Show Menu

Python Flask Cheat Sheet by


decorator is used to bind a
to a


By default a route only answers to GET requests, but you can provide the

@app.r­out­e('­/lo­gin', method­s=[­'GET', 'POST'])


With Flask-­Restful you can create RESTful API with your Flask app

Create an Flask App
app = Flask(­__n­ame__)

Then create the Api object passing the App object
api = Api(app)

Then you can create
s and add them to the API

class NewsFi­nde­r(R­eso­urce): pass­d_r­eso­uce­(Ne­wsF­inder, '/', '/news')

You can implement each HTTP verb with functions named like the verb, but in lowercase.

def get(self): pass

def put(self, id): pass

To parse arguments passed by the url use
parser = reqpar­se.R­eq­ues­tPa­rser()

You can pass
to throw an error if arguments that were not defined by you has been passed

Add the arguments with­d_a­rgu­men­ts(­'li­mit', type=int, help='Help Text', requir­ed=­True)

You can specify the location to look for this argument with
add_ar­gum­ent­('U­ser­-Ag­ent', locati­on=­'he­aders')

Example locations: form, args, headers, session, cookies, files

Then inside the function you can
args =­rse­_args()
to get the parsed args. This variable
will become a dictionary with the values, ccess via
from flask_­restful import Api, Resource, reqparse


from flask import Flask
from flask_restful import Api, Resource
from flask_jwt import JWT, jwt_required, current_identity

app = Flask(__name__)
app.config['SECRET_KEY'] = 'my-secret'

api = Api(app, prefix='/api/v1')

	"amicheletti": "coracaopeludo"

class User(object):

	def __init__(self, id): = id

	def __str__(self):
		return "User (id={})".format(

def verify(username, password):
	if not (username and password):
		return False
	if (USER_DATA.get(username) == password):
		return User(id=123)

def identity(payload):
	user_id = payload['identity']
	return { "uid": user_id }

jwt = JWT(app, verify, identity)

class UltimateQuestion(Resource):

	def get(self):
		return { "meaningoflife" : 42, "who_asked" : dict(current_identity) }

api.add_resource(UltimateQuestion, '/', '/life')

if __name__ == "__main__":
You must have an
which takes 2 arguments and a
which takes 1 argument

Authen­tic­ation handler must return an Object that has an id attribute
Identity handler return what is going to be send to
key of the JSON

To get the token, curl POST to the
like this:
curl -H "­Con­ten­t-type: applic­ati­on/­jso­n" -X POST -d '{"u­ser­nam­e":"a­mic­hel­ett­i","p­ass­wor­d":"c­ora­cao­pel­udo­"}' http:/­/12­­:5­000­/auth`

URL Building

When routing some function to a URL, you can use function
to generate the URL to that function.

Example, if you have something like
@app.r­out­e('­/us­er/­<us­ern­ame­>') def profil­e(u­ser­name): pass
you use
url_fo­r('­pro­file', userna­me=­"­And­re")
to get the URL for that route.

That way you can avoid having to change the hardcoded URL everywhere in the code.

File Uploads

To handle file uploads with Flask, the HTML form must be set with

Then you can use it from a dictionary in

f = reques­t.f­ile­s['­the­_file']­('/­var­/ww­w/u­plo­ads­/up­loa­ded­_fi­le.t­xt')

Redirects and Errors

Pass a URL to this function to redirect a user
This will abort the request early with an error code

To customize the error page use
, but don't forget to pass the error code. Example:
return render­_te­mpl­ate­('p­age­_no­t_f­oun­d.h­tml'), 404


virtualenv my_project
Create enviro­nment named my_project
-p /usr/b­in/­pyt­hon3.5
Pass this argument to define Python to be used
source my_pro­jec­t/b­in/­act­ivate
Start using the enviro­nment
To leave your enviro­nment
pip freeze > requir­eme­nts.txt
Freeze your requir­ements to a file
pip install -r requir­eme­nts.txt
Install using the requir­ements file


Blueprints are objects similar to the Flask applic­ation object, but are not an actual applic­ation. They can record operations and endpoints routing and deliver resources, and then they are registered to the applic­ation (can be registered multiple times) under a specific URL.

Create a blueprint:
feed_b­lue­print = Bluepr­int­('f­eed', __name__)

Use blueprint like an Flask app object:

Register the blueprint to the real applic­ation­gis­ter­_bl­uep­rin­t(f­eed­_bl­uep­rint, url_pr­efi­x='­/feed')

Blueprint root folder

To build url for Bluepr­ints, put the name used in the object creation before the function name:

Also you can use the error handler just like the Flask object


JWT stands for JSON Web Token, that are used to securely transmit JSON inform­ation between two parties or authen­ticate

They consist in three parts: Header, Payload and Signature. These three parts are JSON object which are then
encoded and included to
the token­ylo­ad.s­ig­nature

- Header
In Header, you generally have two inform­ation:
the type of the token and the algorithm used

"­alg­" : "­HS2­56",

 "­typ­" : "­JWT­" 	


- Payload
In Payload you have "­cla­ims­" about an Entity (the user for example) and other metadata.


"­id": "­123­456­789­0",

  "­nam­e": "John Doe",

 "­adm­in": true


There are Reserved Claims (prede­fined), Public Claims (defined by users at IANA JSON Web Token Registry) and Private Claims (custom claims agreed by both parties)

- Signature
To generate the signature, take the encoded header and payload, a secret and encode all that with the algorithm used.

HMACSH­A256(  base64­Url­Enc­ode­(he­ader) + "." +  base64­Url­Enc­ode­(pa­yload),  secret)

- Usage
Now when the user wants to access a protected route or resource, the user agent must send the JWT typically in the Author­ization header, using the Bearer schema, like this:

Author­iza­tion: Bearer <to­ken>

Variable Rules

default for
accepts any text without slash
accepts integers
floating point values
but accept slashes
matches one of the items provided
accepts UUID strings
Add variable parts to a URL. You can also specify a converter to the variable.

Request Object

The request object is available when routing passing

is the HTTP method (POST, GET...)
Use this to access the form data passed
reques­t.a­­t('­key', '')
Use this to access parameters passed by url
from flask import request


app.logger.debug('A value for debugging')

app.logger.warning('A warning occurred (%d apples)', 42)

app.logger.error('An error occurred')


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Python Cheat Sheet

          More Cheat Sheets by amicheletti