code?
If queue depth is high but GPU utilization is low, you have a bottleneck elsewhere (CPU, network, inefficient code). If GPU utilization is high and queue depth is high, you need more GPUs or a more efficient model.