Skip to content

Decorators

FlaskParser (FlaskParser)

Overwrite the default webargs.FlaskParser.handle_error.

Update the default status code and the error description from related configuration variables.

handle_error(self, error, req, schema, *, error_status_code, error_headers)

Handles errors during parsing. Aborts the current HTTP request and responds with a 422 error.

Source code in apiflask/decorators.py
def handle_error(  # type: ignore
    self,
    error: MarshmallowValidationError,
    req: RequestType,
    schema: Schema,
    *,
    error_status_code: int,
    error_headers: t.Mapping[str, str]
) -> None:
    raise _ValidationError(
        error_status_code or current_app.config['VALIDATION_ERROR_STATUS_CODE'],
        current_app.config['VALIDATION_ERROR_DESCRIPTION'],
        error.messages,
        error_headers
    )

auth_required(auth, role=None, roles=None, optional=None)

Protect a view with provided authentication settings.

Be sure to put it under the routes decorators (i.e., app.route, app.get, app.post, etc.).

Examples:

from apiflask import APIFlask, HTTPTokenAuth, auth_required

app = APIFlask(__name__)
auth = HTTPTokenAuth()

@app.get('/')
@auth_required(auth)
def hello():
    return 'Hello'!

Parameters:

Name Type Description Default
auth Union[HTTPBasicAuth, HTTPTokenAuth]

The auth object, an instance of HTTPBasicAuth or HTTPTokenAuth.

required
role Optional[str]

The selected role to allow to visit this view, accepts a string. See Flask-HTTPAuth's documentation for more details.

None
roles Optional[list]

Similar to role but accepts a list of role names.

None
optional Optional[str]

Set to True to allow the view to execute even the authentication information is not included with the request, in which case the attribute auth.current_user will be None.

None

Version changed: 0.4.0

  • Add parameter roles.
Source code in apiflask/decorators.py
def auth_required(
    auth: HTTPAuthType,
    role: t.Optional[str] = None,
    roles: t.Optional[list] = None,
    optional: t.Optional[str] = None
) -> t.Callable[[DecoratedType], DecoratedType]:
    """Protect a view with provided authentication settings.

    > Be sure to put it under the routes decorators (i.e., `app.route`, `app.get`,
    `app.post`, etc.).

    Examples:

    ```python
    from apiflask import APIFlask, HTTPTokenAuth, auth_required

    app = APIFlask(__name__)
    auth = HTTPTokenAuth()

    @app.get('/')
    @auth_required(auth)
    def hello():
        return 'Hello'!
    ```

    Arguments:
        auth: The `auth` object, an instance of [`HTTPBasicAuth`][apiflask.security.HTTPBasicAuth]
            or [`HTTPTokenAuth`][apiflask.security.HTTPTokenAuth].
        role: The selected role to allow to visit this view, accepts a string.
            See [Flask-HTTPAuth's documentation][_role]{target:_blank} for more details.
            [_role]: https://flask-httpauth.readthedocs.io/en/latest/#user-roles
        roles: Similar to `role` but accepts a list of role names.
        optional: Set to `True` to allow the view to execute even the authentication
            information is not included with the request, in which case the attribute
            `auth.current_user` will be `None`.

    *Version changed: 0.4.0*

    - Add parameter `roles`.
    """
    _roles = None
    if role is not None:
        _roles = [role]
    elif roles is not None:
        _roles = roles

    def decorator(f):
        _annotate(f, auth=auth, roles=_roles or [])
        return auth.login_required(role=_roles, optional=optional)(f)
    return decorator

doc(summary=None, description=None, tag=None, tags=None, responses=None, deprecated=None, hide=None, operation_id=None)

Set up the OpenAPI Spec for view functions.

Be sure to put it under the routes decorators (i.e., app.route, app.get, app.post, etc.).

