Customizing GET method using Flask Restless

338 Views Asked by clemtoy At 04 April 2025 at 21:36

I am developing a REST API using Flask Restless.

The following code is a sample to illustrate my problem:

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.Unicode)
    password = db.Column(db.String(20))

class Message(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    text = db.Column(db.Unicode)
    recipients = db.relationship("User")

# ...

manager.create_api(User,
    include_columns=['id', 'name'], # password is excluded
    methods=['GET', 'POST'])
manager.create_api(Message, methods=['GET', 'POST'])

When I send a GET request to get a user, the API returns his id and his name but not the password since passwords are excluded:

{
    "id": 14,
    "name": John
}

But when I send a GET request to get a message, I get the full recipient, including the password:

{
    "id": 637,
    "text": "Hello!",
    "recipients": [
        {
            "id": 98,
            "name": "Peter",
            "password": "1a52dca635fee"
        }
    ]
}

The password should not be returned obviously...

How can I choose which fields of related models are returned?

Original Q&A

There are 2 best solutions below

Nikolai Golub On 21 February 2016 at 13:10 BEST ANSWER

Take a look at custom serialization part of the documentation and Marshmallow library.

kiernan On 09 January 2017 at 02:41

Since you're requesting a message, you would need to define what columns to exclude on that API endpoint:

manager.create_api(Message,
  methods=['GET', 'POST'],
  exclude_columns=['recipients.password'])

Customizing GET method using Flask Restless

There are 2 best solutions below

Related Questions in PYTHON

Related Questions in FLASK

Related Questions in SQLALCHEMY

Related Questions in FLASK-SQLALCHEMY

Related Questions in FLASK-RESTLESS

Trending Questions

Popular # Hahtags

Popular Questions