webargs

Homepage: https://webargs.readthedocs.io/

webargs is a Python library for parsing and validating HTTP request objects, with built-in support for popular web frameworks, including Flask, Django, Bottle, Tornado, Pyramid, Falcon, and aiohttp.

from flask import Flask
from webargs import fields
from webargs.flaskparser import use_args

app = Flask(__name__)


@app.route("/")
@use_args({"name": fields.Str(required=True)}, location="query")
def index(args):
    return "Hello " + args["name"]


if __name__ == "__main__":
    app.run()

# curl http://localhost:5000/\?name\='World'
# Hello World

Install

pip install -U webargs

webargs supports Python >= 3.8.

Documentation

Full documentation is available at https://webargs.readthedocs.io/.

Support webargs

webargs is maintained by a group of volunteers. If you\'d like to support the future of the project, please consider contributing to our Open Collective:

{width="200px"}

Professional Support

Professionally-supported webargs is available through the Tidelift Subscription.

Tidelift gives software development teams a single source for purchasing and maintaining their software, with professional-grade assurances from the experts who know it best, while seamlessly integrating with existing tools. [Get professional support]

Security Contact Information

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Project Links

• Docs: https://webargs.readthedocs.io/
• Changelog: https://webargs.readthedocs.io/en/latest/changelog.html
• Contributing Guidelines: https://webargs.readthedocs.io/en/latest/contributing.html
• PyPI: https://pypi.python.org/pypi/webargs
• Issues: https://github.com/marshmallow-code/webargs/issues
• Ecosystem / related packages: https://github.com/marshmallow-code/webargs/wiki/Ecosystem

License

MIT licensed. See the LICENSE file for more details.

Changelog

8.5.0 (unreleased)

Other changes:

• Test against Python 3.12.

8.4.0 (2024-01-07)

Features:

• Add a new class attribute, empty_value to DelimitedList and DelimitedTuple, with a default of "". This controls the value deserialized when an empty string is seen.

empty_value can be used to handle types other than strings more gracefully, e.g.

from webargs import fields


class IntList(fields.DelimitedList):
    empty_value = 0


myfield = IntList(fields.Int())

::: {.note} ::: {.admonition-title} Note :::

empty_value will be changing in webargs v9.0 to be missing by default. This will allow use of fields with load_default to specify handling of the empty value. :::

• The rule for default argument names has been made configurable by overriding the get_default_arg_name method. This is described in the argument passing documentation.

Other changes:

• Drop support for Python 3.7, which is EOL.
• Type annotations for FlaskParser have been improved.

8.3.0 (2023-07-10)

Features:

• webargs.Parser now inherits from typing.Generic and is parametrizable over the type of the request object. Various framework-specific parsers are parametrized over their relevant request object classes.
• webargs.Parser and its subclasses now support passing arguments as a single keyword argument without expanding the parsed data into its components. For more details, see advanced docs on Argument Passing and arg_name.

Other changes:

• Type annotations have been improved to allow Mapping for dict-like schemas where previously dict was used. This makes the type covariant rather than invariant (836{.interpreted-text role="issue"}).
• Test against Python 3.11 (787{.interpreted-text role="pr"}).

8.2.0 (2022-07-11)

Features:

• A new method, webargs.Parser.async_parse, can be used for async-aware parsing from the base parser class. This can handle async location loader functions and async error handlers.
• webargs.Parser.use_args and use_kwargs can now be used to decorate async functions, and will use async_parse if the decorated function is also async. They will call the non-async parse method when used to decorate non-async functions.
• As a result of the changes to webargs.Parser, FlaskParser, DjangoParser, and FalconParser now all support async views. Thanks Isira-Seneviratne{.interpreted-text role="user"} for the initial PR.

Changes:

• The implementation of AsyncParser has changed. Now that webargs.Parser has built-in support for async usage, the primary purpose of AsyncParser is to redefine parse as an alias for async_parse
• Set python_requires>=3.7.2 in package metadata (692{.interpreted-text role="pr"}). Thanks kasium{.interpreted-text role="user"} for the PR.

8.1.0 (2022-01-12)

Bug fixes:

• Fix publishing type hints per PEP-561. (650{.interpreted-text role="pr"}).
• Add DelimitedTuple to fields.__all__ (678{.interpreted-text role="pr"}).
• Narrow type of argmap from Mapping to Dict (682{.interpreted-text role="pr"}).

