Arguments¶

To inject arguments into a view function, use the Blueprint.arguments decorator. It allows to specify a Schema to deserialize and validate the parameters.

When processing a request, the input data is deserialized, validated, and injected in the view function.

@blp.route('/')
class Pets(MethodView):

    @blp.arguments(PetQueryArgsSchema, location='query')
    @blp.response(200, PetSchema(many=True))
    def get(self, args):
        return Pet.get(filters=args)

    @blp.arguments(PetSchema)
    @blp.response(201, PetSchema)
    def post(self, pet_data):
        return Pet.create(**pet_data)

Arguments Location¶

The following locations are allowed:

"json"

"query" (or "querystring")

"path"

"form"

"headers"

"cookies"

"files"

The location defaults to "json", which means body parameter.

Arguments Injection¶

By default, arguments are passed as a single positional dict argument. If as_kwargs=True is passed, the decorator passes deserialized input data as keyword arguments instead.

@blp.route('/')
class Pets(MethodView):

    @blp.arguments(PetQueryArgsSchema, location='query', as_kwargs=True)
    @blp.response(200, PetSchema(many=True))
    def get(self, **kwargs):
        return Pet.get(filters=**kwargs)

This decorator can be called several times on a resource function, for instance to accept both body and query parameters. The order of the decorator calls matters as it determines the order in which the parameters are passed to the view function.

@blp.route('/')
class Pets(MethodView):

    @blp.arguments(PetSchema)
    @blp.arguments(QueryArgsSchema, location='query')
    def post(pet_data, query_args):
        return Pet.create(pet_data, **query_args)

Dealing With Unknown Arguments¶

When input data contains unknown fields, a marshmallow Schema may raise a ValidationError (default), exclude those fields, or include them without validation. This can be controlled by the unknown Meta attribute of the Schema, which can be set to RAISE, EXCLUDE or INCLUDE.

Marshmallow also allows to pass an unknown argument to change this on the fly on each load. This parameter, if not None, overrides the Meta attribute. But it does not propagate to nested Schema s.

json, form or json_or_form locations may contain nested schemas, so the only way to change behaviour about unknown (for instance to set it to EXCLUDE), is to set it in a Meta attribute. This can be done conveniently in a base Schema class.

For locations that typically don’t use nested Schema s (query_string, headers, cookies and files), unknown=EXCLUDE is passed, as it is considered a more sensible default.

The unknown argument passed to the Schema for each location can be customized in the FlaskParser imported from webargs.

The easiest way is to mutate DEFAULT_UNKNOWN_BY_LOCATION in the parser class:

import marshmallow as ma
from webargs.flaskparser import FlaskParser

# Don't do that when using the pagination feature. See below.
FlaskParser.DEFAULT_UNKNOWN_BY_LOCATION["query"] = ma.RAISE

It can also be achieved by subclassing the parser and setting ARGUMENTS_PARSER in a base Blueprint class:

import marshmallow as ma
from webargs.flaskparser import FlaskParser
from flask_smorest import Blueprint

class MyFlaskParser(FlaskParser):
    DEFAULT_UNKNOWN_BY_LOCATION = {
        "query": ma.RAISE,
        # ...
    }

class MyBlueprint(Blueprint):
    ARGUMENTS_PARSER = MyFlaskParser()

This latter method is recommended if several parsers are instantiated with different unknown values, for instance to get different behaviours in different Blueprint s.

For the reason stated above, setting a value there for locations containing nested Schema s is not recommended because that value would only apply to the first level and would not propagate to nested Schema s.

Setting None for a location disables the feature for that location: no unknown argument is passed and marshmallow uses the Schema’s unknown Meta attribute or falls back to marshmallow default (RAISE).

Setting None as DEFAULT_UNKNOWN_BY_LOCATION instead of a location/value mapping disables the feature for all locations.

Note

The pagination feature in flask-smorest uses its own FlaskParser instance to parse pagination parameters from query arguments. It is affected by mutations of FlaskParser.DEFAULT_UNKNOWN_BY_LOCATION setting a value other than EXCLUDE for query.

Note

More info about customizing unknown can be found in webargs documentation.

Multiple Arguments Schemas¶

Calls to arguments decorator can be stacked, for instance to define arguments from multiple locations:

@blp.route('/')
class Pets(MethodView):

    @blp.arguments(PetSchema)
    @blp.arguments(QueryArgsSchema, location="query")
    @blp.response(201, PetSchema)
    def post(self, pet_data, query_args):
        pet = Pet.create(**pet_data)
        # Use query args
        ...
        return pet

It can also be done to define multiple arguments for the same location. Of course, this only makes sense for locations where unknown is set to EXCLUDE.

Content Type¶

When using body arguments, a default content type is assumed depending on the location. The location / content type mapping can be customized by modifying Blueprint.DEFAULT_LOCATION_CONTENT_TYPE_MAPPING.

DEFAULT_LOCATION_CONTENT_TYPE_MAPPING = {
    "json": "application/json",
    "form": "application/x-www-form-urlencoded",
    "files": "multipart/form-data",

It is also possible to override those defaults in a single resource by passing a string as content_type argument to Blueprint.arguments.

Note

The content type is only used for documentation purpose and has no impact on request parsing.

Note

Multipart requests with mixed types (file, form, etc.) are not supported. They can be achieved but the documentation is not correctly generated. arguments decorator can be called multiple times on the same view function but it should not be called with more that one request body location. This limitation is discussed in #46.

File Upload¶

File uploads as multipart/form-data are supported for both OpenAPI 3 and OpenAPI 2.

The arguments Schema should contain Upload fields. The files are injected in the view function as a dict of werkzeug FileStorage instances.

import os.path
from werkzeug.utils import secure_filename
from flask_smorest.fields import Upload

class MultipartFileSchema(ma.Schema):
    file_1 = Upload()

@blp.route('/', methods=['POST'])
@blp.arguments(MultipartFileSchema, location='files')
@blp.response(201)
def func(files):
    base_dir = '/path/to/storage/dir/'
    file_1 = files['file_1']
    file_1.save(os.path.join(base_dir, secure_filename(file_1.filename)))

Arguments¶

Arguments Location¶

Arguments Injection¶

Dealing With Unknown Arguments¶

Multiple Arguments Schemas¶

Content Type¶

File Upload¶

flask-smorest

Navigation

Related Topics