Automating Django REST APIs documentation made easy with DRF Spectacular - Part 2
In the previous blog post, I emphasized the significance of thoroughly documenting APIs. Introducing an exceptional tool, DRF Spectacular, which seamlessly generates high-quality documentation for Django REST APIs, I explored its installation and initial configuration. Additionally, I have showcased an example project to highlight the great documentation it produces.
Now, in this second part, I embark on a more in-depth journey, delving into the library’s advanced configuration and customization options. Building on the example project from the previous part, I’ll provide practical examples, ensuring a hands-on learning experience. So, without further ado, let’s dive right in and uncover the full potential of DRF Spectacular!
The example project
To continue with the practical examples, I will use the presented example project in the previous blog post. The reality of the project is about users that can be led by another user, and the system maintains this relationship in a tree structure. The explored features are:
- Create users.
- List and filter users. The users can be filtered by username.
- List the users inside a leadership tree of a given user.
- Set a user as the leader of another user.
- List the users that are leaders.
- Get calculated metrics of the users.
- Delete a user.
If you want to know more about the user model, or the ViewSet and used serializers, please go ahead and take a look at the first part of this blog post where I explained the features of listing and creating users. I will assume you know the example project and reality well, so we can go deeper into the other features, showing amazing tools, tips, and the documentation’s appearance. Let’s begin.
Use extend_schema and OpenApiParameter
Imagine I want to add more information about the query parameter username in the listing users endpoint. I want to add a description for it, something like “Searches for the value in this query parameter returning all the users that have this value as substring. Ignores lowercase and uppercase”. For this, I will use:
- extend_schema decorator: Adding this decorator to the functions in the view, will allow me to customize the query parameters, request, response and more.
- OpenApiParameter class: A class to define and customize parameters.
So, let’s override the list function in the UserViewSet and add this:
… | |
from rest_framework.decorators import action | |
from drf_spectacular.utils import OpenApiParameter, extend_schema | |
… | |
# Add it to the UserViewSet | |
@extend_schema( | |
parameters=[ | |
OpenApiParameter( | |
name=”username”, | |
description=( | |
“Searches for the value in this query parameter returning “ | |
“all the users that have this value as substring. Ignores lowercase and uppercase.” | |
), | |
type=str, | |
) | |
] | |
) | |
def list(self, request, *args, **kwargs): | |
return super().list(request, *args, **kwargs) |
view rawlist_user_function.py hosted with ❤ by GitHub
I added in the parameters a list of OpenApiParameter elements. I can add more if we want. Let’s see the updated documentation:
In the extend_schema decorator we can add more options to customize requests and responses. Let’s see more cases.
Custom actions
For the leader’s features, I will add custom actions to the UserViewSet.
The tree of a user
For a given user, I want to get all the users that are inside its leadership tree. For this, I have to make a GET request to api/users/{id}/tree/ . This will get all the users below that leadership tree. This is the action:
… | |
from django.shortcuts import get_object_or_404 | |
… | |
# Add this to the UserViweSet | |
@action(detail=True, methods=(“GET”,)) | |
def tree(self, request, pk): | |
“”” | |
For a given user, gets the leadership tree and returns all the users | |
inside that tree. | |
“”” | |
root_user = get_object_or_404(CustomUser.objects.all(), pk=pk) | |
tree_queryset = root_user.get_tree() | |
return_serializer = UserListSerializer(tree_queryset, many=True) | |
return Response(return_serializer.data, status.HTTP_200_OK) |
view rawuser_tree_function.py hosted with ❤ by GitHub
Note: the get_tree function is a function defined in the CustomUser class. For the purpose of this blog, it doesn’t matter how it works. Just assume that the function returns the queryset with the users inside the tree. The docs look like this:
This is not good, because it says “No response body” but the endpoint actually returns a list of users. So I use again extend_schema to customize the response of this action:
@extend_schema( | |
parameters=[OpenApiParameter(“username”, exclude=True)], | |
responses=UserListSerializer(many=True), | |
) | |
@action(detail=True, methods=(“GET”,)) | |
def tree(self, request, pk): | |
… |
view rawuser_tree_extend_schema.py hosted with ❤ by GitHub
I used the decorator to indicate that the response has the form of a list (many=True) with the fields of UserListSerializer . In the line of parameters I indicate that the query parameter username that is inherited from the ViewSet, won’t be used in this action. If I don’t add this line, the documentation will say that the endpoint has the username query parameter. Take a look at how the documentation looks now:
Set a leader and get the list of leaders
Now lets see the features of setting a user’s leader and listing the leaders of the system:
- To set a user’s leader I need to make a POST request to api/users/leaders/ sending the ids of the user and leader in the body. The successful response will have a 200 status and return those ids.