Other changes:

• Test against Python 3.10 (647{.interpreted-text role="pr"}).
• Drop support for Python 3.6 (673{.interpreted-text role="pr"}).
• Address distutils deprecation warning in Python 3.10 (652{.interpreted-text role="pr"}). Thanks kkirsche{.interpreted-text role="user"} for the PR.
• Use postponed evaluation of annotations (663{.interpreted-text role="pr"}). Thanks Isira-Seneviratne{.interpreted-text role="user"} for the PR.
• Pin mypy version in tox (674{.interpreted-text role="pr"}).
• Improve type annotations for __version_info__ (680{.interpreted-text role="pr"}).

8.0.1 (2021-08-12)

Bug fixes:

• Fix \"DelimitedList deserializes empty string as ['']\" (623{.interpreted-text role="issue"}). Thanks TTWSchell{.interpreted-text role="user"} for reporting and for the PR.

Other changes:

• New documentation theme with [furo]{.title-ref}. Thanks to pradyunsg{.interpreted-text role="user"} for writing furo!
• Webargs has a new logo. Thanks to michaelizergit{.interpreted-text role="user"}! (312{.interpreted-text role="issue"})
• Don\'t build universal wheels. We don\'t support Python 2 anymore. (632{.interpreted-text role="pr"})
• Make the build reproducible (631{.interpreted-text role="pr"}).

8.0.0 (2021-04-08)

Features:

• Add [Parser.pre_load]{.title-ref} as a method for allowing users to modify data before schema loading, but without redefining location loaders. See advanced docs on [Parser pre_load]{.title-ref} for usage information. (583{.interpreted-text role="pr"})
• Backwards-incompatible: unknown defaults to [None]{.title-ref} for body locations ([json]{.title-ref}, [form]{.title-ref} and [json_or_form]{.title-ref}) (580{.interpreted-text role="issue"}).
• Detection of fields as \"multi-value\" for unpacking lists from multi-dict types is now extensible with the is_multiple attribute. If a field sets is_multiple = True it will be detected as a multi-value field. If is_multiple is not set or is set to None, webargs will check if the field is an instance of List or Tuple. (563{.interpreted-text role="issue"})
• A new attribute on Parser objects, Parser.KNOWN_MULTI_FIELDS can be used to set fields which should be detected as is_multiple=True even when the attribute is not set (592{.interpreted-text role="pr"}).

See docs on \"Multi-Field Detection\" for more details.

Bug fixes:

• Tuple field now behaves as a \"multiple\" field (585{.interpreted-text role="pr"}).

7.0.1 (2020-12-14)

Bug fixes:

• Fix [DelimitedList]{.title-ref} and [DelimitedTuple]{.title-ref} to pass additional keyword arguments through their [_serialize]{.title-ref} methods to the child fields and fix type checking on these classes. (569{.interpreted-text role="issue"}) Thanks to decaz{.interpreted-text role="user"} for reporting.

7.0.0 (2020-12-10)

Changes:

• Backwards-incompatible: Drop support for webapp2 (565{.interpreted-text role="pr"}).
• Add type annotations to [Parser]{.title-ref} class, [DelimitedList]{.title-ref}, and [DelimitedTuple]{.title-ref}. (566{.interpreted-text role="issue"})

7.0.0b2 (2020-12-01)

Features:

• [DjangoParser]{.title-ref} now supports the [headers]{.title-ref} location. (540{.interpreted-text role="issue"})
• [FalconParser]{.title-ref} now supports a new [media]{.title-ref} location, which uses Falcon\'s [media]{.title-ref} decoding. (253{.interpreted-text role="issue"})

[media]{.title-ref} behaves very similarly to the [json]{.title-ref} location but also supports any registered media handler. See the Falcon documentation on media types for more details.

Changes:

• [FalconParser]{.title-ref} defaults to the [media]{.title-ref} location instead of [json]{.title-ref}. (253{.interpreted-text role="issue"})
• Test against Python 3.9 (552{.interpreted-text role="pr"}).
• Backwards-incompatible: Drop support for Python 3.5 (553{.interpreted-text role="pr"}).