Examples:

from apiflask import APIFlask, doc

app = APIFlask(__name__)

@app.get('/')
@doc(summary='Say hello', tag='Foo')
def hello():
    return 'Hello'

Parameters:

Name Type Description Default
summary Optional[str]

The summary of this endpoint. If not set, the name of the view function will be used. If your view function is named with get_pet, then the summary will be "Get Pet". If the view function has a docstring, then the first line of the docstring will be used. The precedence will be:

@doc(summary='blah') > the first line of docstring > the view function name
None
description Optional[str]

The description of this endpoint. If not set, the lines after the empty line of the docstring will be used.

None
tag Optional[str]

The tag name of this endpoint, map the tags you passed in the app.tags attribute. If app.tags is not set, the blueprint name will be used as tag name.

None
tags Optional[List[str]]

Similar to tag but accepts a list of tag names.

None
responses Union[List[int], Dict[int, str]]

The other responses for this view function, accepts a dict in a format of {404: 'Not Found'} or a list of status code ([404, 418]). If pass a dict, and a response with the same status code is already exist, the existing description will be overwritten.

None
deprecated Optional[bool]

Flag this endpoint as deprecated in API docs.

None
hide Optional[bool]

Hide this endpoint in API docs.

None
operation_id Optional[str]

The operationId of this endpoint. Set config AUTO_OPERATION_ID to True to enable the auto-generating of operationId (in the format of {method}_{endpoint}).

None

Version changed: 0.10.0

  • Add parameter operation_id.

Version changed: 0.5.0

  • Change the default value of parameters hide and deprecated from False to None.

Version changed: 0.4.0

  • Add parameter tag.

Version changed: 0.3.0

  • Change the default value of deprecated from None to False.
  • Rename parameter tags to tag.

Version added: 0.2.0

Source code in apiflask/decorators.py
def doc(
    summary: t.Optional[str] = None,
    description: t.Optional[str] = None,
    tag: t.Optional[str] = None,
    tags: t.Optional[t.List[str]] = None,
    responses: t.Optional[t.Union[t.List[int], t.Dict[int, str]]] = None,
    deprecated: t.Optional[bool] = None,
    hide: t.Optional[bool] = None,
    operation_id: t.Optional[str] = None,
) -> t.Callable[[DecoratedType], DecoratedType]:
    """Set up the OpenAPI Spec for view functions.

    > Be sure to put it under the routes decorators (i.e., `app.route`, `app.get`,
    `app.post`, etc.).

    Examples:

    ```python
    from apiflask import APIFlask, doc

    app = APIFlask(__name__)

    @app.get('/')
    @doc(summary='Say hello', tag='Foo')
    def hello():
        return 'Hello'
    ```

    Arguments:
        summary: The summary of this endpoint. If not set, the name of the view function
            will be used. If your view function is named with `get_pet`, then the summary
            will be "Get Pet". If the view function has a docstring, then the first
            line of the docstring will be used. The precedence will be:

            ```
            @doc(summary='blah') > the first line of docstring > the view function name
            ```

        description: The description of this endpoint. If not set, the lines after the empty
            line of the docstring will be used.
        tag: The tag name of this endpoint, map the tags you passed in the `app.tags`
            attribute. If `app.tags` is not set, the blueprint name will be used as
            tag name.
        tags: Similar to `tag` but accepts a list of tag names.
        responses: The other responses for this view function, accepts a dict in a format
            of `{404: 'Not Found'}` or a list of status code (`[404, 418]`). If pass a dict,
            and a response with the same status code is already exist, the existing
            description will be overwritten.
        deprecated: Flag this endpoint as deprecated in API docs.
        hide: Hide this endpoint in API docs.
        operation_id: The `operationId` of this endpoint. Set config `AUTO_OPERATION_ID` to `True`
            to enable the auto-generating of operationId (in the format of `{method}_{endpoint}`).

    *Version changed: 0.10.0*

    - Add parameter `operation_id`.

    *Version changed: 0.5.0*

    - Change the default value of parameters `hide` and `deprecated` from `False` to `None`.

    *Version changed: 0.4.0*

    - Add parameter `tag`.

