Featured image of post What Actually Is ASGI? A Journey from Confusion to Clarity
Technology Web Development

What Actually Is ASGI? A Journey from Confusion to Clarity

Demystifying ASGI by following one developer's journey from framework confusion to understanding the bare-bones protocol that powers modern Python async web servers

The Mystery of the Invisible Scope

I was building a feature that needed real-time updates. Nothing fancy—just wanted to push some data to clients as things changed on the server. Naturally, I reached for FastAPI and started reading through the documentation. That’s when I first encountered it.

scope.

The docs mentioned it everywhere. Tutorial code referenced it. Stack Overflow answers assumed I knew what it was. But here’s the thing that drove me crazy: I couldn’t find it in any of my actual code. It was like everyone was talking about this mysterious variable that just… existed somewhere. Nowhere in my route handlers, nowhere in my WebSocket endpoints. Where was this magical scope object?

I felt like I’d walked into the middle of a conversation where everyone understood the context except me.

Then I started seeing receive and send mentioned too. Same problem—referenced everywhere, visible nowhere in the framework code I was writing. AI assistants kept explaining things in terms of these three parameters, but I couldn’t connect the abstract explanations to the concrete code I was looking at in Litestar and Advanced Alchemy documentation.

That’s when I realized: I’d been learning frameworks without understanding what they were built on. I needed to go deeper—to the bare metal of how Python async web servers actually work. Not the FastAPI way or the Django Channels way, but the fundamental protocol underneath.

This is the story of that journey. If you’ve ever felt confused about ASGI, WebSockets, or why async Python web stuff feels so different from traditional Flask/Django, this is for you. By the end, you’ll understand not just what ASGI is, but why it exists and how it creates a unified model for everything from simple HTTP requests to long-lived WebSocket connections.

The First Aha Moment: ASGI Is Just a Contract

Here’s what finally clicked for me: ASGI isn’t a framework or a library. It’s a specification—a contract for how web servers talk to Python applications.

Think of it like this: back in the day, everyone agreed on how electrical outlets should work. Any appliance manufacturer could build a device knowing it would fit the standard outlet. ASGI is the same idea, but for async Python web servers and applications.

The entire contract boils down to three parameters:

1
2

async def app(scope, receive, send):
    # Your application logic here

That’s it. That’s the whole interface. Every ASGI application—whether it’s FastAPI, Starlette, Django Channels, or something you build from scratch—is fundamentally just a callable that accepts these three parameters:

  • scope: A dictionary containing metadata about the connection. Think of it as the “context” or “session info”—what kind of connection is this? Where’s it coming from? What’s being requested?

  • receive: An async function you call to get messages from the client. Like checking your mailbox for incoming letters.

  • send: An async function you call to send messages to the client. Like putting outgoing letters in the mailbox.

The beautiful part? This same simple contract handles everything—regular HTTP requests, streaming Server-Sent Events, bidirectional WebSockets, even application startup and shutdown. The scope just tells you which kind of communication pattern you’re dealing with.

But here’s what confused me at first: what exactly counts as a “session”? Is it one request? A conversation? The lifetime of the server?

The answer is: it depends on the scope type. And that’s where things get interesting.

HTTP: The Simple Transaction

Let me start with the familiar: plain old HTTP requests. This is probably what you already understand intuitively, even if you didn’t know ASGI was involved.

When a client makes an HTTP request to your server, ASGI creates a scope that looks something like this:

1
2
3
4
5
6
7
8
9

{
    "type": "http",
    "method": "GET",
    "path": "/api/users/123",
    "headers": [...],
    "query_string": b"format=json",
    "client": ("192.168.1.5", 54321),
    "server": ("10.0.0.1", 8000),
}

The type: "http" is the key—it tells your application “this is a simple HTTP request-response transaction.”

Here’s the flow:

  1. Client sends request → Server creates scope and calls your app
  2. Your app calls receive() to get the request body (maybe in chunks)
  3. Your app calls send() with response.start (status code, headers)
  4. Your app calls send() again with response.body (the actual content)
  5. Scope ends. Connection done.

Think of it like a vending machine: you insert money (request), press a button (the route), and get a snack back (response). Transaction complete. The machine doesn’t remember you existed.

