Creating delicious APIs for Django apps since 2010.

Last update: Dec 30, 2022

Related tags

RESTful API django-tastypie

Overview

django-tastypie

Creating delicious APIs for Django apps since 2010.

Currently in beta but being used actively in production on several sites.

Requirements

Core

Python 2.7+ or Python 3.4+ (Whatever is supported by your version of Django)
Django 1.11, 2.2 (LTS releases) or Django 3.0 (latest release)
dateutil (http://labix.org/python-dateutil) >= 2.1

Format Support

XML: lxml 3 (http://lxml.de/) and defusedxml (https://pypi.python.org/pypi/defusedxml)
YAML: pyyaml (http://pyyaml.org/)
binary plist: biplist (https://bitbucket.org/wooster/biplist)

Optional

HTTP Digest authentication: python3-digest (https://bitbucket.org/akoha/python-digest/)

What's It Look Like?

A basic example looks like:

# myapp/api.py
# ============
from tastypie.resources import ModelResource
from myapp.models import Entry


class EntryResource(ModelResource):
    class Meta:
        queryset = Entry.objects.all()


# urls.py
# =======
from django.conf.urls import url, include
from tastypie.api import Api
from myapp.api import EntryResource

v1_api = Api(api_name='v1')
v1_api.register(EntryResource())

urlpatterns = [
    # The normal jazz here then...
    url(r'^api/', include(v1_api.urls)),
]

That gets you a fully working, read-write API for the Entry model that supports all CRUD operations in a RESTful way. JSON/XML/YAML support is already there, and it's easy to add related data/authentication/caching.

You can find more in the documentation at https://django-tastypie.readthedocs.io/.

Why Tastypie?

There are other API frameworks out there for Django. You need to assess the options available and decide for yourself. That said, here are some common reasons for tastypie.

You need an API that is RESTful and uses HTTP well.
You want to support deep relations.
You DON'T want to have to write your own serializer to make the output right.
You want an API framework that has little magic, very flexible and maps well to the problem domain.
You want/need XML serialization that is treated equally to JSON (and YAML is there too).

Reference Material

Getting Help

There are two primary ways of getting help.

Go to StackOverflow and post a question with the tastypie tag.
We have an IRC channel (#tastypie on irc.freenode.net) to get help, bounce an idea by us, or generally shoot the breeze.

Security

Tastypie is committed to providing a flexible and secure API, and was designed with many security features and options in mind. Due to the complex nature of APIs and the constant discovery of new attack vectors and vulnerabilities, no software is immune to security holes. We rely on our community to report and help us investigate security issues.

If you come across a security hole please do not open a Github issue. Instead, drop us an email at [email protected]

We'll then work together to investigate and resolve the problem so we can announce a solution along with the vulnerability.

Comments

Django 1.7 RuntimeError: App registry isn't ready yet.

Hopefully someone has already addressed this and I just haven't been able to find this.

I'm using Django 1.7 and am not able to install tastypie successfully. I have installed directly from the github repo thinking it may just be an issue with the pip version but I'm still having the same issue.

When I add tastypie to my installed apps, all of my manage.py commands fail with: RuntimeError: App registry isn't ready yet.

Is there a way to get tastypie running with python 2.7 + django 1.7 (dev)?

opened by natecox 32
Django 1.8

This is a rollup of the 1.8 atomic/transaction fixes from #1263 and a bunch of fixes for failing tests.

The whole thing needs a review, preferably by somebody with a stronger understanding of the related_resources tests and the save_related() method on Resource.

I got a green board to happen (https://travis-ci.org/django-tastypie/django-tastypie/builds/51335501), but I got there with a bit of fumbling through save_related() and I don't fully understand why I needed to do what I did.

opened by georgedorn 24
Django 1.11
WIP; updating to Django 1.11.

Remove test matrix for 1.7, 1.9; we should support the most recent version (1.11), the most recent LTE (1.8), and run tests against dev (but allowed to fail).
opened by georgedorn 22
Hydration of many (5000) resources very slow due to deepcopy in Resource.__init__()

I'm doing some profiling to speed up an API that I'm building with tastypie and am seeing ~ 70% (5 of 7 seconds) of my time being spent right now doing the deepcopy of the base fields in Resource.init when hydrating 5000 resources.

