A few questions about rest API

53 views
Skip to first unread message

Alan Etkin

unread,
Oct 25, 2025, 6:34:24 PMOct 25
to py4web
Hi all

I'm new to py4web's rest API

Is there a way to use compound GET queries in the same request?

Something like logical AND/OR SQL statements

/superheroes/api/superhero?name.eq=Superman&superpower.eq=Flight

Also, it would be nice add if the docs covered a list of available comparison operators

Regards

Alan

Alan Etkin

unread,
Oct 26, 2025, 8:22:20 AMOct 26
to py4web
Regarding compound statements, it was answered here (thanks)


About covering the comparison operators in the docs, found that rest API supports as of today:

eq, ne, qt, lt, ge, le, startswith, contains and in, plus prefixing with not to negate the expression

I'm working in a spanish tutorial for the api so I will cover them there

Many thanks and have a nice weekend

Kathy Botlar

unread,
Oct 31, 2025, 2:32:26 PM (13 days ago) Oct 31
to py4web
Looking for the same

Massimo DiPierro

unread,
Nov 6, 2025, 2:48:09 AM (8 days ago) Nov 6
to py4web
Currently the RestAPI only support the and (&) operator and the nor operator. The syntax ir
https://..../{tablename}?{field1}.{op1}=value1&{field2}.{op2}=value2&not.{field3}.{op3}=value3
where op can be one of eq, ne, lt, gt, le, ge, startwith, in, contains.

It is intentionally designed to not allow arbitrary queries since it can result in ddos attacks.

If you do want arbitrary queries you can do:

db.define_table(
"thing",
Field("name"))

from pydal.querybuilder import QueryBuilder

@action("search/<tablename>")
@action.uses(auth)
def search(tablename):
# maybe if not auth.user_id: raise HTTP(403)
# maybe if not tablename in allowed_tables: raise HTTP(403)
if not tablename in db: raise HTTP(400)
table = db[tablename]
builder = QueryBuilder(table)
try:
query = builder.parse(request.GET.get("q", ""))
items = db(query).select().as_list()
except:
return HTTP(400)
return {"items": items}

This allows arbitrary searches like 

search/thing?q=name is Max or (name is Tim and id > 1) or name contains x

The RestAPI is designed for simple structured queries with the ability to manipulate the format of the respose.
The QueryBuilder is designed to build an arbitrary query from a string.

Perhaps there should a superset of both but I am not convinced there is one solution that will make everybody happy without add even more magic and complexity.
Reply all
Reply to author
Forward
0 new messages