That “doesn’t remember” part is crucial—HTTP in ASGI is stateless. Each request is independent. The scope lives for maybe 100 milliseconds, just long enough to handle one request-response cycle.

Example messages you’d send:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

# First, send the response headers and status
await send({
    "type": "http.response.start",
    "status": 200,
    "headers": [[b"content-type", b"application/json"]],
})

# Then send the actual response body
await send({
    "type": "http.response.body",
    "body": b'{"user": "Shane", "id": 123}',
})

Simple, stateless, short-lived. This is the foundation—the easiest pattern to understand.

Server-Sent Events: The One-Way Stream

Now, what if your vending machine needed to keep telling you about new snacks as they were restocked? You’d want to stay connected and receive updates, but you wouldn’t be sending anything back except “yes, keep the updates coming.”

That’s Server-Sent Events (SSE).

Here’s what confused me initially: SSE uses an HTTP scope, but it doesn’t follow the typical request-response pattern. Instead:

  1. Client makes an HTTP request
  2. Server responds with headers (including Content-Type: text/event-stream)
  3. Connection stays open
  4. Server keeps sending chunks of data whenever it wants
  5. Eventually, either side closes the connection

The scope is still type: "http", but the interaction is different. It’s like calling a restaurant for their daily specials, and instead of hanging up after they tell you today’s menu, they keep you on the line and tell you every time a new special is added.

Example of what the server might send:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

await send({
    "type": "http.response.start",
    "status": 200,
    "headers": [[b"content-type", b"text/event-stream"]],
})

# Then keep sending updates...
await send({
    "type": "http.response.body",
    "body": b"data: {\"new_order\": 42}\n\n",
    "more_body": True,  # Signal that more data is coming
})

# ... later ...
await send({
    "type": "http.response.body",
    "body": b"data: {\"new_order\": 43}\n\n",
    "more_body": True,
})

Notice more_body: True? That’s the key. It tells ASGI “don’t close the connection, I’ve got more to send.”

SSE is still fundamentally HTTP—it’s just long-lived HTTP. The client doesn’t send data back through this connection (it’s one-way), but the connection can stay open for minutes or even hours.

When to use SSE:

  • Live dashboards showing real-time metrics
  • Notification feeds
  • Stock tickers
  • Progress updates for long-running tasks
  • Any scenario where the server pushes updates but doesn’t need responses

It’s simpler than WebSockets because it’s unidirectional, but more powerful than regular HTTP because it’s persistent.

WebSocket: The Full Conversation

Then I hit WebSockets. And this is where my understanding of ASGI really got tested.

WebSockets are fundamentally different from both HTTP and SSE because they’re bidirectional and stateful. This isn’t a transaction or a one-way stream—it’s a ongoing conversation where both sides can speak whenever they want.

If HTTP is like sending letters and SSE is like listening to a radio broadcast, WebSocket is like a phone call.

The scope for WebSocket looks different:

1
2
3
4
5
6
7
8

{
    "type": "websocket",
    "path": "/ws/chat/room-42",
    "headers": [...],
    "query_string": b"user=shane",
    "client": ("192.168.1.5", 54322),
    "server": ("10.0.0.1", 8000),
}

Notice: type: "websocket". This signals a completely different kind of interaction.

WebSocket messages include:

Incoming (from client to your app):

1
2
3

{"type": "websocket.connect"}       # Client wants to start a session
{"type": "websocket.receive", "text": "Hello!"}  # Client sent a message
{"type": "websocket.disconnect"}    # Client ended the session

Outgoing (from your app to client):

1
2
3

{"type": "websocket.accept"}        # You approve the connection
{"type": "websocket.send", "text": "Welcome!"}   # You send a message
{"type": "websocket.close"}         # You end the session

See the difference? With HTTP, you receive a request and send a response. With WebSocket, you’re dealing with a state machine: connect → accept → ongoing send/receive loop → close.

The scope lives for the entire WebSocket session—could be seconds, could be hours. You might exchange hundreds of messages within a single scope. This is fundamentally stateful—the server remembers this connection exists and can push data to it anytime.

