The most obvious feature difference is the browsable API.
Flask API also shares the same architecture as the core of Django REST framework, which I think just has a really nice separation of concerns.
Also the interface of `request.data` means is easy to transparently support both JSON and form requests, and the nice content negotiation on responses means it's easy to build services that power both an HTML front-end and an API from the same endpoints.
Right now Flask RESTful is more mature of course, but I've got high hopes for this, and it's been super fun to build so far.
Honestly, Flask-Restful provides almost nothing useful that couldn't be added to an entire Flask project with a few lines of code. I've completely moved away from it as it actually introduced an obscure bug in content negotiation, while at the same time requiring extra mental overhead just to use.
I can sort of comment on this since I've used Flask-RESTful and Django REST Framework where a lot of the Flask-API design is/will be borrowed from. I think the browsable API feature is great but it's not the killer feature for me. To me the killer feature is the well-designed serialization and validation architecture. In Flask-RESTful this seems half-baked - there is no notion of hyperlinked references or nested objects. At our company we ended up implementing our own serialization & validation layer which felt a lot like reinventing the wheel. My hope is that we can bring this same great architecture over from DRF to Flask-API.
Excellent work! Oh, the times I've wished for something like Django REST Framework in Flask but was too busy and/or lazy to implement it myself. Thank you!
For those unfamiliar with Django REST Framework, please go take a look. One of the few, perhaps the only, web framework to take all (or maybe almost all) of Fielding's ideas behind REST seriously. This is more than just theoretical -- once you've created a client application that takes full advantage of a HATEOAS API, you'll understand that it's much more than an annoying acronym.
Token auth in flask is something I was going to work on soon. It should be straightforward to use a decorator to protect restricted pages. One thing I am absolutely not clear yet is how you keep the user logged if the token expires after x seconds. I mean, if the user is using the app, somehow the token expiring date should be constantly updated, right?
All this would be amazing coupled with angularjs…
Edit
Oh, and I join the question: what about flask-restful?
> It should be straightforward to use a decorator to protect restricted pages.
Authentication policies will use a similar style to the renderers and parsers (and all of REST framework). You'll be able to set them per-view with a decorator, or set them system-wide in the config. You'll also be able to support multiple authentication policies.
I use Miguel Grinberg's "Token Based Authentication" example[1]. It's based on itsdangerous's TimedJSONWebSignatureSerializer class and it works very well in practice.
I spent last 3 months building AngularJS + Flask where the client talks to server only through REST. There were 3 options:
1. Bare Flask
2. Flask RESTful
3. Flask Restless
I've spent quite some time investigating 2nd and 3rd options. Problems with 2nd:
a) Didn't bring much to the table comparing to pure Flask. Extra abstraction and complexity that without much improvements
b) Swallowing Flask exceptions
c) Risk that the project will be abandoned and poor maintenance (commit frequency)
3rd: Direct mapping to SQL-Alchemy models is too restrict. Hard to change stuff - very opinionated
I end up with pure Flask. It's already good with enough rest framework!. Great balance between power and abstraction.
I'm looking forward to dig into this project. Would be great if it has great integration with flask admin and security. Also support for OAuth flows would be awesome.
I have a few question for the author - of top of my head. How do you handle pagination? one example returns json array, what about JSON vulnerability?
You should check out eve (http://python-eve.org) - it's amazing for rapid prototyping (if the fact it requires Mongo isn't an issue).
I'm building an AngularJS + REST server using Eve for the server. It has saved me so much time that I'm putting my dev effort mainly into a comprehensive test suite because there's so little dev work to do (btw - I'm not the author, it's just the fastest framework I've found for developing REST APIs - and I've tried Django REST framework & tastypie).
Built in pagination isn't something that's planned atm, tho typically I'd always return objects as the top level representation, and embed the pagination links inside that.
> one example returns json array, what about JSON venerability?
Side point: I don't have a reference for this, but from what I understand the JSON array vulnerability has long since been closed in all sane browsers.
Can someone tell me the advantages of all of these extra extensions for Flask? I thought the point of Flask was to make the framework part extremely light-weight.
