Skills Guide

Construire des routes API

VérifiéSûr

Créez des points d'accès RESTful dans Flask en suivant des conventions d'URL cohérentes, en validant toutes les entrées avec Marshmallow ou Pydantic et en renvoyant des réponses JSON uniformes avec un enveloppe standard. Utile lors de l'ajout de nouvelles ressources CRUD ou de la refactorisation de routes existantes pour respecter les principes REST, y compris la pagination offset/ou curseur pour les listes.

Spar Skills Guide Bot
DeveloppementIntermédiaire
9002/06/2026
Claude CodeCursor
#flask#api-routes#validation#pagination#restful

Recommandé pour

Développeur backendClaude CodeRevue de codeCursorDéveloppeur frontendDéveloppeur fullstack

Notre avis

Construisez des points de terminaison d'API RESTful dans Flask avec validation des entrées, réponses JSON cohérentes et pagination.

Points forts

  • Applique les conventions RESTful et les modèles d'URL cohérents
  • Fournit une validation avec les schémas marshmallow
  • Prend en charge la pagination par décalage et par curseur
  • Retourne des enveloppes JSON uniformes pour les réponses de succès et d'erreur

Limites

  • Suppose Flask et SQLAlchemy (ou similaire) comme backend
  • Ne couvre pas l'authentification, l'autorisation ou la limitation de débit
  • Peut nécessiter une adaptation pour les frameworks asynchrones ou non Flask
Quand l'utiliser

Utilisez lors de l'ajout de nouveaux points de terminaison CRUD à une application Flask ou de la refactorisation de routes existantes pour suivre les meilleures pratiques RESTful.

Quand l'éviter

N'utilisez pas pour des points de terminaison statiques simples ou si vous avez besoin d'API GraphQL ou de style RPC plutôt que REST.

Analyse de sécurité

Sûr
Score qualité92/100

The skill provides patterns for building Flask API routes with examples. No destructive, exfiltrating, or obfuscated instructions. It does not include any dangerous commands or disable security measures. It is purely educational.

Aucun point d'attention détecté

Exemples

Create a Flask tasks endpoint
Create a RESTful Flask endpoint for tasks with validation using marshmallow, pagination, and consistent JSON responses.
Add cursor-based pagination
Add cursor-based pagination to an existing Flask users list endpoint. The endpoint currently returns all users at once.

name: Building API Routes description: Build RESTful Flask routes with input validation, consistent response formatting, and pagination.

Building API Routes

Goal

Create RESTful API endpoints in Flask that follow consistent URL conventions, validate all input, return uniform JSON responses, and support pagination for list endpoints.

When to Use

  • Adding a new resource endpoint (CRUD) to an existing Flask app.
  • Designing the API contract for a new feature.
  • Refactoring existing routes to follow RESTful conventions.
  • Adding pagination, filtering, or sorting to list endpoints.

Instructions

RESTful Conventions

Map HTTP methods to operations on resources:

| Method | URL Pattern | Action | Status Code | |--------|-------------------------------|--------------|-------------| | GET | /api/v1/resources | List all | 200 | | GET | /api/v1/resources/<id> | Get one | 200 | | POST | /api/v1/resources | Create | 201 | | PUT | /api/v1/resources/<id> | Full update | 200 | | PATCH | /api/v1/resources/<id> | Partial update | 200 | | DELETE | /api/v1/resources/<id> | Delete | 204 |

URL Patterns

Use plural nouns for resource names. Never put verbs in URLs.

/api/v1/users
/api/v1/users/<int:user_id>
/api/v1/users/<int:user_id>/tasks

Request Validation

Validate incoming data before it reaches business logic. Use marshmallow schemas or pydantic models.

from marshmallow import Schema, fields, validate, ValidationError


class CreateUserSchema(Schema):
    email = fields.Email(required=True)
    name = fields.String(required=True, validate=validate.Length(min=1, max=255))
    role = fields.String(validate=validate.OneOf(["admin", "member", "viewer"]))

Apply validation in the route handler:

@users_bp.route("/", methods=["POST"])
def create_user():
    schema = CreateUserSchema()
    try:
        data = schema.load(request.get_json())
    except ValidationError as err:
        return jsonify({"error": {"code": "VALIDATION_ERROR", "message": "Invalid input", "details": err.messages}}), 422

    user = user_service.create(data)
    return jsonify({"data": user}), 201

Response Format

Every endpoint returns a consistent JSON envelope:

{
  "data": {},
  "error": null,
  "meta": {}
}
  • Success responses populate data and optionally meta (pagination info, counts).
  • Error responses populate error with code, message, and optional details.
  • Never mix shapes: a response is either a success or an error, not both.

