Recommendations for writing API routes?

43 views
Skip to first unread message

Laurent Daverio

unread,
Sep 11, 2024, 10:11:43 AMSep 11
to pylons-...@googlegroups.com
Hello List,

I would like to ask about recommended packages for writing API routes in Pyramid. I mostly know two ways of doing it:

- using Pyramid views with a JSON renderer
- using Cornice

At one time, I was using `pyramid_openapi3` on tope of it, but I decided to stop, due to having lots of issues with it (but that's another story).

I generally prefer Cornice, however there a lot of features I don't use, like validations, and "resources" (I only use "services", as "resources" are not flexible enough for my needs).

So, at this point, my question is: if you were to recommend something "better" than Cornice ("better" meaning essentially "lighter"), what would it be?

Thanks in advance,

Laurent.



Thierry Florac

unread,
Sep 11, 2024, 12:47:05 PMSep 11
to pylons-...@googlegroups.com
Hi Laurent,

I'm actually using Cornice (also with services definitions only), with Colander for schemas definitions and validation, which allows you to get Swagger API definitions very easily, and it works really fine!

Best regards,
Thierry


--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAB7cU6xtNQdj%3Dby9WjeJwJZkpV4-GOmDeyaq1XqyJZ_dGC%3D%2B0w%40mail.gmail.com.

Theron Luhn

unread,
Sep 11, 2024, 12:51:11 PMSep 11
to pylons-...@googlegroups.com
How do you get OpenAPI/Swagger from Cornice?  I looked into it a while ago and wasn’t able to find anything.

— Theron



Thierry Florac

unread,
Sep 11, 2024, 2:56:26 PMSep 11
to pylons-...@googlegroups.com
I actually use the cornice-swagger package.
I can send integration code if needed...

Best regards,
Thierry

Mikko Ohtamaa

unread,
Sep 11, 2024, 6:50:47 PMSep 11
to pylons-...@googlegroups.com
Hi,

Alternatively fastapi is a very popular and maintained framework today. Though as far as I know, it runs on the top of Flask, not Pyramid. Not sure if Pyramid integration exists.


Br,
Mikko

David Glick

unread,
Sep 11, 2024, 7:00:36 PMSep 11
to pylons-...@googlegroups.com
FastAPI is built on Starlette, not Flask. It is worth a look.

Laurent Daverio

unread,
Sep 12, 2024, 3:02:57 AMSep 12
to pylons-...@googlegroups.com
Hi Mikko,

I had a long look at FastAPI a few months ago. At first it looked like a very interesting option to me, and I further explored the docs to find if it offered all that I needed.

The Swagger/OpenAPI integration out of the box has to be the main selling point. Also, the use of Pydantic schemas to validate both inputs and outputs is very attractive, as well as the Oauth2 integration out of the box.

On the minus side, the dependency injection system seemed far from clear to me. But the two biggest problems, for my needs, were:

- FastAPI doesn't offer rich security policies (the security system in Pyramid is based on Zope's, with roles, permissions, ACLs, route factories, contexts, etc.). Itonly offers "Oauth2 scopes", which can represent global permissions. So, no contextual permissions, workflows, etc, at least not with a substantial amount of work.

- FastAPI doesn't seem to allow application composition the way Pyramid does (the exact term in the Pyramid docs is "extending an application")

So, in the end, I realised it was just a shinier, modern-er Flask, and I would lose too any things if I made the switch from Pyramid :(

Laurent.



Jonathan Vanasco

unread,
Sep 16, 2024, 10:10:52 AMSep 16
to pylons-discuss
I've done this a few times, using the same pattern:

I use "Pylons" style controllers, having shared API logic (identity, auth, etc)  in a base class...

    class _CoreHandler(object):
        def __init__(self, request: "Request"):
            pass

    class _ApiHandler(_CoreHandler):
        def __init__(self, request: "Request"):
            _CoreHandler.__init__(self, request)

Then the routes inherit from those classes...

    class ApiPv1_Link(_CoreHandler):

         @view_config(route_name="api-public:v1:object:link", renderer="json")
         def link(self) -> Dict:
              return {}

If I were just doing a one-off project, I would have stuck to the Pyramid auth – but we ran into some performance/bottlenecks using the Pyramid system with our internal needs and got the required improvements by bringing that within the Pylons handlers.  I have no criticism of the Pyramid setup, we were just able to better group database/kv queries and logic by centralizing a lot of the calls into that spot.

I have a variant of this pattern in a project I open sourced, and will share that here:

https://github.com/aptise/peter_sslers/blob/main/src/peter_sslers/web/views_admin/acme_authorization.py

In the example view here:

1- every route handles a HTML view and a `.json` API version
2- `request.wants_json` is a reified property
3- a "@docify" handler is used to define the documentation for the API route, which gets rendered onto a help page.

We have a lot of legacy code running on formencode, which is why we don't use deform/colander.

I also open sourced our oAuth integration library here, which may be useful:


The test suite for that contains full apps and oauth workflows.

Mikko Ohtamaa

unread,
Oct 4, 2024, 3:58:47 AMOct 4
to pylons-...@googlegroups.com

On the minus side, the dependency injection system seemed far from clear to me. But the two biggest problems, for my needs, were:

- FastAPI doesn't offer rich security policies (the security system in Pyramid is based on Zope's, with roles, permissions, ACLs, route factories, contexts, etc.). Itonly offers "Oauth2 scopes", which can represent global permissions. So, no contextual permissions, workflows, etc, at least not with a substantial amount of work.