When I need a REST-ful API for a Flask app, I just build the routes needed and code it up myself. Why both adding a whole extra framework for something? Flask by itself is already capable of supporting REST-style requests, so what does this do again? How much of the example listed was ordinary Flask-webapp code and how much was this extension? Add an HTML view to a JSON object and form for making REST requests?
Between this and the User extension from last night, I must be missing something. Or maybe I'm just old.
I am considering factoring the core of both Flask API and Django REST framework out into a library that could be integrated with any Python web framework - But that's not going to happen right away, so probably not much use to you in the immediate future.
Flask API is pretty simple tho - so there might be bits you can borrow from - perhaps the content negotiation implementation, browsable API implementation, or some of the general API style/separation of concerns that Flask API and Django REST framework both share.
The big win would be having more than one project sharing the same APIs for renderers, parsers, authentication, permissions and throttling policies - that way there'd be scope for writing at least some libraries that work cross-framework.
This looks like a great start, although at the moment it seems to be on-par feature-wise with flask-restful, which is also quite a nice project. I expect the biggest challenges will be integrating authentication and authorization like Django REST Framework has out-of-the-box - Flask has a dearth of packages in this area [1]
Keep it up OP, I'm interested to see how this progresses and I'll be following on github.
[1] flask-login and flask-principal come to mind, though they still require a writing a lot of code (especially flask-principal).
Great work, Tom! And timely. Django-rest-framework is #1 on my list of the best Django packages out there. I was about to start an API project in Flask, but was thinking that I'd really really miss DRF and its great architecture adn features (powerful out of the box, everything easily overridable, great separation of concerns, and browsable API).
Request to the authors: This project looks really cool, I can see myself using it soon. Please though be careful with your auth stuff, that is where things get tricky in terms of integrating other plugins and whatnot. I'm not sure how you'll go about it, but it will probably be awesome if you keep flexibility and plugability with the flask ecosystem in mind.
Went to the site hoping to learn what Flask is, but they don't even link to it anywhere. Doing a Google search for "flask" just returns a bunch of drinking flasks, and flask.com is for buying flasks as well.
Flask is a web framework for Python. It's smaller and lighter than Django, and can be picked up very quickly. Basically, the author of this library has a well-liked REST framework for Django, and folks are excitedg to see this goodness being brought over for Flask.
Absolutely amazing stuff been looking for something like django rest framework on Flask.
Any dates for 1.0 release? I'm looking forward to the authentication and such.
What would be great is also some implementation of Sandman's auto inspection of database to create REST api, with support for One to Many, Many to Many relationships.
[+] [-] glimcat|12 years ago|reply
http://flask-restful.readthedocs.org/en/latest/
[+] [-] tomchristie|12 years ago|reply
Flask API also shares the same architecture as the core of Django REST framework, which I think just has a really nice separation of concerns.
Also the interface of `request.data` means is easy to transparently support both JSON and form requests, and the nice content negotiation on responses means it's easy to build services that power both an HTML front-end and an API from the same endpoints.
Right now Flask RESTful is more mature of course, but I've got high hopes for this, and it's been super fun to build so far.
[+] [-] weixiyen|12 years ago|reply
[+] [-] pmdarrow|12 years ago|reply
[+] [-] ciokan|12 years ago|reply
[+] [-] jnbiche|12 years ago|reply
For those unfamiliar with Django REST Framework, please go take a look. One of the few, perhaps the only, web framework to take all (or maybe almost all) of Fielding's ideas behind REST seriously. This is more than just theoretical -- once you've created a client application that takes full advantage of a HATEOAS API, you'll understand that it's much more than an annoying acronym.
[+] [-] kfk|12 years ago|reply
All this would be amazing coupled with angularjs…
Edit Oh, and I join the question: what about flask-restful?
[+] [-] tomchristie|12 years ago|reply
Authentication policies will use a similar style to the renderers and parsers (and all of REST framework). You'll be able to set them per-view with a decorator, or set them system-wide in the config. You'll also be able to support multiple authentication policies.
[+] [-] hughes|12 years ago|reply
[1] http://blog.miguelgrinberg.com/post/restful-authentication-w...
