Skip to content

Decorators

FlaskParser

Overwrite the default webargs.FlaskParser.handle_error.

Update the default status code and the error description from related configuration variables.

handle_error(self, error, req, schema, *, error_status_code, error_headers)

Handles errors during parsing. Aborts the current HTTP request and responds with a 422 error.

Source code in apiflask/decorators.py
def handle_error(  # type: ignore
    self,
    error: MarshmallowValidationError,
    req: RequestType,
    schema: Schema,
    *,
    error_status_code: int,
    error_headers: Mapping[str, str]
) -> None:
    raise ValidationError(
        error_status_code or current_app.config['VALIDATION_ERROR_STATUS_CODE'],
        current_app.config['VALIDATION_ERROR_DESCRIPTION'],
        error.messages,
        error_headers
    )

auth_required(auth, role=None, roles=None, optional=None)

Protect a view with provided authentication settings.

Be sure to put it under the routes decorators (i.e. app.route, app.get, app.post, etc.).

Examples:

from apiflask import APIFlask, HTTPTokenAuth, auth_required

app = APIFlask(__name__)
auth = HTTPTokenAuth()

@app.get('/')
@auth_required(auth)
def hello():
    return 'Hello'!

Parameters:

Name Type Description Default
auth Union[apiflask.security.HTTPBasicAuth, apiflask.security.HTTPTokenAuth]

The auth object, an instance of HTTPBasicAuth or HTTPTokenAuth.

required
role Optional[str]

The selected role to allow to visit this view, accepts a string. See Flask-HTTPAuth's documentation for more details.

None
roles Optional[list]

Similar to role but accepts a list of role names.

None
optional Optional[str]

To allow the view to execute even the authentication information is not included with the request, in which case auth.current_user will be None.

None

Version changed: 0.4.0 - Add parameter roles.

Source code in apiflask/decorators.py
def auth_required(
    auth: HTTPAuthType,
    role: Optional[str] = None,
    roles: Optional[list] = None,
    optional: Optional[str] = None
) -> Callable[[DecoratedType], DecoratedType]:
    """Protect a view with provided authentication settings.

    > Be sure to put it under the routes decorators (i.e. `app.route`, `app.get`,
    `app.post`, etc.).

    Examples:

    ```python
    from apiflask import APIFlask, HTTPTokenAuth, auth_required

    app = APIFlask(__name__)
    auth = HTTPTokenAuth()

    @app.get('/')
    @auth_required(auth)
    def hello():
        return 'Hello'!
    ```

    Arguments:
        auth: The `auth` object, an instance of [`HTTPBasicAuth`][apiflask.security.HTTPBasicAuth]
            or [`HTTPTokenAuth`][apiflask.security.HTTPTokenAuth].
        role: The selected role to allow to visit this view, accepts a string.
            See [Flask-HTTPAuth's documentation][role] for more details.
            [role]: https://flask-httpauth.readthedocs.io/en/latest/#user-roles
        roles: Similar to `role` but accepts a list of role names.
        optional: To allow the view to execute even the authentication information
            is not included with the request, in which case `auth.current_user` will be `None`.

    *Version changed: 0.4.0*
    - Add parameter `roles`.
    """
    _roles = None
    if role is not None:
        _roles = [role]
    elif roles is not None:
        _roles = roles

    def decorator(f):
        _annotate(f, auth=auth, roles=_roles or [])
        return auth.login_required(role=_roles, optional=optional)(f)
    return decorator

doc(summary=None, description=None, tag=None, tags=None, responses=None, deprecated=False, hide=False)

Set up the OpenAPI Spec for view functions.

Be sure to put it under the routes decorators (i.e. app.route, app.get, app.post, etc.).

Examples:

from apiflask import APIFlask, doc

app = APIFlask(__name__)

@app.get('/')
@doc(summary='Say hello', tag='Foo')
def hello():
    return 'Hello'

Parameters:

Name Type Description Default
summary Optional[str]

The summary of this endpoint. If not set, the name of the view function will be used. If your view function named with get_pet, then the summary will be "Get Pet". If the view function has docstring, then the first line of the docstring will be used. The precedence will be:

@doc(summary='blah') > the first line of docstring > the view function name

None
description Optional[str]

The description of this endpoint. If not set, the lines after the empty line of the docstring will be used.

