Enterprise-grade FFmpeg API for professional video processing workflows. Replace complex CLI operations with a modern REST API featuring hardware acceleration, real-time progress tracking, and comprehensive security hardening.
🔒 Security Note: This API has undergone comprehensive security hardening with all 34 critical vulnerabilities resolved. Safe for production deployment.
- Complete FFmpeg Capability - Full CLI parity with REST API convenience
- Hardware Acceleration - NVENC, QSV, VAAPI, VideoToolbox support
- Quality Metrics - Built-in VMAF, PSNR, SSIM analysis
- Async Processing - Non-blocking operations with real-time progress
- Batch Operations - Process multiple files concurrently
- Streaming Support - Generate HLS/DASH adaptive streams
- Multi-layered Authentication - API keys with role-based access
- Rate Limiting - Endpoint-specific limits with burst control
- Input Validation - Comprehensive sanitization and size limits
- Path Traversal Protection - Advanced canonicalization security
- Command Injection Prevention - Secure FFmpeg parameter handling
- SSRF Protection - Webhook URL validation and internal network blocking
- Timing Attack Mitigation - Constant-time API key validation
- Circuit Breaker Pattern - Automatic failure protection for external services
- Distributed Locking - Redis-based coordination for critical sections
- Health Monitoring - Comprehensive dependency health checks
- Connection Pooling - Optimized database and storage connections
- Resource Limits - CPU, memory, and bandwidth governance
- Webhook Retry Logic - Exponential backoff with failure handling
- Performance Monitoring - Prometheus metrics with Grafana dashboards
- Multi-Cloud Storage - S3, Azure, GCP, and local filesystem
- Atomic Operations - TOCTOU-safe file handling
- Memory Management - Guaranteed cleanup and leak prevention
- Database Optimization - Indexed queries and transaction isolation
- Container Native - Production-optimized Docker deployment
# Clone and deploy
git clone https://github.com/yourusername/ffmpeg-api.git
cd ffmpeg-api
# Run database migration for performance indexes
docker compose run --rm api alembic upgrade head
# Deploy all services
docker compose -f compose.prod.yml up -d
# API is now available at http://localhost:8000
curl http://localhost:8000/api/v1/health🔧 Migration Note: Run
alembic upgrade headbefore deployment to add performance indexes.
For detailed setup options, see the Setup Guide.
POST /api/v1/convert # Media conversion
POST /api/v1/analyze # Quality metrics (VMAF, PSNR, SSIM)
POST /api/v1/stream # HLS/DASH adaptive streaming
POST /api/v1/batch # Batch processingGET /api/v1/jobs # List jobs
GET /api/v1/jobs/{id} # Job status
DELETE /api/v1/jobs/{id} # Cancel jobGET /api/v1/health # Comprehensive health check
GET /api/v1/metrics # Prometheus metrics
GET /api/v1/stats # System statistics
GET /docs # Interactive API documentationProduction Services:
├── API (FastAPI) # REST API with security hardening
├── Workers (Celery) # Background processing with circuit breakers
├── Queue (Redis/Valkey) # Task queue with distributed locking
├── Database (PostgreSQL) # ACID transactions with performance indexes
├── Storage (Multi-cloud) # S3/Azure/GCP with connection pooling
├── Monitoring # Prometheus/Grafana with comprehensive health checks
└── Security # Rate limiting, input validation, SSRF protectionDefense in Depth:
├── Network: Rate limiting, IP whitelisting
├── Authentication: API keys with timing attack protection
├── Input: Size limits, path traversal prevention, sanitization
├── Processing: Command injection prevention, resource limits
├── Output: Information disclosure prevention, webhook validation
└── Infrastructure: Circuit breakers, distributed locking, health monitoringInput: MP4, AVI, MOV, MKV, WebM, FLV, MP3, WAV, FLAC, AAC, and more
Output: MP4, WebM, MKV, HLS, DASH with H.264, H.265, VP9, AV1 codecs
Configuration via environment variables or .env file:
# Core Services
API_HOST=0.0.0.0
API_PORT=8000
DATABASE_URL=postgresql://user:pass@localhost/ffmpeg_api
