Requests and responses¶
Requests and responses are all in the JSON API format, so each request must include an Accept header whose value is application/vnd.api+json and any request that contains content must include a Content-Type header whose value is application/vnd.api+json. If they do not, the client will receive an error response.
This section of the documentation assumes some familiarity with the JSON API specification.
Resource ID must be a string¶
As required by the JSON API, the ID (and type) of a resource must be a string in request and response documents. This does not mean that the primary key in the database must be a string, only that it will appear as a string in communications between the client and the server. For more information, see the Identification section of the JSON API specification.
Trailing slashes in URLs¶
Date and time fields¶
Flask-Restless will automatically parse and convert date and time strings into the corresponding Python objects. Flask-Restless also understands intervals (also known as durations), if you specify the interval as an integer representing the number of units that the interval spans.
If you want the server to set the value of a date or time field of a model as
the current time (as measured at the server), use one of the special strings
"LOCALTIMESTAMP". When the
server receives one of these strings in a request, it will use the
corresponding SQL function to set the date or time of the field in the model.
Errors and error messages¶
Flask-Restless returns the error responses required by the JSON API
specification, and most other server errors yield a
400 Bad Request. Errors are included in the
errors element in the
top-level JSON document in the response body.
If a request triggers certain types of errors, the SQLAlchemy session will be rolled back. Currently these errors are
Cross-Origin Resource Sharing (CORS)¶
HTTP clients to make HTTP requests across Internet domain boundaries while
still protecting against cross-site scripting (XSS) attacks. If you have access
to the HTTP server that serves your Flask application, I recommend configuring
CORS there, since such concerns are beyond the scope of Flask-Restless.
However, in case you need to support CORS at the application level, you should
create a function that adds the necessary HTTP headers after the request has
been processed by Flask-Restless (that is, just before the HTTP response is
sent from the server to the client) using the
from flask import Flask from flask_restless import APIManager def add_cors_headers(response): response.headers['Access-Control-Allow-Origin'] = 'example.com' response.headers['Access-Control-Allow-Credentials'] = 'true' # Set whatever other headers you like... return response app = Flask(__name__) manager = APIManager(app) blueprint = manager.create_api_blueprint('mypersonapi', Person) blueprint.after_request(add_cors_headers) app.register_blueprint(blueprint)