None
tag Optional[str]

The tag name of this endpoint, map the tags you passed in the app.tags attribute. If app.tags not set, the blueprint name will be used as tag name.

None
tags Optional[List[str]]

Similar to tag but accepts a list of tag names.

None
responses Union[List[int], Dict[int, str]]

The other responses for this view function, accepts a dict in a format of {404: 'Not Found'} or a list of status code ([404, 418]).

None
deprecated Optional[bool]

Flag this endpoint as deprecated in API docs. Defaults to False.

False
hide Optional[bool]

Hide this endpoint in API docs. Defaults to False.

False

Version changed: 0.4.0 - Add parameter tag.

Version changed: 0.3.0 - Change the default value of deprecated from None to False. - Rename parameter tags to tag.

Version added: 0.2.0

Source code in apiflask/decorators.py
def doc(
    summary: Optional[str] = None,
    description: Optional[str] = None,
    tag: Optional[str] = None,
    tags: Optional[List[str]] = None,
    responses: Optional[Union[List[int], Dict[int, str]]] = None,
    deprecated: Optional[bool] = False,
    hide: Optional[bool] = False
) -> Callable[[DecoratedType], DecoratedType]:
    """Set up the OpenAPI Spec for view functions.

    > Be sure to put it under the routes decorators (i.e. `app.route`, `app.get`,
    `app.post`, etc.).

    Examples:

    ```python
    from apiflask import APIFlask, doc

    app = APIFlask(__name__)

    @app.get('/')
    @doc(summary='Say hello', tag='Foo')
    def hello():
        return 'Hello'
    ```

    Arguments:
        summary: The summary of this endpoint. If not set, the name of the view function
            will be used. If your view function named with `get_pet`, then the summary
            will be "Get Pet". If the view function has docstring, then the first line of
            the docstring will be used. The precedence will be:
            ```
            @doc(summary='blah') > the first line of docstring > the view function name
            ```
        description: The description of this endpoint. If not set, the lines after the empty
            line of the docstring will be used.
        tag: The tag name of this endpoint, map the tags you passed in the `app.tags`
            attribute. If `app.tags` not set, the blueprint name will be used as tag name.
        tags: Similar to `tag` but accepts a list of tag names.
        responses: The other responses for this view function, accepts a dict in a format
            of `{404: 'Not Found'}` or a list of status code (`[404, 418]`).
        deprecated: Flag this endpoint as deprecated in API docs. Defaults to `False`.
        hide: Hide this endpoint in API docs. Defaults to `False`.

    *Version changed: 0.4.0*
    - Add parameter `tag`.

    *Version changed: 0.3.0*
    - Change the default value of `deprecated` from `None` to `False`.
    - Rename parameter `tags` to `tag`.

    *Version added: 0.2.0*
    """
    _tags = None
    if tag is not None:
        _tags = [tag]
    elif tags is not None:
        _tags = tags

    def decorator(f):
        _annotate(
            f,
            summary=summary,
            description=description,
            tags=_tags,
            responses=responses,
            deprecated=deprecated,
            hide=hide
        )
        return f
    return decorator

input(schema, location='json', schema_name=None, example=None, examples=None, **kwargs)

Add input settings for view functions.

Be sure to put it under the routes decorators (i.e. app.route, app.get, app.post, etc.).

If the validation passed, the data will be inject to view function as a positional argument in the form of dict. Otherwise, an error response with the detail of validation result will be returned.

Examples:

from apiflask import APIFlask, input

app = APIFlask(__name__)

@app.get('/')
@input(PetInSchema)
def hello(parsed_and_validated_input_data):
    print(parsed_and_validated_input_data)
    return 'Hello'!

Parameters:

Name Type Description Default
schema Union[Type[marshmallow.schema.Schema], dict]

The Marshmallow schema used to validate the input data.

required
location str

The location of the input data, one of 'json' (default), 'files', 'form', 'cookies', 'headers', 'query' (same as 'querystring').

'json'
schema_name Optional[str]

The schema name for dict schema, only needed when you pass a dict schema (e.g. {'name': String(required=True)}) for json location.