Given the general nature of the Resource object, I guess there are probably cases where you'd have a mutable object in the base Resource and need to create new ones for each instance but is that also true for ModelResources?

opened by katzj 22

Test client's patch method doesn't work properly

If I send patch data in functional test, I always get following exception:

Traceback (most recent call last):
  File "/Users/ondrej/Sites/_work/*******/tests/*******/test_*******_resource.py", line 119, in test_patch_valid_resource
    self.assertHttpAccepted(self.api_client.patch('{0}{1}/'.format(self.uri, *******.id), data=patch_data))
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/test.py", line 179, in patch
    return self.client.request(**r)
  File "/Users/ondrej/.virtualenvs/*******/lib/python2.7/site-packages/django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "/Users/ondrej/.virtualenvs/*******/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 77, in wrapped_view
    return view_func(*args, **kwargs)
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/resources.py", line 196, in wrapper
    response = callback(request, *args, **kwargs)
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/resources.py", line 430, in dispatch_detail
    return self.dispatch('detail', request, **kwargs)
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/resources.py", line 450, in dispatch
    response = method(request, **kwargs)
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/resources.py", line 1405, in patch_detail
    deserialized = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json'))
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/resources.py", line 370, in deserialize
    deserialized = self._meta.serializer.deserialize(data, format=request.META.get('CONTENT_TYPE', 'application/json'))
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/serializers.py", line 194, in deserialize
    deserialized = getattr(self, "from_%s" % desired_format)(content)*******
  File "/Users/ondrej/.virtualenvs/*******/src/tastypie/tastypie/serializers.py", line 344, in from_json
    return simplejson.loads(content)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py", line 326, in loads
    return _default_decoder.decode(s)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 360, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 376, in raw_decode
    obj, end = self.scan_once(s, idx)
ValueError: Expecting property name: line 1 column 1 (char 1)

My test case looks approximately like this:

def test_patch_valid_resource(self):
    contest = ContestFactory.create(created_by=self.user, type=self.type)

    new_name = 'Patched contest #1'

    patch_data = {
        'name': new_name,
    }

    self.assertHttpAccepted(self.api_client.patch('{0}{1}/'.format(self.uri, contest.id), data=patch_data))

    edited_contest = Contest.objects.get()

    self.assertEqual(Contest.objects.count(), 1)
    self.assertEqual(edited_contest.name, new_name)

From what I could trace, request object cuts request.raw_post_data to {"name": "Patch (in this particular test) for some reason. I'm not even sure if it's Tastypie error at all, but patch method is unusable in tests this way.

opened by ondrowan 19

Deserialize from form

Trying to implement out similar functionality to from_html in the deserializer. Form encoded put and post request don't necessarily have to be from a browser, they could be from some client app that sends form encoded data.

Since Django already parses out the POST and FILES from the request on post, we might as well reuse those.

This seems to be an alternative solution that uses the deserializer, although I feel like the deserializer should not be dealing with requests. https://github.com/klipstein/django-tastypie/commit/9acd24b1acf425a26785df7690ba3c7c8d0483c5

Hydration should be handled automatically so that a ModelResource will only have files overwritten or created if a file is provided.

opened by michaelmwu 19

Singular nested resource failing, worked in 9.11 [perm branch]

Hopefully this isn't too soon to post, I know you are actively working on this @toastdriven . The below passes in 9.11 but fails with the new commit SHA: c83698ac7fd5369acd8e5a52f3b5409a8f02b965

models.py

class ApplicationPermission(models.Model):
    name = models.CharField(max_length=100)

    def __unicode__(self):
        return self.name

class Application(models.Model):
    permissions = models.ManyToManyField(ApplicationPermission,blank=True,null=True)
    identifier = models.CharField(max_length=200,help_text="String, The application's ID.")
    ... (clip) ...
    def __unicode__(self):
        return u"%s" % self.name

resources.py

class ApplicationResource(ModelResource):
    permissions = fields.ToManyField('app.web.api.state_resources.ApplicationPermissionResource','permissions',related_name='application',full=True)

    class Meta:
        queryset = Application.objects.all()
        resource_name = "application"
        authentication = BasicAuthentication()
        authorization = Authorization()

class ApplicationPermissionResource(ModelResource):
    class Meta:
        queryset = ApplicationPermission.objects.all()
        resource_name = "permission"
        authentication = BasicAuthentication()
        authorization = Authorization()