- To list the users that are leaders, I will need to make a GET request to api/users/leaders/ and every user that has at least one user in charge, will be part of the returned list.
This is the serializer to set a leader:
class SetLeaderSerializer(serializers.Serializer): | |
user = serializers.PrimaryKeyRelatedField(queryset=CustomUser.objects.all()) | |
leader = serializers.PrimaryKeyRelatedField(queryset=CustomUser.objects.all()) | |
def validate(self, data): | |
“”” | |
Check that a user can’t be a leader of himself. | |
Check that a circular relationship is not allowed. | |
“”” | |
data = super().validate(data) | |
user = data[“user”] | |
leader = data[“leader”] | |
if user.id == leader.id: | |
raise ValidationError(“The user can’t be the same as the leader.”) | |
if leader.leader_id == user.id: | |
raise ValidationError(“Circular relationship not allowed.”) | |
return data |
view rawset_leader_serializer.py hosted with ❤ by GitHub
Now let’s see the action in the UserViewSet:
# Add this to the UserViewSet | |
@action(detail=False, methods=(“GET”, “POST”,)) | |
def leaders(self, request): | |
if request.method == “GET”: | |
leaders_ids = CustomUser.objects.filter( | |
leader_id__isnull=False | |
).distinct().values_list(“leader_id”, flat=True) | |
leaders_queryset = CustomUser.objects.filter(id__in=leaders_ids) | |
return_serializer = UserListSerializer(leaders_queryset, many=True) | |
return Response(return_serializer.data, status.HTTP_200_OK) | |
elif request.method == “POST”: | |
ids_serializer = SetLeaderSerializer(data=request.data) | |
if ids_serializer.is_valid(raise_exception=True): | |
user = ids_serializer.validated_data.get(“user”) | |
leader = ids_serializer.validated_data.get(“leader”) | |
user.leader = leader | |
user.save() | |
return Response(ids_serializer.data, status.HTTP_200_OK) |
view rawleaders_function.py hosted with ❤ by GitHub
In the same way as the tree endpoint, I won’t see any information about the expected body in the POST request in the docs. I won’t see the format of the responses either. Let’s add some documentation, but what can we do if the same action has two methods? The extend_schema decorator allows me to specify different documentation in the same action with more than one method. This is one way:
# Add this to the action | |
@extend_schema( | |
methods=(“GET”,), | |
parameters=[OpenApiParameter(“username”, exclude=True)], | |
description=”Returns the list of users that have at least one user in charge.”, | |
responses=UserListSerializer(many=True), | |
) | |
@extend_schema( | |
methods=(“POST”,), | |
description=”Receives the id of a user and a leader and sets the leader as leader of the user.”, | |
request=SetLeaderSerializer, | |
responses=SetLeaderSerializer, | |
) | |
@action(detail=False, methods=(“GET”, “POST”,)) | |
def leaders(self, request): | |
… |
view rawleaders_extend_schema.py hosted with ❤ by GitHub
I have added two decorators: one for the GET method and another one for the POST method. This way I customize each endpoint separately. On each method I customize the parameters, responses, description, etc. as I want. Let’s see the changes in the docs:
And that’s it! I have customized the action that has two methods. Now let’s see more examples.