    *Version changed: 0.3.0*

    - Change the default value of `deprecated` from `None` to `False`.
    - Rename parameter `tags` to `tag`.

    *Version added: 0.2.0*
    """
    _tags = None
    if tag is not None:
        _tags = [tag]
    elif tags is not None:
        _tags = tags

    def decorator(f):
        _annotate(
            f,
            summary=summary,
            description=description,
            tags=_tags,
            responses=responses,
            deprecated=deprecated,
            hide=hide,
            operation_id=operation_id,
        )
        return f
    return decorator

input(schema, location='json', schema_name=None, example=None, examples=None, **kwargs)

Add input settings for view functions.

Be sure to put it under the routes decorators (i.e., app.route, app.get, app.post, etc.).

If the validation passed, the data will inject into view function as a positional argument in the form of dict. Otherwise, an error response with the detail of the validation result will be returned.

Examples:

from apiflask import APIFlask, input

app = APIFlask(__name__)

@app.get('/')
@input(PetInSchema)
def hello(parsed_and_validated_input_data):
    print(parsed_and_validated_input_data)
    return 'Hello'!

Parameters:

Name Type Description Default
schema Union[Schema, Type[Schema], Dict[str, Union[Field, type]]]

The marshmallow schema of the input data.

required
location str

The location of the input data, one of 'json' (default), 'files', 'form', 'cookies', 'headers', 'query' (same as 'querystring').

'json'
schema_name Optional[str]

The schema name for dict schema, only needed when you pass a schema dict (e.g., {'name': String(required=True)}) for json location.

None
example Optional[Any]

The example data in dict for request body, you should use either example or examples, not both.

None
examples Optional[Dict[str, Any]]

Multiple examples for request body, you should pass a dict that contains multiple examples. Example:

{
    'example foo': {  # example name
        'summary': 'an example of foo',  # summary field is optional
        'value': {'name': 'foo', 'id': 1}  # example value
    },
    'example bar': {
        'summary': 'an example of bar',
        'value': {'name': 'bar', 'id': 2}
    },
}
None

Version changed: 0.4.0

  • Add parameter examples.
Source code in apiflask/decorators.py
def input(
    schema: SchemaType,
    location: str = 'json',
    schema_name: t.Optional[str] = None,
    example: t.Optional[t.Any] = None,
    examples: t.Optional[t.Dict[str, t.Any]] = None,
    **kwargs: t.Any
) -> t.Callable[[DecoratedType], DecoratedType]:
    """Add input settings for view functions.

    > Be sure to put it under the routes decorators (i.e., `app.route`, `app.get`,
    `app.post`, etc.).

    If the validation passed, the data will inject into view
    function as a positional argument in the form of `dict`. Otherwise,
    an error response with the detail of the validation result will be returned.

    Examples:

    ```python
    from apiflask import APIFlask, input

    app = APIFlask(__name__)

    @app.get('/')
    @input(PetInSchema)
    def hello(parsed_and_validated_input_data):
        print(parsed_and_validated_input_data)
        return 'Hello'!
    ```

    Arguments:
        schema: The marshmallow schema of the input data.
        location: The location of the input data, one of `'json'` (default),
            `'files'`, `'form'`, `'cookies'`, `'headers'`, `'query'`
            (same as `'querystring'`).
        schema_name: The schema name for dict schema, only needed when you pass
            a schema dict (e.g., `{'name': String(required=True)}`) for `json`
            location.
        example: The example data in dict for request body, you should use either
            `example` or `examples`, not both.
        examples: Multiple examples for request body, you should pass a dict
            that contains multiple examples. Example:

            ```python
            {
                'example foo': {  # example name
                    'summary': 'an example of foo',  # summary field is optional
                    'value': {'name': 'foo', 'id': 1}  # example value
                },
                'example bar': {
                    'summary': 'an example of bar',
                    'value': {'name': 'bar', 'id': 2}
                },
            }
            ```

