FAQ
I use library/app XXX and the generated schema is wrong or broken
Sometimes DRF libraries do not cooperate well with the introspection mechanics. Check the Extension Blueprints for already available fixes. If there aren’t any, learn how to do easy Workflow & schema customization. Feel free to contribute back missing fixes.
If you think this is a bug in drf-spectacular, open an issue.
My Swagger UI and/or Redoc page is blank
Chances are high that you are using django-csp.
Take a look inside your browser console and confirm that you have Content Security Policy errors.
By default, django-csp usually breaks our UIs for 2 reasons: external assets and inline scripts.
Using the sidecar
will mitigate the remote asset loading violation by serving the asset from your self. Alternatively,
you can also adapt CSP_DEFAULT_SRC to allow for those CDN assets instead.
Solution for Swagger UI:
# Option: SIDECAR
SPECTACULAR_SETTINGS = {
...
'SWAGGER_UI_DIST': 'SIDECAR',
'SWAGGER_UI_FAVICON_HREF': 'SIDECAR',
}
CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'")
CSP_IMG_SRC = ("'self'", "data:")
# Option: CDN
CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", "cdn.jsdelivr.net")
CSP_IMG_SRC = ("'self'", "data:", "cdn.jsdelivr.net")
Note
Depending on how paranoid you are, you may avoid having to use unsafe-inline by using
SpectacularSwaggerSplitView instead, which does a separate request for the script. Note however
that some URL rewriting deployments will break it. Use this option only if you really need to.
Solution for Redoc:
# Option: SIDECAR
SPECTACULAR_SETTINGS = {
...
'REDOC_DIST': 'SIDECAR',
}
# Option: CDN
CSP_DEFAULT_SRC = ("'self'", "cdn.jsdelivr.net")
# required for both CDN and SIDECAR
CSP_WORKER_SRC = ("'self'", "blob:")
CSP_IMG_SRC = ("'self'", "data:", "cdn.redoc.ly")
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'", "fonts.googleapis.com")
CSP_FONT_SRC = ("'self'", "fonts.gstatic.com")
I cannot use @extend_schema on library code
You can easily adapt introspection for libraries/apps with the Extension mechanism. Extensions provide an easy way to attach schema information to code that you cannot modify otherwise. Have a look at Workflow & schema customization on how to use Extensions
I get an empty schema or endpoints are missing
This is usually due to versioning (or more rarely due to permissions).
In case you use versioning on all endpoints, that might be the intended output. By default the schema will only contain unversioned endpoints. Explicitly specify what version you want to generate.
./manage.py spectacular --api-version 'YOUR_VERSION'
This will contain unversioned endpoints together with the endpoints for the specified version.
For the schema views you can either set a versioning class (implicit versioning via the request) or
explicitly override the version with SpectacularAPIView.as_view(api_version='YOUR_VERSION').
I expected a different schema
Sometimes views declare one thing (via serializer_class and queryset) and do
a entirely different thing. Usually this is attributed to making a library code flexible
under varying situations. In those cases it is best to override what the introspection
decided and state explicitly what is to be expected.
Work through the steps in Workflow & schema customization to adapt your schema.
I get duplicated operations with a {format}-suffix
Your app likely uses DRF’s format_suffix_patterns. If those operations are
undesirable in your schema, you can simply exclude them with an already provided
preprocessing hook.
I get a lot of warnings
The warnings are emitted to inform you of discovered schema issues. Some
usage patterns like @api_view or APIView provide very
little discoverable information on your API. In those cases you can
easily augment those endpoints and serializers with additional information.
Look at Workflow & schema customization options to fill those gaps and make the warnings
disappear.
I get warnings regarding my Enum or my Enum names have a weird suffix
This is because the Enum postprocessing hook is activated by default, which
attempts to find a name for a set of enum choices.
The naming mechanism uses the name of the field and possibly the name of the component, followed by a suffix if necessary if there are clashes (if there are two enum fields with the same name but different set of choices). This will handle all encountered issues automatically, but also notify you of potential problems, of two kinds:
multiple names being produced for the same set of values, due to different field names (e.g. if you have a single currency enum used by distinct fields named like
payment_currencyandpreferred_currency, the naming mechanism will by default treat this as two different enums but emit a warning).clashes that result in a suffix being needed, as above.
You can resolve (or silence) enum issues by adding an entry to the
ENUM_NAME_OVERRIDES setting. Values can take the form of choices (list of tuples), value lists
(list of strings), or import strings. Django’s models.Choices and Python’s Enum classes
are supported as well. The key is a string that you choose as a name to give to
this set of values.
For example:
SPECTACULAR_SETTINGS = {
...