Endpoint that doesn’t require serializers
Now let’s talk about the user metrics’ feature. Let’s assume the system generates metrics for the users, and returns a dictionary with three results: metric_1, metric_2, and metric_3. For the purpose of this article I don’t care about the metrics names nor the calculation of each one. All I care about is that the response of this endpoint doesn’t need a serializer, it’s just a dictionary where the keys are always the same, and the data that can change is the value of each key. This is the action:
# Add this to the UserViewSet | |
@action(detail=False, methods=(“GET”,)) | |
def metrics(self, request): | |
“”” | |
Calculates and returns the metrics of the users. | |
“”” | |
metrics_dict = get_user_metrics() | |
return Response(metrics_dict, status.HTTP_200_OK) |
view rawmetrics_endpoint.py hosted with ❤ by GitHub
As with the other custom actions, the documentation won’t show anything in the response body. For this, I will use extend_schema and two other tools:
- inline_serializer: The inline serializer allows us to define a schema for an endpoint without the need of defining a serializer class. We want that because we don’t want to create a new serializer just for documentation.
- OpenApiExample: A class to define examples for open API.
This is how it looks:
from drf_spectacular.utils import OpenApiParameter, extend_schema, OpenApiExample, inline_serializer | |
# Add this to the action in the UserViewSet | |
@extend_schema( | |
responses=inline_serializer( | |
name=”Empty serializer for example (Ignore this).”, | |
fields={“example”: serializers.CharField()}, | |
), | |
examples=[ | |
OpenApiExample( | |
“Example of metrics response.”, | |
value={“metric_1”: 88.5, “metric_2”: 25.0, “metric_3”: 100.0}, | |
request_only=False, | |
response_only=True, | |
), | |
], | |
) | |
@action(detail=False, methods=(“GET”,)) | |
def metrics(self, request): | |
… |
view rawmetrics_extend_schema.py hosted with ❤ by GitHub
The inline_serializer is required by extend_schema. I define an inline serializer with an example field, just to force the decorator to take the examples list of OpenApiExample. There I define a dictionary example with example values. I use request_only in False and response_only in True just to indicate that I want the example only for the response. But I can change those booleans as I need. Let’s see the docs:
Endpoint with authorization
Let’s discuss the delete user endpoint. Imagine that for security reasons I want only authenticated users to be able to delete their own account. That means, unauthenticated users can’t access the endpoint and authorized users can access but deleting only their own account. For this, I use the token authentication from Django REST framework. The login flow is out of the scope for this article.
Now let’s see how to indicate the UserViewSet to ask for authentication in the delete method. First, I use the DestroyModelMixin class, so I add it as a parent class of UsersViewSet. Then I override the get_permissions function to indicate that the destroy endpoint requires the user to be authenticated. The rest of the endpoints don’t require it. Here are the overwritten functions:
… | |
from rest_framework.permissions import IsAuthenticated | |
… | |
# Add this to the UsersViewSet | |
def get_permissions(self): | |
if self.action == “destroy”: | |
return [IsAuthenticated()] | |
return super().get_permissions() | |
# Add this to the UsersViewSet | |
def destroy(self, request, pk, *args, **kwargs): | |
“”” | |
Deletes an authenticated user. Requires authentication. | |
Only a user can delete its own account. | |
“”” | |
user = request.user | |
if user.id != int(pk): | |
raise ValidationError(“Only a user can delete its own account.”) | |
user.delete() | |
return Response(status=status.HTTP_204_NO_CONTENT) |
view rawdestroy_function.py hosted with ❤ by GitHub
Now, let’s check the docs:
An important thing to notice in the docs is this:
The endpoints that require authorization, have a different lock icon (The gray one). This is good because this way the person that reads the documentation, can easily identify the endpoints that require authorization.
