Python Flask REST API
backend
Python
scaffolding
zen
Build a RESTful API with Flask including blueprints, error handling, and JWT auth.
By ethan_w
12/8/2025
Prompt
Flask REST API
Build a production-ready RESTful API for [Application] using Flask with proper architecture and security.
Requirements
1. API Structure
Create endpoints for:
- [Resource 1] - [Operations] (e.g., Users - CRUD)
- [Resource 2] - [Operations] (e.g., Posts - CRUD + search)
- [Resource 3] - [Operations] (e.g., Comments - CRUD + filtering)
2. Application Architecture
Organize using:
- Blueprints for modular routes
- Application factory pattern
- Configuration management (dev/prod)
- Database integration (SQLAlchemy)
3. Authentication & Authorization
Implement:
- JWT-based authentication
- Protected routes with decorators
- Role-based access control (optional)
- Token refresh mechanism
4. Request/Response Handling
Include:
- Input validation with schemas
- Proper HTTP status codes
- Error handling middleware
- Response formatting
- CORS configuration
5. Database Layer
Set up:
- SQLAlchemy models
- Database migrations (Alembic)
- Query optimization
- Connection pooling
Implementation Pattern
# app/__init__.py - Application Factory
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_jwt_extended import JWTManager
from flask_cors import CORS
db = SQLAlchemy()
jwt = JWTManager()
def create_app(config_name='development'):
app = Flask(__name__)
app.config.from_object(f'config.{config_name.capitalize()}Config')
# Initialize extensions
db.init_app(app)
jwt.init_app(app)
CORS(app)
# Register blueprints
from .routes.[resource] import [resource]_bp
app.register_blueprint([resource]_bp, url_prefix='/api/[resource]')
# Error handlers
register_error_handlers(app)
return app
# app/routes/[resource].py - Blueprint
from flask import Blueprint, jsonify, request
from flask_jwt_extended import jwt_required, get_jwt_identity
from ..models import [ModelName]
from ..schemas import [Schema]
from .. import db
[resource]_bp = Blueprint('[resource]', __name__)
@[resource]_bp.route('/', methods=['GET'])
@jwt_required()
def get_[resources]():
[resources] = [ModelName].query.all()
return jsonify([[resource].to_dict() for [resource] in [resources]]), 200
@[resource]_bp.route('/<int:id>', methods=['GET'])
@jwt_required()
def get_[resource](id):
[resource] = [ModelName].query.get_or_404(id)
return jsonify([resource].to_dict()), 200
@[resource]_bp.route('/', methods=['POST'])
@jwt_required()
def create_[resource]():
data = request.get_json()
# Validate input
schema = [Schema]()
errors = schema.validate(data)
if errors:
return jsonify({'errors': errors}), 400
[resource] = [ModelName](**data)
db.session.add([resource])
db.session.commit()
return jsonify([resource].to_dict()), 201
@[resource]_bp.route('/<int:id>', methods=['PUT'])
@jwt_required()
def update_[resource](id):
[resource] = [ModelName].query.get_or_404(id)
data = request.get_json()
for key, value in data.items():
setattr([resource], key, value)
db.session.commit()
return jsonify([resource].to_dict()), 200
@[resource]_bp.route('/<int:id>', methods=['DELETE'])
@jwt_required()
def delete_[resource](id):
[resource] = [ModelName].query.get_or_404(id)
db.session.delete([resource])
db.session.commit()
return '', 204
# Authentication routes
from flask_jwt_extended import create_access_token, create_refresh_token
auth_bp = Blueprint('auth', __name__)
@auth_bp.route('/login', methods=['POST'])
def login():
data = request.get_json()
username = data.get('username')
password = data.get('password')
user = User.query.filter_by(username=username).first()
if user and user.check_password(password):
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
return jsonify({
'access_token': access_token,
'refresh_token': refresh_token
}), 200
return jsonify({'error': 'Invalid credentials'}), 401
# Error handlers
def register_error_handlers(app):
@app.errorhandler(404)
def not_found(error):
return jsonify({'error': 'Resource not found'}), 404
@app.errorhandler(400)
def bad_request(error):
return jsonify({'error': 'Bad request'}), 400
@app.errorhandler(500)
def internal_error(error):
db.session.rollback()
return jsonify({'error': 'Internal server error'}), 500
# config.py
class Config:
SQLALCHEMY_DATABASE_URI = '[database_url]'
SQLALCHEMY_TRACK_MODIFICATIONS = False
JWT_SECRET_KEY = '[secret_key]'
JWT_ACCESS_TOKEN_EXPIRES = 3600 # 1 hour
class DevelopmentConfig(Config):
DEBUG = True
class ProductionConfig(Config):
DEBUG = False
Best Practices
- Use environment variables for sensitive data
- Implement request validation
- Add proper logging
- Use database transactions
- Implement rate limiting
- Add API versioning
- Document endpoints (Swagger/OpenAPI)
- Write tests for all endpoints
Tags
flask
python
api
rest
Tested Models
gpt-4
claude-3-5-sonnet