7.0.0b1 (2020-09-11)

Refactoring:

• Backwards-incompatible: Remove support for marshmallow2 (539{.interpreted-text role="issue"})

• Backwards-incompatible: Remove [dict2schema]{.title-ref}

  Users desiring the [dict2schema]{.title-ref} functionality may now rely upon [marshmallow.Schema.from_dict]{.title-ref}. Rewrite any code using [dict2schema]{.title-ref} like so:

import marshmallow as ma

# webargs 6.x and older
from webargs import dict2schema

myschema = dict2schema({"q1", ma.fields.Int()})

# webargs 7.x
myschema = ma.Schema.from_dict({"q1", ma.fields.Int()})

Features:

• Add unknown as a parameter to Parser.parse, Parser.use_args, Parser.use_kwargs, and parser instantiation. When set, it will be passed to Schema.load. When not set, the value passed will depend on the parser\'s settings. If set to None, the schema\'s default behavior will be used (i.e. no value is passed to Schema.load) and parser settings will be ignored.

This allows usages like

import marshmallow as ma


@parser.use_kwargs(
    {"q1": ma.fields.Int(), "q2": ma.fields.Int()}, location="query", unknown=ma.EXCLUDE
)
def foo(q1, q2):
    ...

• Defaults for unknown may be customized on parser classes via Parser.DEFAULT_UNKNOWN_BY_LOCATION, which maps location names to values to use.

Usages are varied, but include

import marshmallow as ma
from webargs.flaskparser import FlaskParser


# as well as...
class MyParser(FlaskParser):
    DEFAULT_UNKNOWN_BY_LOCATION = {"query": ma.INCLUDE}


parser = MyParser()

Setting the unknown value for a Parser instance has higher precedence. So

parser = MyParser(unknown=ma.RAISE)

will always pass RAISE, even when the location is query.

• By default, webargs will pass unknown=EXCLUDE for all locations except for request bodies (json, form, and json_or_form) and path parameters. Request bodies and path parameters will pass unknown=RAISE. This behavior is defined by the default value for DEFAULT_UNKNOWN_BY_LOCATION.

Changes:

• Registered [error_handler]{.title-ref} callbacks are required to raise an exception. If a handler is invoked and no exception is raised, [webargs]{.title-ref} will raise a [ValueError]{.title-ref} (527{.interpreted-text role="issue"})

6.1.1 (2020-09-08)

Bug fixes:

• Failure to validate flask headers would produce error data which contained tuples as keys, and was therefore not JSON-serializable. (500{.interpreted-text role="issue"}) These errors will now extract the headername as the key correctly. Thanks to shughes-uk{.interpreted-text role="user"} for reporting.

6.1.0 (2020-04-05)

Features:

• Add fields.DelimitedTuple when using marshmallow 3. This behaves as a combination of fields.DelimitedList and marshmallow.fields.Tuple. It takes an iterable of fields, plus a delimiter (defaults to ,), and parses delimiter-separated strings into tuples. (509{.interpreted-text role="pr"})
• Add __str__ and __repr__ to MultiDictProxy to make it easier to work with (488{.interpreted-text role="pr"})

Support:

• Various docs updates (482{.interpreted-text role="pr"}, 486{.interpreted-text role="pr"}, 489{.interpreted-text role="pr"}, 498{.interpreted-text role="pr"}, 508{.interpreted-text role="pr"}). Thanks lefterisjp{.interpreted-text role="user"}, timgates42{.interpreted-text role="user"}, and ugultopu{.interpreted-text role="user"} for the PRs.

6.0.0 (2020-02-27)

Features:

• FalconParser: Pass request content length to req.stream.read to provide compatibility with falcon.testing (477{.interpreted-text role="pr"}). Thanks suola{.interpreted-text role="user"} for the PR.
• Backwards-incompatible: Factorize the use_args / use_kwargs branch in all parsers. When as_kwargs is False, arguments are now consistently appended to the arguments list by the use_args decorator. Before this change, the PyramidParser would prepend the argument list on each call to use_args. Pyramid view functions must reverse the order of their arguments. (478{.interpreted-text role="pr"})

6.0.0b8 (2020-02-16)

Refactoring:

• Backwards-incompatible: Use keyword-only arguments (472{.interpreted-text role="pr"}).

6.0.0b7 (2020-02-14)

Features:

• Backwards-incompatible: webargs will rewrite the error messages in ValidationErrors to be namespaced under the location which raised the error. The [messages]{.title-ref} field on errors will therefore be one layer deeper with a single top-level key.

6.0.0b6 (2020-01-31)

Refactoring:

• Remove the cache attached to webargs parsers. Due to changes between webargs v5 and v6, the cache is no longer considered useful.

Other changes:

• Import Mapping from collections.abc in pyramidparser.py (471{.interpreted-text role="pr"}). Thanks tirkarthi{.interpreted-text role="user"} for the PR.