tests.py

def test_post_application_with_permissions(self):
    post_data = """{
            "backup_agent_name": "com.test.TestApp",
            "bundle_size": 11111,
            "class_name": "com.test.TestApp",
            "data_dir": "/data/dir",
            "identifier": "id12341234",
            "name": "Test App",
            "permissions": [
                {"name": "Unit Test Permission 1"},
                {"name": "Unit Test Permission 2"},
                {"name": "Unit Test Permission 3"},
                {"name": "Unit Test Permission 4"},
                {"name": "Unit Test Permission 5"},
                {"name": "Unit Test Permission 6"}
            ],
            "process_name": "com.test.TestApp.proc",
            "public_source_dir": "/public/dir/",
            "short_version": "1",
            "source_dir": "/src/dir/",
            "target_sdk_version": "8",
            "version": "v1",
            "version_code": "v1.0",
            "version_name": "120392"}
            """
    resp = self.client.post('/api/v1/application/', data=post_data, content_type='application/json',**self.extra)
    self.assertEqual(resp.status_code, 201)

    resp = self.client.get('/api/v1/application/3/', data={'format': 'json'}, **self.extra)
    self.assertEqual(resp.status_code, 200)
    obj = json.loads(resp.content)
    self.assertEqual(obj['backup_agent_name'], "com.test.TestApp")
    self.assertEqual(obj['bundle_size'], 11111)
    self.assertEqual(obj['class_name'], "com.test.TestApp")
    self.assertEqual(obj['data_dir'], "/data/dir")
    self.assertEqual(obj['identifier'], "id12341234")
    self.assertEqual(obj['name'], "Test App")
    self.assertEqual(obj['process_name'], "com.test.TestApp.proc")
    permissions = obj['permissions']
    for i,object in enumerate(permissions):
        self.assertEqual(object['name'], "Unit Test Permission " + str(i+1))
    self.assertEqual(len(permissions),6) # asserts that there are 6 permissions

trace

    Error
    Traceback (most recent call last):
    File "/usr/lib/python2.7/unittest/case.py", line 327, in run
    testMethod()
    File "/home/bob/app/app/web/tests/state_tests.py", line 93, in test_post_application_with_permissions
    resp = self.client.post('/api/v1/application/', data=post_data, content_type='application/json',**self.extra)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/django/test/client.py", line 449, in post
    response = super(Client, self).post(path, data=data, content_type=content_type, **extra)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/django/test/client.py", line 262, in post
    return self.request(**r)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 77, in wrapped_view
    return view_func(*args, **kwargs)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/tastypie/resources.py", line 193, in wrapper
    response = callback(request, *args, **kwargs)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/tastypie/resources.py", line 400, in dispatch_list
    return self.dispatch('list', request, **kwargs)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/tastypie/resources.py", line 429, in dispatch
    response = method(request, **kwargs)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/tastypie/resources.py", line 1177, in post_list
    updated_bundle = self.obj_create(bundle, request=request, **self.remove_api_resource_names(kwargs))
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/tastypie/resources.py", line 1898, in obj_create
    return self.save(bundle)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/tastypie/resources.py", line 2002, in save
    self.save_m2m(m2m_bundle)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/tastypie/resources.py", line 2089, in save_m2m
    related_mngr.add(*related_objs)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/django/db/models/fields/related.py", line 578, in add
    self._add_items(self.source_field_name, self.target_field_name, *objs)
    File "/home/bob/.virtualenvs/app/local/lib/python2.7/site-packages/django/db/models/fields/related.py", line 640, in _add_items
    raise TypeError("'%s' instance expected, got %r" % (self.model._meta.object_name, obj))
    TypeError: 'ApplicationPermission' instance expected, got <Application: Test App>

opened by desimone 18

determine_format: handle malformed HTTP Accept values

Some clients cause tastypie to return a 500 error because they send a request with an HTTP Accept header which contains an invalid MIME type (e.g. any value without a "/" other than "*", which mimeparse handles).

This patch simply causes tastypie to catch the ValueError and fail down to the default format
needunittest

opened by acdha 17
ModelResource.obj_update calls full_hydrate twice

Starting in this commit obj_update calls full_hydrate twice. This means that if non-idempotent transformations happen in a user's hydrate() functions it will result in an attribute that isn't in the expected state.

opened by brianhv 17
Updating a resource with a full ToManyField representation fails

As reported in #tastypie by @jpadilla, when sending a PUT to a resource with a ToManyField, the Django ORM aborts with the message int() argument must be a string or a number, not 'ManyRelatedManager'.