None
example Optional[Any]

The example data in dict for request body, you should use either example or examples, not both.

None
examples Optional[Dict[str, Any]]

Multiple examples for request body, you should pass a dict that contains multiple examples. Example: ```python { 'example foo': { # example name 'summary': 'an example of foo', # summary field is optional 'value': {'name': 'foo', 'id': 1} # example value }, 'example bar': { 'summary': 'an example of bar', 'value': {'name': 'bar', 'id': 2} }, }

None

Version changed: 0.4.0 - Add parameter examples.

Source code in apiflask/decorators.py
def input(
    schema: SchemaType,
    location: str = 'json',
    schema_name: Optional[str] = None,
    example: Optional[Any] = None,
    examples: Optional[Dict[str, Any]] = None,
    **kwargs: Any
) -> Callable[[DecoratedType], DecoratedType]:
    """Add input settings for view functions.

    > Be sure to put it under the routes decorators (i.e. `app.route`, `app.get`,
    `app.post`, etc.).

    If the validation passed, the data will be inject to view
    function as a positional argument in the form of `dict`. Otherwise,
    an error response with the detail of validation result will be returned.

    Examples:

    ```python
    from apiflask import APIFlask, input

    app = APIFlask(__name__)

    @app.get('/')
    @input(PetInSchema)
    def hello(parsed_and_validated_input_data):
        print(parsed_and_validated_input_data)
        return 'Hello'!
    ```

    Arguments:
        schema: The Marshmallow schema used to validate the input data.
        location: The location of the input data, one of `'json'` (default),
            `'files'`, `'form'`, `'cookies'`, `'headers'`, `'query'`
            (same as `'querystring'`).
        schema_name: The schema name for dict schema, only needed when you pass
            a `dict` schema (e.g. `{'name': String(required=True)}`) for `json`
            location.
        example: The example data in dict for request body, you should use either
            `example` or `examples`, not both.
        examples: Multiple examples for request body, you should pass a dict
            that contains multiple examples. Example:
            ```python
            {
                'example foo': {  # example name
                    'summary': 'an example of foo',  # summary field is optional
                    'value': {'name': 'foo', 'id': 1}  # example value
                },
                'example bar': {
                    'summary': 'an example of bar',
                    'value': {'name': 'bar', 'id': 2}
                },
            }

    *Version changed: 0.4.0*
    - Add parameter `examples`.
    """
    if isinstance(schema, ABCMapping):
        schema = _generate_schema_from_mapping(schema, schema_name)
    if isinstance(schema, type):  # pragma: no cover
        schema = schema()  # type: ignore

    def decorator(f):
        if location not in [
            'json', 'query', 'headers', 'cookies', 'files', 'form', 'querystring'
        ]:
            raise RuntimeError(
                'Unknown input location. The supported locations are: "json", "files",'
                ' "form", "cookies", "headers", "query" (same as "querystring").'
                f' Got "{location}" instead.'
            )
        if location == 'json':
            _annotate(f, body=schema, body_example=example, body_examples=examples)
        else:
            if not hasattr(f, '_spec') or f._spec.get('args') is None:
                _annotate(f, args=[])
            # Todo: Support set example for request parameters
            f._spec['args'].append((schema, location))
        return use_args(schema, location=location, **kwargs)(f)
    return decorator

output(schema, status_code=200, description=None, schema_name=None, example=None, examples=None)

Add output settings for view functions.

Be sure to put it under the routes decorators (i.e. app.route, app.get, app.post, etc.).

The decorator will formatting the return value of your view function with provided Marshmallow schema. You can just return a dict or an object (such as a Model instance of ORMs). APIFlask will handle the formatting and turn your return value into a JSON response.

P.S. The output data will not be validated, it's a design choice of Marshmallow. This output validation may be supported in Marshmallow 4.0.

Examples:

from apiflask import APIFlask, output

app = APIFlask(__name__)

@app.get('/')
@output(PetOutSchema)
def hello():
    return the_dict_or_object_match_petout_schema

Parameters:

Name Type Description Default
schema Union[Type[marshmallow.schema.Schema], dict]

The schemas of the output data.

required
status_code int

The status code of the response, defaults to 200.