6.0.0b5 (2020-01-30)

Refactoring:

• Backwards-incompatible: [DelimitedList]{.title-ref} now requires that its input be a string and always serializes as a string. It can still serialize and deserialize using another field, e.g. [DelimitedList(Int())]{.title-ref} is still valid and requires that the values in the list parse as ints.

6.0.0b4 (2020-01-28)

Bug fixes:

• CVE-2020-7965{.interpreted-text role="cve"}: Don\'t attempt to parse JSON if request\'s content type is mismatched (bugfix from 5.5.3).

6.0.0b3 (2020-01-21)

Features:

• Backwards-incompatible: Support Falcon 2.0. Drop support for Falcon 1.x (459{.interpreted-text role="pr"}). Thanks dodumosu{.interpreted-text role="user"} and Nateyo{.interpreted-text role="user"} for the PR.

6.0.0b2 (2020-01-07)

Other changes:

• Backwards-incompatible: Drop support for Python 2 (440{.interpreted-text role="issue"}). Thanks hugovk{.interpreted-text role="user"} for the PR.

6.0.0b1 (2020-01-06)

Features:

• Backwards-incompatible: Schemas will now load all data from a location, not only data specified by fields. As a result, schemas with validators which examine the full input data may change in behavior. The [unknown]{.title-ref} parameter on schemas may be used to alter this. For example, [unknown=marshmallow.EXCLUDE]{.title-ref} will produce a behavior similar to webargs v5.

Bug fixes:

• Backwards-incompatible: All parsers now require the Content-Type to be set correctly when processing JSON request bodies. This impacts DjangoParser, FalconParser, FlaskParser, and PyramidParser

Refactoring:

• Backwards-incompatible: Schema fields may not specify a location any longer, and [Parser.use_args]{.title-ref} and [Parser.use_kwargs]{.title-ref} now accept [location]{.title-ref} (singular) instead of [locations]{.title-ref} (plural). Instead of using a single field or schema with multiple [locations]{.title-ref}, users are recommended to make multiple calls to [use_args]{.title-ref} or [use_kwargs]{.title-ref} with a distinct schema per location. For example, code should be rewritten like this:

# webargs 5.x and older
@parser.use_args(
    {
        "q1": ma.fields.Int(location="query"),
        "q2": ma.fields.Int(location="query"),
        "h1": ma.fields.Int(location="headers"),
    },
    locations=("query", "headers"),
)
def foo(q1, q2, h1):
    ...


# webargs 6.x
@parser.use_args({"q1": ma.fields.Int(), "q2": ma.fields.Int()}, location="query")
@parser.use_args({"h1": ma.fields.Int()}, location="headers")
def foo(q1, q2, h1):
    ...

• The [location_handler]{.title-ref} decorator has been removed and replaced with [location_loader]{.title-ref}. [location_loader]{.title-ref} serves the same purpose (letting you write custom hooks for loading data) but its expected method signature is different. See the docs on [location_loader]{.title-ref} for proper usage.

Thanks sirosen{.interpreted-text role="user"} for the PR!

5.5.3 (2020-01-28)

Bug fixes:

• CVE-2020-7965{.interpreted-text role="cve"}: Don\'t attempt to parse JSON if request\'s content type is mismatched.

5.5.2 (2019-10-06)

Bug fixes:

• Handle UnicodeDecodeError when parsing JSON payloads (427{.interpreted-text role="issue"}). Thanks lindycoder{.interpreted-text role="user"} for the catch and patch.

5.5.1 (2019-09-15)

Bug fixes:

• Remove usage of deprecated Field.fail when using marshmallow 3.

5.5.0 (2019-09-07)

Support:

• Various docs updates (414{.interpreted-text role="pr"}, 421{.interpreted-text role="pr"}).

Refactoring:

• Don\'t mutate globals() in webargs.fields (411{.interpreted-text role="pr"}).
• Use marshmallow 3\'s Schema.from_dict if available (415{.interpreted-text role="pr"}).

5.4.0 (2019-07-23)

Changes:

• Use explicit type check for [fields.DelimitedList]{.title-ref} when deciding to parse value with [getlist()]{.title-ref} (#406 (comment) ).

Support:

• Add \"Parsing Lists in Query Strings\" section to docs (406{.interpreted-text role="issue"}).

5.3.2 (2019-06-19)

Bug fixes:

• marshmallow 3.0.0rc7 compatibility (395{.interpreted-text role="pr"}).

5.3.1 (2019-05-05)

Bug fixes:

• marshmallow 3.0.0rc6 compatibility (384{.interpreted-text role="pr"}).