When to use WebSocket:

  • Real-time chat applications
  • Collaborative editing (like Google Docs)
  • Multiplayer games
  • Live video/audio streaming control
  • Any scenario requiring true bidirectional real-time communication

But here’s what really confused me when I first learned this…

The Mystery of the WebSocket Handshake

I kept seeing references to “WebSocket upgrade” and “HTTP to WebSocket upgrade handshake.” And I had this burning question: if WebSocket is different from HTTP, how does it even start?

Here’s the part that blew my mind: WebSockets always begin as HTTP requests.

Wait, what?

Let me explain. WebSockets were designed to work with existing web infrastructure—the same ports, the same proxies, the same SSL/TLS setup. So instead of inventing an entirely new protocol from scratch, they built it on top of HTTP.

Here’s what actually happens when a browser wants to open a WebSocket connection:

Step 1: Client sends a special HTTP request

1
2
3
4
5
6

GET /ws/chat HTTP/1.1
Host: example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: X3JJHMbDL1EzLkh9GBhXDw==
Sec-WebSocket-Version: 13

This is a regular HTTP GET request, but with special headers saying “hey, I’d like to upgrade this connection to WebSocket.”

Step 2: Server responds with HTTP 101

1
2
3
4

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: <computed response>

That 101 Switching Protocols status is the magic handshake. It means: “Okay, we’re no longer speaking HTTP. From this moment forward, this TCP connection will use WebSocket protocol instead.”

Step 3: Protocol switch happens

The underlying TCP connection stays open, but HTTP is done. Now both sides start speaking WebSocket framing protocol—a completely different language.

Think of it like this: You call a restaurant (HTTP), ask to be transferred to a specific table (upgrade request), the host says “transferring you now” (101 response), and suddenly you’re having a direct conversation with someone at that table (WebSocket). Same phone line, different conversation protocol.

What Happens at the ASGI Layer?

Here’s what confused me the most: where does ASGI fit into this handshake?

The answer: ASGI comes in after the handshake is complete.

Let me break down what happens at different layers:

Server Level (Uvicorn/Hypercorn—automatic, not your code):

  • Receives the HTTP upgrade request
  • Validates WebSocket headers
  • Sends back the 101 Switching Protocols response
  • Switches the TCP connection to WebSocket framing

ASGI Level (your application code):

  • Server creates a WebSocket scope
  • Server sends you a websocket.connect message
  • Now YOU decide: accept or reject?

This two-layer decision-making finally made sense when I understood it this way:

  • Protocol layer (server): “Is this a valid WebSocket upgrade request?”
  • Application layer (your code): “Do I want to allow this specific connection?” (authentication, authorization, rate limiting, etc.)

The handshake is already done by the time your application sees websocket.connect. The client is already “connected” at the protocol level. Your websocket.accept isn’t completing the handshake—it’s your application’s business logic saying “yes, I approve this session.”

Example flow in your ASGI app:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# You receive this from the server
message = await receive()
# message = {"type": "websocket.connect"}

# Now you decide - maybe check authentication
if user_is_authenticated:
    await send({"type": "websocket.accept"})
    # Now the bidirectional message loop can begin
else:
    await send({"type": "websocket.close", "code": 1008})
    # Reject the connection - unauthorized

This distinction between server-level (protocol) and application-level (business logic) was my biggest “aha!” moment. The framework documentation suddenly made sense—FastAPI’s WebSocket endpoints, Starlette’s connection handling, all of it was operating at the application layer, trusting the server (Uvicorn) to handle the protocol layer.

Either side can close the connection at any time. There’s no “client is in control” or “server is in control”—it’s a true peer-to-peer conversation (well, as peer-to-peer as client-server can be). When either side sends a close message, the WebSocket session ends and the scope completes.

Lifespan: The Orthogonal Dimension

Just when I thought I understood the pattern—HTTP, SSE, and WebSocket representing different communication patterns—I encountered a fourth scope type that didn’t fit the model at all.

lifespan.

Here’s what tripped me up: I initially thought “lifespan” meant “the lifespan of a connection.” Like, the duration from when a WebSocket connects until it disconnects. That made intuitive sense!

I was completely wrong.

Lifespan has nothing to do with individual requests or connections. It’s about the application itself—the entire server process from startup to shutdown.