200
description Optional[str]

The description of the response.

None
schema_name Optional[str]

The schema name for dict schema, only needed when you pass a dict schema (e.g. {'name': String()}).

None
example Optional[Any]

The example data in dict for response body, you should use either example or examples, not both.

None
examples Optional[Dict[str, Any]]

Multiple examples for response body, you should pass a dict that contains multiple examples. Example:

{
    'example foo': {  # example name
        'summary': 'an example of foo',  # summary field is optional
        'value': {'name': 'foo', 'id': 1}  # example value
    },
    'example bar': {
        'summary': 'an example of bar',
        'value': {'name': 'bar', 'id': 2}
    },
}

None

Version changed: 0.4.0 - Add parameter examples.

Source code in apiflask/decorators.py
def output(
    schema: SchemaType,
    status_code: int = 200,
    description: Optional[str] = None,
    schema_name: Optional[str] = None,
    example: Optional[Any] = None,
    examples: Optional[Dict[str, Any]] = None
) -> Callable[[DecoratedType], DecoratedType]:
    """Add output settings for view functions.

    > Be sure to put it under the routes decorators (i.e. `app.route`, `app.get`,
    `app.post`, etc.).

    The decorator will formatting the return value of your view
    function with provided Marshmallow schema. You can just return a
    dict or an object (such as a Model instance of ORMs). APIFlask will
    handle the formatting and turn your return value into a JSON response.

    P.S. The output data will not be validated, it's a design choice of Marshmallow.
    This output validation may be supported in Marshmallow 4.0.

    Examples:

    ```python
    from apiflask import APIFlask, output

    app = APIFlask(__name__)

    @app.get('/')
    @output(PetOutSchema)
    def hello():
        return the_dict_or_object_match_petout_schema
    ```

    Arguments:
        schema: The schemas of the output data.
        status_code: The status code of the response, defaults to `200`.
        description: The description of the response.
        schema_name: The schema name for dict schema, only needed when you pass
            a `dict` schema (e.g. `{'name': String()}`).
        example: The example data in dict for response body, you should use either
            `example` or `examples`, not both.
        examples: Multiple examples for response body, you should pass a dict
            that contains multiple examples. Example:
            ```python
            {
                'example foo': {  # example name
                    'summary': 'an example of foo',  # summary field is optional
                    'value': {'name': 'foo', 'id': 1}  # example value
                },
                'example bar': {
                    'summary': 'an example of bar',
                    'value': {'name': 'bar', 'id': 2}
                },
            }
            ```

    *Version changed: 0.4.0*
    - Add parameter `examples`.
    """
    if schema == {}:
        schema = EmptySchema
    if isinstance(schema, ABCMapping):
        schema = _generate_schema_from_mapping(schema, schema_name)
    if isinstance(schema, type):  # pragma: no cover
        schema = schema()  # type: ignore

    if isinstance(schema, EmptySchema):
        status_code = 204

    def decorator(f):
        _annotate(f, response={
            'schema': schema,
            'status_code': status_code,
            'description': description,
            'example': example,
            'examples': examples
        })

        def _jsonify(obj, many=_sentinel, *args, **kwargs):  # pragma: no cover
            """From Flask-Marshmallow, see NOTICE file for license informaiton."""
            if many is _sentinel:
                many = schema.many
            data = schema.dump(obj, many=many)  # type: ignore
            return jsonify(data, *args, **kwargs)

        @wraps(f)
        def _response(*args: Any, **kwargs: Any) -> ResponseType:
            rv = f(*args, **kwargs)
            if isinstance(rv, Response):  # pragma: no cover
                raise RuntimeError(
                    'The @output decorator cannot handle Response objects.')
            if not isinstance(rv, tuple):
                return _jsonify(rv), status_code
            json = _jsonify(rv[0])
            if len(rv) == 2:
                rv = (json, rv[1]) if isinstance(rv[1], int) else (json, status_code, rv[1])
            elif len(rv) >= 3:
                rv = (json, rv[1], rv[2])
            else:
                rv = (json, status_code)
            return rv
        return _response
    return decorator