- FastAPI doesn't seem to allow application composition the way Pyramid does (the exact term in the Pyramid docs is "extending an application")

Would it be possible to mix the best parts of FastAPI and Pyramid?

- FastAPI for schema generation and validation
- Pyramid as a web server and routing

As pointed our earlier, FastAPI uses Starlette web server. Would we be able to replace Starlette with Pyramid?

Or more generally:

Do we have any OpenAPI specification (YAML, JSON) generation tools from Pyramid endpoints? (As discussed earlier, we have the opposite, manually writing YAML and then importing it through pyramid_openapi3).

Br,
Mikko

Thierry Florac

unread,
Oct 4, 2024, 8:51:46 AMOct 4
to pylons-...@googlegroups.com
Hi Mikko,
I use colander, cornice and cornice-swagger packages with Pyramid.
They allow schema verification and validation, and OpenAPI specification generation...

Best regards,
Thierry

--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.

Sergey Maranchuk

unread,
Oct 4, 2024, 9:18:22 AMOct 4
to pylons-discuss
Cornice is in `maintenance mode` now and not recommended for new projects.

пятница, 4 октября 2024 г. в 15:51:46 UTC+3, Thierry Florac:

Mikko Ohtamaa

unread,
Oct 4, 2024, 9:59:48 AMOct 4
to pylons-...@googlegroups.com
Hi,

On Fri, 4 Oct 2024 at 15:18, Sergey Maranchuk <slav...@gmail.com> wrote:
Cornice is in `maintenance mode` now and not recommended for new projects.

пятница, 4 октября 2024 г. в 15:51:46 UTC+3, Thierry Florac:
Hi Mikko,
I use colander, cornice and cornice-swagger packages with Pyramid.
They allow schema verification and validation, and OpenAPI specification generation...

I appreciate your recommendations. I did some Colander maintenance a decade ago. Let's not speak about those dark times. Even if it is not a perfect solution to every problem, I feel Pydantic could be a good future solution as it has a vibrant community and is not too opinionated.

At least it is not Django.

Br,
Mikko
 

Best regards,
Thierry

Le ven. 4 oct. 2024 à 09:58, Mikko Ohtamaa <mi...@redinnovation.com> a écrit :


On the minus side, the dependency injection system seemed far from clear to me. But the two biggest problems, for my needs, were:

- FastAPI doesn't offer rich security policies (the security system in Pyramid is based on Zope's, with roles, permissions, ACLs, route factories, contexts, etc.). Itonly offers "Oauth2 scopes", which can represent global permissions. So, no contextual permissions, workflows, etc, at least not with a substantial amount of work.

- FastAPI doesn't seem to allow application composition the way Pyramid does (the exact term in the Pyramid docs is "extending an application")

Would it be possible to mix the best parts of FastAPI and Pyramid?

- FastAPI for schema generation and validation
- Pyramid as a web server and routing

As pointed our earlier, FastAPI uses Starlette web server. Would we be able to replace Starlette with Pyramid?

Or more generally:

Do we have any OpenAPI specification (YAML, JSON) generation tools from Pyramid endpoints? (As discussed earlier, we have the opposite, manually writing YAML and then importing it through pyramid_openapi3).

Br,
Mikko

--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.

Laurent Daverio

unread,
Oct 4, 2024, 10:42:43 AMOct 4
to pylons-...@googlegroups.com
Hello list,

personally, I started with Colander + Deform, then had to patch Deform to work with Bootstrap 4, then switched to "schema" (no-frills but nice) for the back-end, and JS stuff ("yup") for the front-end. And then Pydantic. I love Pydantic, in my opinion it's THE way to go. The developer of FastAPI and Typer relies heavily on it (maybe too heavily sometimes? ;)) but I can understand why (and I love Typer - or, rather, I love "rich"). 

Pydantic is also what allows FastAPI to auto-generate a Swagger page. I would love to have the same in Pyramid. We would probably need to add schema validation to both the input and output of Pyramid views.

As for Cornice, I don't remember why I chose to use it over plain JSON routes, but there was a reason. Still, I'm probably only using 5% of its features, the rest is not useful for me.

Laurent.


Sergey Maranchuk

unread,
Oct 4, 2024, 10:46:37 AMOct 4
to pylons-...@googlegroups.com
Cornice support custom validators (+marshmallow out of the box), i think it not hard add Pydantic/dataclasses support

 Let's not speak about those dark times.
Pydantic is very specific too  in real life :)
From my side FastAPI is more about hype, you can also check LiteStar - the next station after FastApi with less limitations, but personally i preferred pyramid's philosophy

пт, 4 окт. 2024 г. в 16:59, Mikko Ohtamaa <mi...@redinnovation.com>:
You received this message because you are subscribed to a topic in the Google Groups "pylons-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pylons-discuss/wnKQT4_5aZA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pylons-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAK8RCUuETnH2QdqG73oqSLQo7WJGdmR4%2BCHPpot%3DAvZ4m4YtrA%40mail.gmail.com.

Mikko Ohtamaa

unread,
Oct 4, 2024, 10:48:56 AMOct 4
to pylons-...@googlegroups.com
(maybe too heavily sometimes? ;)) but I can understand why (and I love Typer - or, rather, I love "rich"). 


Typer is the reason why I got into Pydantic ❤️

Br,
Mr. 153 command line options
Reply all
Reply to author
Forward
0 new messages