Think of it this way:

  • HTTP scope: exists for one request (~100ms)
  • SSE scope: exists for one streaming session (minutes to hours)
  • WebSocket scope: exists for one bidirectional conversation (seconds to hours)
  • Lifespan scope: exists for the entire application (days to months)

When your server starts up, before it handles any HTTP requests or WebSocket connections, it creates a lifespan scope and sends you startup messages. When the server is shutting down (gracefully), it sends you shutdown messages.

The scope looks like:

1
2
3

{
    "type": "lifespan",
}

The messages you receive:

1
2

{"type": "lifespan.startup"}
{"type": "lifespan.shutdown"}

What would you use this for? Things that need to happen once per application, not per request:

  • Opening database connection pools
  • Loading machine learning models into memory
  • Starting background task schedulers
  • Warming caches
  • Setting up monitoring/metrics collectors
  • Graceful cleanup on shutdown

Analogy time: If HTTP/SSE/WebSocket are like serving individual customers in a restaurant, lifespan is like opening the restaurant in the morning (turning on ovens, prepping ingredients) and closing it at night (cleaning up, shutting down equipment).

You don’t want to load a 2GB ML model on every HTTP request—you load it once during lifespan.startup and reuse it for all requests. You don’t want to abruptly kill database connections—you close them gracefully during lifespan.shutdown.

In FastAPI, this is what those @app.on_event("startup") and @app.on_event("shutdown") decorators are doing—they’re handling lifespan messages for you.

Lifespan is orthogonal to the other three scope types. It’s not about communication patterns between client and server—it’s about the lifecycle of the server process itself.

The Unified Mental Model

After all this confusion, trial, error, and eventual clarity, here’s the mental model that finally made ASGI click for me:

ASGI is a universal interface for describing “communication sessions” between servers and applications, where a session can be:

Scope Type Duration Direction Use Case
HTTP Milliseconds Request → Response Simple API calls, page loads, form submissions
SSE Minutes to hours Server → Client (one-way) Live feeds, dashboards, notifications
WebSocket Seconds to hours Bidirectional Chat, collaboration, games, real-time updates
Lifespan Application lifetime N/A Startup/shutdown tasks, resource management

All four use the exact same interface: async def app(scope, receive, send).

The scope dictionary tells you what kind of session you’re dealing with. The receive and send functions let you interact with that session. The same contract, different behaviors.

What makes this elegant is that middleware can work across all types. Want to add authentication? Write middleware that checks the scope type and handles HTTP, WebSocket, and SSE appropriately. Want to add logging? Same deal—one interface, universal application.

This is why frameworks like FastAPI feel so natural once you understand ASGI. Under the hood, every route handler, every WebSocket endpoint, every startup event—they’re all just ASGI applications conforming to this same simple contract.

The mystery of the invisible scope finally made sense. It’s there in every ASGI application—frameworks just abstract it away so you don’t have to think about it for simple cases. But when you need to go deeper, when you need to understand why WebSockets work differently from HTTP or where to put your database initialization, understanding the bare ASGI layer gives you that clarity.

From Confusion to Clarity

When I started this journey, scope was an invisible, mysterious thing that documentation assumed I understood. Now I see it for what it is: a simple dictionary describing a communication pattern.

The beautiful part is how this knowledge transfers. Now when I read FastAPI docs and see WebSocket examples, I understand what’s happening beneath the decorator syntax. When I see Starlette’s startup events, I know they’re handling lifespan messages. When I troubleshoot why a connection isn’t staying open, I can reason about whether it’s an HTTP scope that ended naturally or a WebSocket that closed unexpectedly.

Going to the bare metal—understanding the actual protocol instead of just the framework—transformed my confusion into confidence.

If you’re building real-time features, async APIs, or just trying to understand modern Python web development, I hope this journey helps demystify ASGI for you the way it did for me. Next time you see that mysterious scope parameter in the documentation, you’ll know exactly what it means.

And maybe, just maybe, you’ll find yourself diving even deeper—implementing a minimal ASGI app from scratch, writing custom middleware, or truly understanding what your framework is doing behind the scenes.

The rabbit hole goes deeper if you want it to. But at least now you know where the entrance is.

(Written by Human, improved using AI where applicable.)

© 2022 - 2025 Shane Zhang (张欣耕)