VALKEY_URL=redis://localhost:6379
# Security (Production Hardened)
ENABLE_API_KEYS=true
ENABLE_IP_WHITELIST=false
RATE_LIMIT_CALLS=2000
RATE_LIMIT_PERIOD=3600
MAX_FILE_SIZE=10737418240 # 10GB
MAX_CONCURRENT_JOBS=10
# Performance & Reliability
WORKER_CONCURRENCY=4
DATABASE_POOL_SIZE=20
DATABASE_MAX_OVERFLOW=40
CIRCUIT_BREAKER_ENABLED=true
HEALTH_CHECK_INTERVAL=30
# Hardware Acceleration
FFMPEG_HARDWARE_ACCELERATION=auto
ENABLE_GPU_WORKERS=false# Authentication
API_KEY_LENGTH=32
API_KEY_EXPIRY_DAYS=365
ENABLE_ADMIN_ENDPOINTS=false
# Rate Limiting (per API key)
ANALYZE_RATE_LIMIT=100/hour
STREAM_RATE_LIMIT=50/hour
CONVERT_RATE_LIMIT=200/hour
# Resource Limits
MAX_RESOLUTION=7680x4320 # 8K
MAX_BITRATE=100M
MAX_PROCESSING_TIME=3600 # 1 hour- Setup Guide - Installation and configuration
- Deployment Guide - Production deployment with security hardening
- Migration Guide - Database migrations and upgrades
- Security Guide - Security policies and hardening checklist
- API Reference - Complete endpoint documentation with examples
- Authentication Guide - API key management and security
- Webhook Guide - Webhook configuration and retry logic
- Contributing - Development guidelines and standards
- Health Monitoring - Health checks and dependency monitoring
- Performance Tuning - Optimization and scaling guidelines
- Runbooks - Operational procedures and troubleshooting
- Audit Report - Security vulnerability assessment (resolved)
- CPU: 4 cores
- RAM: 8GB
- Storage: 50GB SSD
- Network: 100 Mbps
- CPU: 8+ cores (16+ for high throughput)
- RAM: 32GB (64GB+ for 4K/8K processing)
- GPU: NVIDIA RTX/Quadro or AMD for hardware acceleration
- Storage: 500GB+ NVMe SSD (1TB+ for high volume)
- Network: 1 Gbps+ (10 Gbps for streaming workloads)
- CPU: 16+ cores per node, multi-node cluster
- RAM: 64GB+ per node
- GPU: Multiple NVIDIA A100/H100 or equivalent
- Storage: High-performance SAN with 10K+ IOPS
- Network: 25 Gbps+ with redundancy
- Load Balancer: HAProxy/NGINX for multi-instance deployment
- Container Runtime: Docker 20.10+ or containerd
- Database: PostgreSQL 14+ (recommended) or SQLite 3.38+
- Cache/Queue: Redis 7.0+ or Valkey
- Monitoring: Prometheus + Grafana (optional)
- Reverse Proxy: Traefik, NGINX, or HAProxy (production)
This FFmpeg API has undergone comprehensive security hardening:
- 34/34 Critical Issues Resolved - All vulnerabilities patched
- Zero Known CVEs - Dependencies updated to secure versions
- Production Ready - Approved for enterprise deployment
- Penetration Tested - Hardened against common attack vectors
- Input Validation - All user inputs sanitized and validated
- Rate Limiting - DDoS protection with endpoint-specific limits
- Access Control - Role-based API key authentication
- Audit Logging - Comprehensive security event logging
- Encryption - TLS 1.3 for data in transit
- Secrets Management - Environment-based configuration
- Security Audit Report - Comprehensive vulnerability assessment
- Fixes Implementation Report - Resolution documentation
- Security Policy - Security guidelines and procedures
We welcome contributions! Please see our Contributing Guide for details.
# Set up development environment
git clone https://github.com/yourusername/ffmpeg-api.git
cd ffmpeg-api
# Install dependencies
pip install -r requirements-dev.txt
# Run tests
pytest tests/ -v
# Run security checks
bandit -r api/ worker/
safety checkThis project is licensed under the MIT License - see the LICENSE file for details.
Enterprise-grade FFmpeg API with comprehensive security hardening.
- ✅ 34 Critical Security Issues Resolved
- ✅ Zero Breaking Changes - Fully backward compatible
- ✅ Production Tested - Battle-tested architecture
- ✅ Performance Optimized - Database indexes, connection pooling, async I/O
- ✅ Monitoring Ready - Health checks, metrics, alerting
- ✅ Scalable Design - Horizontal scaling with load balancing
Built with FastAPI, FFmpeg 6.0+, Redis, PostgreSQL, and Docker for professional video processing workflows.
Ready for immediate production deployment. 🚀
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