Pagination

For list endpoints, support offset/limit pagination:

@users_bp.route("/", methods=["GET"])
def list_users():
    page = request.args.get("page", 1, type=int)
    per_page = request.args.get("per_page", 20, type=int)
    per_page = min(per_page, 100)  # Cap maximum

    pagination = User.query.paginate(page=page, per_page=per_page, error_out=False)

    return jsonify({
        "data": [user.to_dict() for user in pagination.items],
        "meta": {
            "page": pagination.page,
            "per_page": pagination.per_page,
            "total": pagination.total,
            "pages": pagination.pages,
        }
    }), 200

For cursor-based pagination (better for large or frequently changing datasets):

@users_bp.route("/", methods=["GET"])
def list_users():
    cursor = request.args.get("cursor", None)
    limit = request.args.get("limit", 20, type=int)
    limit = min(limit, 100)

    query = User.query.order_by(User.id)
    if cursor:
        query = query.filter(User.id > cursor)

    users = query.limit(limit + 1).all()
    has_next = len(users) > limit
    users = users[:limit]

    next_cursor = users[-1].id if has_next and users else None

    return jsonify({
        "data": [u.to_dict() for u in users],
        "meta": {
            "next_cursor": next_cursor,
            "has_next": has_next,
        }
    }), 200

Complete CRUD Example

from flask import Blueprint, jsonify, request
from marshmallow import ValidationError

from app.routes.users.schemas import CreateUserSchema, UpdateUserSchema
from app.routes.users.services import user_service

users_bp = Blueprint("users", __name__)


@users_bp.route("/", methods=["GET"])
def list_users():
    page = request.args.get("page", 1, type=int)
    per_page = min(request.args.get("per_page", 20, type=int), 100)
    result = user_service.list_paginated(page, per_page)
    return jsonify({"data": result["items"], "meta": result["meta"]}), 200


@users_bp.route("/<int:user_id>", methods=["GET"])
def get_user(user_id):
    user = user_service.get_or_404(user_id)
    return jsonify({"data": user}), 200


@users_bp.route("/", methods=["POST"])
def create_user():
    schema = CreateUserSchema()
    try:
        data = schema.load(request.get_json())
    except ValidationError as err:
        return jsonify({"error": {"code": "VALIDATION_ERROR", "message": "Invalid input", "details": err.messages}}), 422
    user = user_service.create(data)
    return jsonify({"data": user}), 201


@users_bp.route("/<int:user_id>", methods=["PUT"])
def replace_user(user_id):
    schema = CreateUserSchema()
    try:
        data = schema.load(request.get_json())
    except ValidationError as err:
        return jsonify({"error": {"code": "VALIDATION_ERROR", "message": "Invalid input", "details": err.messages}}), 422
    user = user_service.update(user_id, data)
    return jsonify({"data": user}), 200


@users_bp.route("/<int:user_id>", methods=["PATCH"])
def update_user(user_id):
    schema = UpdateUserSchema()
    try:
        data = schema.load(request.get_json())
    except ValidationError as err:
        return jsonify({"error": {"code": "VALIDATION_ERROR", "message": "Invalid input", "details": err.messages}}), 422
    user = user_service.partial_update(user_id, data)
    return jsonify({"data": user}), 200


@users_bp.route("/<int:user_id>", methods=["DELETE"])
def delete_user(user_id):
    user_service.delete(user_id)
    return "", 204

Constraints

✅ Do

  • Validate all incoming request data with a schema before processing.
  • Use a consistent JSON response envelope (data, error, meta).
  • Return proper HTTP status codes: 200, 201, 204, 400, 404, 422, 500.
  • Use plural nouns for resource URLs.
  • Cap pagination limits to prevent abuse (e.g., max 100 per page).
  • Include pagination metadata in list responses.

❌ Don't

  • Do not use verbs in URLs (no /api/v1/getUsers or /api/v1/createUser).
  • Do not return different response shapes from different endpoints.
  • Do not expose internal database IDs without a clear reason.
  • Do not allow unbounded queries -- always paginate list endpoints.
  • Do not put business logic directly in route handlers; delegate to service functions.

Output Format

When generating routes, produce the route file, the schema file, and the service file as separate code blocks. Include the blueprint registration line for create_app().

Dependencies

Skills similaires

Expert Next.js App Router

Developpement

Un skill qui transforme Claude en expert Next.js App Router.

Claude CodeCursoradvanced
890
234
2,846
Admin

Générateur de README

Developpement

Crée des README.md professionnels et complets pour vos projets.

claudeCursorWindsurfbeginner
259
72
821
Admin

Rédacteur de Documentation API

Developpement

Génère de la documentation API complète au format OpenAPI/Swagger.

claudeCursorWindsurfintermediate
156
44
682
Admin