'ENUM_NAME_OVERRIDES': {
# variable containing list of tuples, e.g. [('US', 'US'), ('RU', 'RU'),]
'LanguageEnum': language_choices,
# dedicated Enum or models.Choices class
'CountryEnum': 'import_path.enums.CountryEnum',
# choices is an attribute of class CurrencyContainer containing a list of tuples
'CurrencyEnum': 'import_path.CurrencyContainer.choices',
}
}
If you have multiple semantically distinct enums that happen to have the same set of values, and you want different names for them, this mechanism won’t work.
My endpoints use different serializers depending on the situation
Welcome to the real world! Use @extend_schema
in combination with PolymorphicProxySerializer
like so:
class PersonView(viewsets.GenericViewSet):
@extend_schema(responses={
200: PolymorphicProxySerializer(
component_name='Person',
# on 200 either a legal or a natural person is returned
serializers=[LegalPersonSerializer, NaturalPersonSerializer],
resource_type_field_name='type',
),
500: YourOptionalErrorSerializer,
})
def retrieve(self, request, *args, **kwargs)
pass
My authentication method is not supported
You can easily specify a custom authentication with
OpenApiAuthenticationExtension.
Have a look at Workflow & schema customization on how to use Extensions
How can I i18n/internationalize my schema and UI?
You can use the Django internationalization as you would normally do. The workflow is as one
would expect: USE_I18N=True, settings the languages, makemessages, and compilemessages.
The CLI tool accepts a language parameter (./manage.py spectacular --lang="de-de") for offline
generation. The schema view as well as the UI views accept a lang query parameter for
explicitly requesting a language (example.com/api/schema?lang=de). If i18n is enabled and there
is no query parameter provided, the ACCEPT_LANGUAGE header is used. Otherwise the translation
falls back to the default language.
from django.utils.translation import gettext_lazy as _
class PersonView(viewsets.GenericViewSet):
__doc__ = _("""
More lengthy explanation of the view
""")
@extend_schema(summary=_('Main endpoint for creating person'))
def retrieve(self, request, *args, **kwargs):
pass
FileField (ImageField) is not handled properly in the schema
In contrast to most other fields, FileField behaves differently for requests and responses.
This duality is impossible to represent in a single component schema.
For these cases, there is an option to split components into request and response parts
by setting COMPONENT_SPLIT_REQUEST = True. Note that this influences the whole schema,
not just components with FileFields.
Also consider explicitly setting parser_classes = [parsers.MultiPartParser] (or any file compatible parser)
on your View or write a custom get_parser_classes. These fields do not work with the default JsonParser
and that fact should be represented in the schema.
I’m using @action(detail=False) but the response schema is not a list
detail=True/False only specifies whether the action should be routed at x/{id}/action or x/action.
The detail parameter in itself makes no statement about the action’s response. Also note that the default
for underspecified endpoints is a non-list response. To signal a listed response, you can use
@extend_schema(responses=XSerializer(many=True)).
Using @extend_schema on APIView has no effect
@extend_schema needs to be applied to the entrypoint method of the view. For views derived from Viewset,
these are methods like retrieve, list, create. For APIView based views, these are get, post,
create. This confusion commonly occurs while using convenience classes like ListAPIView. ListAPIView does
in fact have a list method (via mixin), but the actual entrypoint is still the get method, and the list
call is proxied through the entrypoint.
Where should I put my extensions? / my extensions are not detected
The extensions register themselves automatically. Just be sure that the Python interpreter sees them at least once.
It is good practice to collect your extensions in YOUR_MAIN_APP_NAME/schema.py and to import that
file in your YOUR_MAIN_APP_NAME/apps.py. Performing the import in the ready() method is the most robust
approach. It will make sure your environment (e.g. settings) is properly set up prior to loading.
# your_main_app_name/apps.py class YourMainAppNameConfig(AppConfig): default_auto_field = "django.db.models.BigAutoField" name = "your_main_app_name" def ready(self): import your_main_app_name.schema # noqa: E402
While there are certainly other ways of loading your extensions, this is a battle-proven and robust way to do it. Generally in Django/DRF, importing stuff in the wrong order often results in weird errors or circular import issues, which this approach tries to carefully circumvent.
My @action is erroneously paginated or has filter parameters that I do not want
This usually happens when @extend_schema(responses=XSerializer(many=True)) is used. Actions inherit filter
and pagination classes from their ViewSet. If the response is then marked as a list, the pagination_class
kicks in. Since actions are handled manually by the user, this behavior is usually not immediately obvious.
To make your intentions clear to drf-spectacular, you need to clear the offending classes in the action
decorator, e.g. setting pagination_class=None.
Users of django-filter might also see unwanted query parameters. Since the same mechanics apply here too,
you can remove those parameters by resetting the filter backends with @action(...,filter_backends=[]).
class XViewset(viewsets.ModelViewSet):
queryset = SimpleModel.objects.all()
pagination_class = pagination.LimitOffsetPagination
@extend_schema(responses=SimpleSerializer(many=True))
@action(methods=['GET'], detail=False, pagination_class=None)
def custom_action(self):
pass
How do I wrap my responses? / My endpoints are wrapped in a generic envelope
This non-native behavior can be conveniently modeled with a simple helper function. You simply need
to wrap the actual serializer with your envelope serializer and provide it to @extend_schema.