5.3.0 (2019-04-08)

Features:

• Add [\"path\"]{.title-ref} location to AIOHTTPParser, FlaskParser, and PyramidParser (379{.interpreted-text role="pr"}). Thanks zhenhua32{.interpreted-text role="user"} for the PR.
• Add webargs.__version_info__.

5.2.0 (2019-03-16)

Features:

• Make the schema class used when generating a schema from a dict overridable (375{.interpreted-text role="issue"}). Thanks ThiefMaster{.interpreted-text role="user"}.

5.1.3 (2019-03-11)

Bug fixes:

• CVE-2019-9710{.interpreted-text role="cve"}: Fix race condition between parallel requests when the cache is used (371{.interpreted-text role="issue"}). Thanks ThiefMaster{.interpreted-text role="user"} for reporting and fixing.

5.1.2 (2019-02-03)

Bug fixes:

• Remove lingering usages of ValidationError.status_code (365{.interpreted-text role="issue"}). Thanks decaz{.interpreted-text role="user"} for reporting.
• Avoid AttributeError on Python<3.5.4 (366{.interpreted-text role="issue"}).
• Fix incorrect type annotations for error_headers.
• Fix outdated docs (367{.interpreted-text role="issue"}). Thanks alexandersoto{.interpreted-text role="user"} for reporting.

5.1.1.post0 (2019-01-30)

• Include LICENSE in sdist (364{.interpreted-text role="issue"}).

5.1.1 (2019-01-28)

Bug fixes:

• Fix installing simplejson on Python 2 by distributing a Python 2-only wheel (363{.interpreted-text role="issue"}).

5.1.0 (2019-01-11)

Features:

• Error handlers for [AsyncParser]{.title-ref} classes may be coroutine functions.
• Add type annotations to [AsyncParser]{.title-ref} and [AIOHTTPParser]{.title-ref}.

Bug fixes:

• Fix compatibility with Flask<1.0 (355{.interpreted-text role="issue"}). Thanks hoatle{.interpreted-text role="user"} for reporting.
• Address warning on Python 3.7 about importing from collections.abc.

5.0.0 (2019-01-03)

Features:

• Backwards-incompatible: A 400 HTTPError is raised when an invalid JSON payload is passed. (329{.interpreted-text role="issue"}). Thanks zedrdave{.interpreted-text role="user"} for reporting.

Other changes:

• Backwards-incompatible: [webargs.argmap2schema]{.title-ref} is removed. Use [webargs.dict2schema]{.title-ref} instead.
• Backwards-incompatible: [webargs.ValidationError]{.title-ref} is removed. Use [marshmallow.ValidationError]{.title-ref} instead.

# <5.0.0
from webargs import ValidationError


def auth_validator(value):
    # ...
    raise ValidationError("Authentication failed", status_code=401)


@use_args({"auth": fields.Field(validate=auth_validator)})
def auth_view(args):
    return jsonify(args)


# >=5.0.0
from marshmallow import ValidationError


def auth_validator(value):
    # ...
    raise ValidationError("Authentication failed")


@use_args({"auth": fields.Field(validate=auth_validator)}, error_status_code=401)
def auth_view(args):
    return jsonify(args)

• Backwards-incompatible: Missing arguments will no longer be filled in when using @use_kwargs (342,307,252{.interpreted-text role="issue"}). Use **kwargs to account for non-required fields.

# <5.0.0
@use_kwargs(
    {"first_name": fields.Str(required=True), "last_name": fields.Str(required=False)}
)
def myview(first_name, last_name):
    # last_name is webargs.missing if it's missing from the request
    return {"first_name": first_name}


# >=5.0.0
@use_kwargs(
    {"first_name": fields.Str(required=True), "last_name": fields.Str(required=False)}
)
def myview(first_name, **kwargs):
    # last_name will not be in kwargs if it's missing from the request
    return {"first_name": first_name}

• simplejson is now a required dependency on Python 2 (334{.interpreted-text role="pr"}). This ensures consistency of behavior across Python 2 and 3.

4.4.1 (2018-01-03)

Bug fixes:

• Remove usages of argmap2schema from fields.Nested, AsyncParser, and PyramidParser.

4.4.0 (2019-01-03)

• Deprecation: argmap2schema is deprecated in favor of dict2schema (352{.interpreted-text role="pr"}).

4.3.1 (2018-12-31)

• Add force_all param to PyramidParser.use_args.
• Add warning about missing arguments to AsyncParser.