    *Version changed: 0.4.0*

    - Add parameter `examples`.
    """
    if isinstance(schema, ABCMapping):
        schema = _generate_schema_from_mapping(schema, schema_name)
    if isinstance(schema, type):  # pragma: no cover
        schema = schema()

    def decorator(f):
        if location not in [
            'json', 'query', 'headers', 'cookies', 'files', 'form', 'querystring'
        ]:
            raise ValueError(
                'Unknown input location. The supported locations are: "json", "files",'
                ' "form", "cookies", "headers", "query" (same as "querystring").'
                f' Got "{location}" instead.'
            )
        if location == 'json':
            _annotate(f, body=schema, body_example=example, body_examples=examples)
        else:
            if not hasattr(f, '_spec') or f._spec.get('args') is None:
                _annotate(f, args=[])
            # Todo: Support set example for request parameters
            f._spec['args'].append((schema, location))
        return use_args(schema, location=location, **kwargs)(f)
    return decorator

output(schema, status_code=200, description=None, schema_name=None, example=None, examples=None, links=None)

Add output settings for view functions.

Be sure to put it under the routes decorators (i.e., app.route, app.get, app.post, etc.).

The decorator will format the return value of your view function with provided marshmallow schema. You can return a dict or an object (such as a model class instance of ORMs). APIFlask will handle the formatting and turn your return value into a JSON response.

P.S. The output data will not be validated; it's a design choice of marshmallow. marshmallow 4.0 may be support the output validation.

Examples:

from apiflask import APIFlask, output

app = APIFlask(__name__)

@app.get('/')
@output(PetOutSchema)
def hello():
    return the_dict_or_object_match_petout_schema

Parameters:

Name Type Description Default
schema Union[Schema, Type[Schema], Dict[str, Union[Field, type]]]

The schemas of the output data.

required
status_code int

The status code of the response, defaults to 200.

200
description Optional[str]

The description of the response.

None
schema_name Optional[str]

The schema name for dict schema, only needed when you pass a schema dict (e.g., {'name': String()}).

None
example Optional[Any]

The example data in dict for response body, you should use either example or examples, not both.

None
examples Optional[Dict[str, Any]]

Multiple examples for response body, you should pass a dict that contains multiple examples. Example:

{
    'example foo': {  # example name
        'summary': 'an example of foo',  # summary field is optional
        'value': {'name': 'foo', 'id': 1}  # example value
    },
    'example bar': {
        'summary': 'an example of bar',
        'value': {'name': 'bar', 'id': 2}
    },
}
None
links Optional[Dict[str, Any]]

The links of response. It accepts a dict which maps a link name to a link object. Example:

{
    'getAddressByUserId': {
        'operationId': 'getUserAddress',
        'parameters': {
            'userId': '$request.path.id'
        }
    }
}

See the docs for more details about setting response links.

None

Version changed: 0.10.0

  • Add links parameter.

Version changed: 0.9.0

  • Add base response customization support.

Version changed: 0.6.0

  • Support decorating async views.

Version changed: 0.5.2

  • Return the Response object directly.

Version changed: 0.4.0

  • Add parameter examples.
Source code in apiflask/decorators.py
def output(
    schema: SchemaType,
    status_code: int = 200,
    description: t.Optional[str] = None,
    schema_name: t.Optional[str] = None,
    example: t.Optional[t.Any] = None,
    examples: t.Optional[t.Dict[str, t.Any]] = None,
    links: t.Optional[t.Dict[str, t.Any]] = None,
) -> t.Callable[[DecoratedType], DecoratedType]:
    """Add output settings for view functions.

    > Be sure to put it under the routes decorators (i.e., `app.route`, `app.get`,
    `app.post`, etc.).

    The decorator will format the return value of your view function with
    provided marshmallow schema. You can return a dict or an object (such
    as a model class instance of ORMs). APIFlask will handle the formatting
    and turn your return value into a JSON response.

    P.S. The output data will not be validated; it's a design choice of marshmallow.
    marshmallow 4.0 may be support the output validation.