Reference resources are located in this gist: https://gist.github.com/5820c76971797bf799bc A traceback is located here: https://gist.github.com/ea1afa28caf4859b2f26 The kwargs that are causing the issue are here: https://gist.github.com/adee82c997a3f872e005

The problem was found when piping the result of a get_detail on the BookingResource into a put_detail.

opened by joshbohde 17
Generic relations
I've added support for Generic Relations in the API by modifying the RelatedField to allow the to field to be a dictionary which maps django models to Resources. Basic usage is as follows:

Django Model:

class GenericTag(models.Model): name = models.CharField(max_length = 30) object_id = models.PositiveIntegerField() content_type = models.ForeignKey(generic.ContentType) content_object = generic.GenericForeignKey() def __unicode__(self): return u"%s" % (self.name)

Resource:

class GenericTagResource(ModelResource): content_type = fields.ContentTypeField() content_object = fields.ToOneField( {Category : CategoryResource, Taggable : TaggableResource}, attribute="content_object", contenttype_field=content_type) class Meta: resource_name = 'generictag' queryset = GenericTag.objects.all() authorization = Authorization()

The to field dictionary tells the RelatedField class what Resources to use when hydrating/dehydrating. A contenttype_field reference must also be passed if writing is allowed which allows for the proper type object to be written. Two new classes were added, ContentTypeField which provides a shortcut for this purpose and ContentTypeResource which users can subclass to customize. I've left it up to users to add ContentTypeResource to their urlconf by using Api.register or some other method. All functionality is supported including POST/PUT with nested resources. I've also written tests for the code in the GenericForeignKeyTest class inside tests/related_resource/tests.py The reverse GenericRelation is supported by using the ToManyField. All tests pass when run with tests/run_all_tests.sh
opened by dhatch 17
Issue with filtering by relation
Imagine MyResource has a field whose attribute is using relations, and it returns id of the object on the far side of the relation, for example:

faraway_id = fields.IntegerField('foo__bar__baz__faraway_id')

Now imagine you want to be able to filter your objects on foo__bar__baz__faraway_id but you want the filter parameter to be named just faraway_id (to be consistent with what's being returned). To be more specific, you want the call to look like this:

GET /my-resource/?faraway_id=18

In 0.12 it worked without problem, just by overriding build_filters(filters) I could map the faraway_id to foo__bar__baz__faraway_id

In 0.14 however, if I try to do the same thing, the call to super().build_filters(filters) throws an error: The 'faraway_id' is not a valid field name. Apparently it tries to find a valid list of query lookups for foo__bar__baz__faraway_id and it fails, for obvious reason.

The message is super confusing to a programmer, one needs to read the library sources to figure out what is even going on.

The only workaround I can think of is to remove the faraway_id field from MyResource and add it manually in the dehydrate, which is rather ugly.

Does anybody else knows an easier, and human-friendly way of doing this?
opened by PawelRoman 1

Failed import of `_sanitize_token` with Django 4.1

When importing tastypie.api.Api, using Django v4.1, I get an error. It was OK with v4.0.6.

The end of the traceback looks like this:

myproject_web |   File "/code/myproject/apps/apiv1/urls.py", line 2, in <module>
myproject_web |     from tastypie.api import Api
myproject_web |   File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/tastypie/api.py", line 10, in <module>
myproject_web |     from tastypie.resources import Resource
myproject_web |   File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/tastypie/resources.py", line 40, in <module>
myproject_web |     from tastypie.authentication import Authentication
myproject_web |   File "/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/tastypie/authentication.py", line 12, in <module>
myproject_web |     from django.middleware.csrf import _sanitize_token
myproject_web | ImportError: cannot import name '_sanitize_token' from 'django.middleware.csrf' (/root/.local/share/virtualenvs/code-_Py8Si6I/lib/python3.8/site-packages/django/middleware/csrf.py)

Looks like it's this commit in Django, where django.middleware.csrf._sanitize_token was changed to django.middleware.csrf._check_token_format.

Using django-tastypie v0.14.4, python 3.8.

opened by philgyford 0

form validation does not work for resources with related resources

Previously in version 0.14.1 I could post a request to create a resource with a related resource id and it would work. Here's an example of interacting with a toy application (example here)

>>> h = {'content-type': 'application/json', 'accept': 'application/json'}
>>> d = {'name': 'some book', 'author': 1}
>>> r = requests.post('http://127.0.0.1:8000/api/v1/books/', data=json.dumps(d), headers=h)
>>> r.status_code
201

In the latest version of tastypie, it fails.

>>> d = {'name': 'another book', 'author': 1}
>>> r = requests.post('http://127.0.0.1:8000/api/v1/books/', data=json.dumps(d), headers=h)
>>> r.content
b'{"books": {"author": ["This field is required."]}}'
>>>

I believe this is due to the change from after 0.14.1 starting from where this was added in FormValidation form_args

            # iterate over the fields in the object and find those that are
            # related fields - FK, M2M, O2M, etc.  In those cases, we need
            # to *not* use the data in the bundle, since it is a URI to a
            # resource.  Instead, use the output of model_to_dict for
            # validation, since that is already properly hydrated.
            for field in bundle.obj._meta.fields:
                if field.name in bundle.data:
                    if not isinstance(field, RelatedField):
                        kwargs['data'][field.name] = bundle.data[field.name]

It's setting the value for the related resource (author in my example) to None because the bundle does not have that value.

opened by codersquid 0

There is no AppConfig (apps.py), can you add it?