Adding pagination
Now let’s suppose that the system has a lot of users, and I want to paginate the response of the listing feature. DRF has tools to do this very easily, I’m going to choose the LimitOffsetPagination, adding this to the REST_FRAMEWORK settings:
REST_FRAMEWORK = { | |
… | |
“DEFAULT_PAGINATION_CLASS”: “rest_framework.pagination.LimitOffsetPagination”, | |
“PAGE_SIZE”: 10, | |
… | |
} |
view rawrest_framework_dict.py hosted with ❤ by GitHub
This automatically adds pagination to the endpoints that return listed objects. DRF Spectacular recognizes this, and updates the docs. These are now the query parameters of the endpoint that lists users:
This is because when adding pagination, now I can add offset and limit query parameters to the request to filter the list of users. The response has also changed:
That is great! The documentation already shows the pagination! But wait, what happens with the custom actions? The documentation shows them also paginated. The response and query parameters of the tree endpoint are equal to these shown in the previous image. This is not true, because in the custom actions we return a serialized queryset, not a paginated response. How can I fix that? An option is to set in the action decorator that I don’t want to paginate the response. Let’s add it:
… | |
@action(detail=False, methods=(“GET”, “POST”,), pagination_class=None) | |
def leaders(self, request): | |
… | |
… | |
@action(detail=True, methods=(“GET”,), pagination_class=None) | |
def tree(self, request, pk): | |
… |
view rawpagination_none.py hosted with ❤ by GitHub
After this, the only pagination reflected in the docs will be in the listing users endpoint.
Bonus track: centralize the schemas
Finally, I would like to talk about something that is totally optional but I think it improves the maintainability of your project. Imagine you have a big project with big views and a lot of actions. If you want to customize most of them, your views will grow even more, because you are going to add extend_schema decorators everywhere.
What I like to do, is to create on each app in the Django project, a file called custom_schemas.py. There I define all the schemas, something like:
list_users_schema = extend_schema( | |
… | |
) |
view rawlist_users_schema.py hosted with ❤ by GitHub
After that, I import them in the views files, and use the extend_schema_view decorator. This decorator can be added above the ViewSet, and then I can map the endpoint with the defined schema. This is how it looks like:
# The custom schemas file | |
from drf_spectacular.utils import OpenApiParameter, extend_schema | |
list_users_schema = extend_schema( | |
parameters=[ | |
OpenApiParameter( | |
name=”username”, | |
description=( | |
“Searches for the value in this query parameter returning “ | |
“all the users that have this value as substring. Ignores lowercase and uppercase.” | |
), | |
type=str | |
) | |
] | |
) |
view rawschemas_file.py hosted with ❤ by GitHub
Now I add that to the UserViewSet:
… | |
from drf_spectacular.utils import extend_schema_view | |
… | |
@extend_schema_view(list=list_users_schema) | |
class UsersViewSet(GenericViewSet, CreateModelMixin, ListModelMixin, RetrieveModelMixin, DestroyModelMixin): | |
… |
view rawextende_schema_view.py hosted with ❤ by GitHub
And then of course I remove the override of the list function and the extend_schema decorator above.
I can add more actions and their custom schemas inside the extend_schema_view decorator as I want. I can even combine the use of extend_schema_view with some functions above the ViewSet, and the use of extend_schema decorator with other functions inside the ViewSet.
Again, this is totally optional, I use it because I like to centralize the customizations to increase the maintainability.
Summary
This was the second and final part of a blog post of APIs documentation. I focused on the crucial role of documentation for Django REST APIs and introduced the tool DRF Spectacular as a game-changer in this domain. I shared an example project to help readers grasp the key functionalities of this tool and understand its significance in API development. The article also provided valuable tips on how to create clear and user-friendly documentation. One standout feature of DRF Spectacular that I highlighted was its ability to automatically generate documentation, simplifying the process and saving developers valuable time and effort. With a genuine hope that my article resonates with readers and fosters a greater appreciation for the importance of thorough API documentation, I’m excited to share these insights with the wider community.