Here is an example on how to build an enveloper helper function. In this example, the actual
serializer is put into the data field, while status is some arbitrary envelope field.
Adapt to your specific requirements.
def enveloper(serializer_class, many):
component_name = 'Enveloped{}{}'.format(
serializer_class.__name__.replace("Serializer", ""),
"List" if many else "",
)
@extend_schema_serializer(many=False, component_name=component_name)
class EnvelopeSerializer(serializers.Serializer):
status = serializers.BooleanField() # some arbitrary envelope field
data = serializer_class(many=many) # the enveloping part
return EnvelopeSerializer
class XViewset(GenericViewSet):
@extend_schema(responses=enveloper(XSerializer, True))
def list(self, request, *args, **kwargs):
...
How can I have multiple SpectacularAPIView with differing settings
First, define your base settings in settings.py with SPECTACULAR_SETTINGS. Then,
if you need another schema with different settings, you can provide scoped overrides by
providing a custom_settings argument. custom_settings expects a dict and only
allows keys that represent valid setting names.
Beware that using this mechanic is not thread-safe at the moment.
Also note that overriding SERVE_* or DEFAULT_GENERATOR_CLASS in custom_settings is
not allowed. SpectacularAPIView has dedicated arguments for overriding these settings.
urlpatterns = [
path('api/schema/', SpectacularAPIView.as_view(),
path('api/schema-custom/', SpectacularAPIView.as_view(
custom_settings={
'TITLE': 'your custom title',
'SCHEMA_PATH_PREFIX': 'your custom regex',
...
}
), name='schema-custom'),
]
How to correctly annotate function-based views that use @api_view()
DRF provides a convenient way to write function-based views. @api_view() in essence wraps a regular
function and implicitly converts it to a APIView class. For single-method cases, simply use
@extend_schema just as you would with a normal view method.
@extend_schema(request=XSerializer, responses=XSerializer)
@api_view(['POST'])
def view_func(request, format=None):
return ...
For functions that provide multiple methods, its advisable to use @extend_schema_view
and break down each case separately.
@extend_schema_view(
get=extend_schema(description='get desc', responses=XSerializer),
post=extend_schema(description='post desc', request=None, responses=OpenApiTypes.UUID),
)
@api_view(['GET', 'POST'])
def view_func(request, format=None):
return ...
My get_queryset() depends on some attributes not available at schema generation time
In certain situations we need to call get_serializer, which in turn calls get_queryset.
If your get_queryset (or get_serializer_class) depends on attributes not available at
schema generation time (e.g. request.user.is_authenticated), you need to provide a fallback
that allows us to call that method. While the schema is generated, you can check for the view
attribute swagger_fake_view and simply return an empty queryset of the correct model.
class XViewset(viewsets.ModelViewset):
...
def get_queryset(self):
if getattr(self, 'swagger_fake_view', False): # drf-yasg comp
return YourModel.objects.none()
# your usual logic
How to serve in-memory generated files or files in general outside FileField
DRF provides a convenient FileField for storing files persistently within a Model.
drf-spectacular handles these correctly by default. But to serve binary files that are
generated in-memory, follow the following recipe. This example uses the method
recommended by Django
for treating a Response as a file and sets up an appropriate Renderer that will handle the
client Accept header for this response content type. responses=bytes expresses that the
response is a binary blob without further details on its structure.
from django.http import HttpResponse
from rest_framework.renderers import BaseRenderer
class BinaryRenderer(BaseRenderer):
media_type = "application/octet-stream"
format = "bin"
class FileViewSet(RetrieveModelMixin, GenericViewSet):
...
renderer_classes = [BinaryRenderer]
@extend_schema(responses=bytes)
def retrieve(self, request, *args, **kwargs):
export_data = b"..."
return HttpResponse(
export_data,
content_type=BinaryRenderer.media_type,
headers={
"Content-Disposition": "attachment; filename=out.bin",
},
)
My ViewSet list does not return a list, but a single object.
Generally, it is bad practice to use a ViewSet.list method to return single object,
because DRF specifically does a list conversion in the background for this method and only
this method. Using ApiView or GenericAPIView for this use-case would be cleaner.
However, if you insist on this behavior, you can circumvent the list detection by
creating a one-off copy of your serializer and marking it as forced non-list.
It is important to create a copy as
@extend_schema_serializer
modifies the given serializer.
from drf_spectacular.helpers import forced_singular_serializer
class YourViewSet(viewsets.ModelViewSet):
serializer_class = SimpleSerializer
queryset = SimpleModel.objects.none()
@extend_schema(responses=forced_singular_serializer(SimpleSerializer))
def list(self):
pass