[+] [-] lukasm|12 years ago|reply
1. Bare Flask 2. Flask RESTful 3. Flask Restless
I've spent quite some time investigating 2nd and 3rd options. Problems with 2nd:
a) Didn't bring much to the table comparing to pure Flask. Extra abstraction and complexity that without much improvements b) Swallowing Flask exceptions c) Risk that the project will be abandoned and poor maintenance (commit frequency)
3rd: Direct mapping to SQL-Alchemy models is too restrict. Hard to change stuff - very opinionated
I end up with pure Flask. It's already good with enough rest framework!. Great balance between power and abstraction.
I'm looking forward to dig into this project. Would be great if it has great integration with flask admin and security. Also support for OAuth flows would be awesome.
I have a few question for the author - of top of my head. How do you handle pagination? one example returns json array, what about JSON vulnerability?
[+] [-] ermintrude|12 years ago|reply
I'm building an AngularJS + REST server using Eve for the server. It has saved me so much time that I'm putting my dev effort mainly into a comprehensive test suite because there's so little dev work to do (btw - I'm not the author, it's just the fastest framework I've found for developing REST APIs - and I've tried Django REST framework & tastypie).
[+] [-] tomchristie|12 years ago|reply
[+] [-] emillon|12 years ago|reply
I've been wanting to do something like this for a certain time, so I have a few questions if you don't mind.
How do you handle authentication? Tokens? Cookies? Is there a special "API key" for your web app?
[+] [-] tomchristie|12 years ago|reply
Side point: I don't have a reference for this, but from what I understand the JSON array vulnerability has long since been closed in all sane browsers.
[+] [-] mbreese|12 years ago|reply
When I need a REST-ful API for a Flask app, I just build the routes needed and code it up myself. Why both adding a whole extra framework for something? Flask by itself is already capable of supporting REST-style requests, so what does this do again? How much of the example listed was ordinary Flask-webapp code and how much was this extension? Add an HTML view to a JSON object and form for making REST requests?
Between this and the User extension from last night, I must be missing something. Or maybe I'm just old.
[+] [-] brown9-2|12 years ago|reply
[+] [-] ermintrude|12 years ago|reply
[+] [-] tomchristie|12 years ago|reply
I am considering factoring the core of both Flask API and Django REST framework out into a library that could be integrated with any Python web framework - But that's not going to happen right away, so probably not much use to you in the immediate future.
Flask API is pretty simple tho - so there might be bits you can borrow from - perhaps the content negotiation implementation, browsable API implementation, or some of the general API style/separation of concerns that Flask API and Django REST framework both share.
The big win would be having more than one project sharing the same APIs for renderers, parsers, authentication, permissions and throttling policies - that way there'd be scope for writing at least some libraries that work cross-framework.
[+] [-] vosper|12 years ago|reply
Keep it up OP, I'm interested to see how this progresses and I'll be following on github.
[1] flask-login and flask-principal come to mind, though they still require a writing a lot of code (especially flask-principal).
[+] [-] nebstrebor|12 years ago|reply
[+] [-] sophacles|12 years ago|reply
[+] [-] stevewilhelm|12 years ago|reply
[1] http://python-eve.org/
[+] [-] antihero|12 years ago|reply
[+] [-] matthuggins|12 years ago|reply
So great, what is Flask? What is this about?
[+] [-] mmcclellan|12 years ago|reply
Flask is a web framework for Python. It's smaller and lighter than Django, and can be picked up very quickly. Basically, the author of this library has a well-liked REST framework for Django, and folks are excitedg to see this goodness being brought over for Flask.
[+] [-] frodopwns|12 years ago|reply
[+] [-] bliti|12 years ago|reply
[+] [-] odonnellryan|12 years ago|reply
[+] [-] sscgod|12 years ago|reply
[+] [-] notastartup|12 years ago|reply
Any dates for 1.0 release? I'm looking forward to the authentication and such.
What would be great is also some implementation of Sandman's auto inspection of database to create REST api, with support for One to Many, Many to Many relationships.
Great job!
[+] [-] tomchristie|12 years ago|reply
If anyone wants to give me a coupla days paid work on this, then yah I'm sure that could be arranged. :)