    Examples:

    ```python
    from apiflask import APIFlask, output

    app = APIFlask(__name__)

    @app.get('/')
    @output(PetOutSchema)
    def hello():
        return the_dict_or_object_match_petout_schema
    ```

    Arguments:
        schema: The schemas of the output data.
        status_code: The status code of the response, defaults to `200`.
        description: The description of the response.
        schema_name: The schema name for dict schema, only needed when you pass
            a schema dict (e.g., `{'name': String()}`).
        example: The example data in dict for response body, you should use either
            `example` or `examples`, not both.
        examples: Multiple examples for response body, you should pass a dict
            that contains multiple examples. Example:

            ```python
            {
                'example foo': {  # example name
                    'summary': 'an example of foo',  # summary field is optional
                    'value': {'name': 'foo', 'id': 1}  # example value
                },
                'example bar': {
                    'summary': 'an example of bar',
                    'value': {'name': 'bar', 'id': 2}
                },
            }
            ```
        links: The `links` of response. It accepts a dict which maps a link name to
            a link object. Example:

            ```python
            {
                'getAddressByUserId': {
                    'operationId': 'getUserAddress',
                    'parameters': {
                        'userId': '$request.path.id'
                    }
                }
            }
            ```

            See the [docs](https://apiflask.com/openapi/#response-links) for more details
            about setting response links.

    *Version changed: 0.10.0*

    - Add `links` parameter.

    *Version changed: 0.9.0*

    - Add base response customization support.

    *Version changed: 0.6.0*

    - Support decorating async views.

    *Version changed: 0.5.2*

    - Return the `Response` object directly.

    *Version changed: 0.4.0*

    - Add parameter `examples`.
    """
    if schema == {}:
        schema = EmptySchema
    if isinstance(schema, ABCMapping):
        schema = _generate_schema_from_mapping(schema, schema_name)
    if isinstance(schema, type):  # pragma: no cover
        schema = schema()

    if isinstance(schema, EmptySchema):
        status_code = 204

    def decorator(f):
        _annotate(f, response={
            'schema': schema,
            'status_code': status_code,
            'description': description,
            'example': example,
            'examples': examples,
            'links': links,
        })

        def _jsonify(
            obj: t.Any,
            many: bool = _sentinel,  # type: ignore
            *args: t.Any,
            **kwargs: t.Any
        ) -> Response:  # pragma: no cover
            """From Flask-Marshmallow, see the NOTICE file for license information."""
            if many is _sentinel:
                many = schema.many  # type: ignore
            base_schema: OpenAPISchemaType = current_app.config['BASE_RESPONSE_SCHEMA']
            if base_schema is not None and status_code != 204:
                data_key: str = current_app.config['BASE_RESPONSE_DATA_KEY']
                if data_key not in obj:
                    raise RuntimeError(
                        f'The data key "{data_key}" is not found in the returned dict.'
                    )
                obj[data_key] = schema.dump(obj[data_key], many=many)  # type: ignore
                data = base_schema().dump(obj)  # type: ignore
            else:
                data = schema.dump(obj, many=many)  # type: ignore
            return jsonify(data, *args, **kwargs)

        @wraps(f)
        def _response(*args: t.Any, **kwargs: t.Any) -> ResponseType:
            if hasattr(current_app, 'ensure_sync'):  # pragma: no cover
                rv = current_app.ensure_sync(f)(*args, **kwargs)
            else:  # pragma: no cover
                rv = f(*args, **kwargs)  # for Flask < 2.0
            if isinstance(rv, Response):
                return rv
            if not isinstance(rv, tuple):
                return _jsonify(rv), status_code
            json = _jsonify(rv[0])
            if len(rv) == 2:
                rv = (json, rv[1]) if isinstance(rv[1], int) else (json, status_code, rv[1])
            elif len(rv) >= 3:
                rv = (json, rv[1], rv[2])
            else:
                rv = (json, status_code)
            return rv  # type: ignore
        return _response
    return decorator