I'm using tastypie 0.14.4

Tastypie app should have an apps.py module, with some reasonable configuration. At bare minimum it should look like this:

from django.apps import AppConfig

class TastyPieConfig(AppConfig):
    default_auto_field = "django.db.models.BigAutoField"
    name = "tastypie"

Without it, django 3.2 raises the following warning on startup:

WARNINGS:
tastypie.ApiAccess: (models.W042) Auto-created primary key used when not defining a primary key type, by default 'django.db.models.AutoField'.
	HINT: Configure the DEFAULT_AUTO_FIELD setting or the AppConfig.default_auto_field attribute to point to a subclass of AutoField, e.g. 'django.db.models.BigAutoField'.

opened by PawelRoman 0

use unittest.mock instead of mock

Could you please consider to use built-in unittest.mock instead of mock, as a fallback at least?

https://trello.com/c/S6eADbii/64-remove-python-mock https://fedoraproject.org/wiki/Changes/DeprecatePythonMock
easy_to_fix

opened by pgajdos 2

Releases(v0.14.4)

v0.14.4(Jan 4, 2022)

Django 4.0 support.
Source code(tar.gz)
Source code(zip)
v0.14.3(Jan 6, 2020)
Python 2.7+ or Python 3.4+ (Whatever is supported by your version of Django)

Django 1.11, 2.2 (LTS releases) or Django 3.0 (latest release)

This is the last version that will explicitly support Python 2.x, which has reached EOL.
Source code(tar.gz)
Source code(zip)
v0.14.2(Feb 24, 2019)

Django 2.1 support.
Source code(tar.gz)
Source code(zip)
v0.14.1(Apr 9, 2018)

Django 2.0 support.
Source code(tar.gz)
Source code(zip)
v0.14.0(Jul 3, 2017)

Django 1.11 support.
Source code(tar.gz)
Source code(zip)

Owner

GitHub http://tastypieapi.org/

Embrace the APIs of the future. Hug aims to make developing APIs as simple as possible, but no simpler.

Read Latest Documentation - Browse GitHub Code Repository hug aims to make developing Python driven APIs as simple as possible, but no simpler. As a r

6.7k Dec 27, 2022

Django Ninja is a web framework for building APIs with Django and Python 3.6+ type hints.

?? Fast, Async-ready, Openapi, type hints based framework for building APIs

3.8k Jan 4, 2023

A Django-powered API with various utility apps / endpoints.

A Django-powered API Includes various utility apps / endpoints. Demos These web apps provide a frontend to the APIs in this project. Issue API Explore

0 Sep 13, 2021

Web APIs for Django. 🎸

Django REST framework Awesome web-browsable Web APIs. Full documentation for the project is available at https://www.django-rest-framework.org/. Fundi

24.7k Jan 4, 2023

Scaffold django rest apis like a champion 🚀

scaffold django rest apis like a champion ??

133 Jan 5, 2023

Document Web APIs made with Django Rest Framework

DRF Docs Document Web APIs made with Django Rest Framework. View Demo Contributors Wanted: Do you like this project? Using it? Let's make it better! S

626 Nov 20, 2022

Browsable web APIs for Flask.

Flask API Browsable web APIs for Flask. Status: This project is in maintenance mode. The original author (Tom Christie) has shifted his focus to API S

1.3k Dec 27, 2022

A small repository of projects built in my course, REST APIs with Flask and Python.

1k Jan 5, 2023

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

1.8k Jan 4, 2023

Sanic-RESTPlus is an extension for Sanic that adds support for quickly building REST APIs.

Sanic RestPlus Sanic-RESTPlus is an extension for Sanic that adds support for quickly building REST APIs. Sanic-RESTPlus encourages best practices wit

106 Oct 14, 2022

Um aplicativo de usuários feito em Django REST Framework, nesse aplicativo eu modifiquei o modelo padrão de user do Django, adicionando campos personalizados e login com email e senha, também desenvolvi funcionalidades para a API e testes automatizados, para conferir tudo leia o README abaixo!

App de Usuários Esse é um app de usuários personalizado feito em Django REST Framework, nele eu modifiquei o model padrão de users do Django, adiciona