4.3.0 (2018-12-30)

• Deprecation: Add warning about missing arguments getting added to parsed arguments dictionary (342{.interpreted-text role="issue"}). This behavior will be removed in version 5.0.0.

4.2.0 (2018-12-27)

Features:

• Add force_all argument to use_args and use_kwargs (252{.interpreted-text role="issue"}, 307{.interpreted-text role="issue"}). Thanks piroux{.interpreted-text role="user"} for reporting.
• Deprecation: The status_code and headers arguments to ValidationError are deprecated. Pass error_status_code and error_headers to [Parser.parse]{.title-ref}, [Parser.use_args]{.title-ref}, and [Parser.use_kwargs]{.title-ref} instead. (327{.interpreted-text role="issue"}, 336{.interpreted-text role="issue"}).
• Custom error handlers receive error_status_code and error_headers arguments. (327{.interpreted-text role="issue"}).

# <4.2.0
@parser.error_handler
def handle_error(error, req, schema):
    raise CustomError(error.messages)


class MyParser(FlaskParser):
    def handle_error(self, error, req, schema):
        # ...
        raise CustomError(error.messages)


# >=4.2.0
@parser.error_handler
def handle_error(error, req, schema, status_code, headers):
    raise CustomError(error.messages)


# OR


@parser.error_handler
def handle_error(error, **kwargs):
    raise CustomError(error.messages)


class MyParser(FlaskParser):
    def handle_error(self, error, req, schema, status_code, headers):
        # ...
        raise CustomError(error.messages)

    # OR

    def handle_error(self, error, req, **kwargs):
        # ...
        raise CustomError(error.messages)

Legacy error handlers will be supported until version 5.0.0.

4.1.3 (2018-12-02)

Bug fixes:

• Fix bug in AIOHTTParser that prevented calling use_args on the same view function multiple times (273{.interpreted-text role="issue"}). Thanks to dnp1{.interpreted-text role="user"} for reporting and jangelo{.interpreted-text role="user"} for the fix.
• Fix compatibility with marshmallow 3.0.0rc1 (330{.interpreted-text role="pr"}).

4.1.2 (2018-11-03)

Bug fixes:

• Fix serialization behavior of DelimitedList (319{.interpreted-text role="pr"}). Thanks lee3164{.interpreted-text role="user"} for the PR.

Other changes:

• Test against Python 3.7.

4.1.1 (2018-10-25)

Bug fixes:

• Fix bug in AIOHTTPParser that caused a JSONDecode error when parsing empty payloads (229{.interpreted-text role="issue"}). Thanks explosic4{.interpreted-text role="user"} for reporting and thanks user kochab{.interpreted-text role="user"} for the PR.

4.1.0 (2018-09-17)

Features:

• Add webargs.testing module, which exposes CommonTestCase to third-party parser libraries (see comments in 287{.interpreted-text role="pr"}).

4.0.0 (2018-07-15)

Features:

• Backwards-incompatible: Custom error handlers receive the [marshmallow.Schema]{.title-ref} instance as the third argument. Update any functions decorated with [Parser.error_handler]{.title-ref} to take a schema argument, like so:

# 3.x
@parser.error_handler
def handle_error(error, req):
    raise CustomError(error.messages)


# 4.x
@parser.error_handler
def handle_error(error, req, schema):
    raise CustomError(error.messages)

See marshmallow-code/marshmallow#840 (comment) for more information about this change.

Bug fixes:

• Backwards-incompatible: Rename webargs.async to webargs.asyncparser to fix compatibility with Python 3.7 (240{.interpreted-text role="issue"}). Thanks Reskov{.interpreted-text role="user"} for the catch and patch.

Other changes:

• Backwards-incompatible: Drop support for Python 3.4 (243{.interpreted-text role="pr"}). Python 2.7 and >=3.5 are supported.
• Backwards-incompatible: Drop support for marshmallow<2.15.0. marshmallow>=2.15.0 and >=3.0.0b12 are officially supported.
• Use black with pre-commit for code formatting (244{.interpreted-text role="pr"}).

3.0.2 (2018-07-05)

Bug fixes:

• Fix compatibility with marshmallow 3.0.0b12 (242{.interpreted-text role="pr"}). Thanks lafrech{.interpreted-text role="user"}.

3.0.1 (2018-06-06)

Bug fixes:

• Respect [Parser.DEFAULT_VALIDATION_STATUS]{.title-ref} when a [status_code]{.title-ref} is not explicitly passed to [ValidationError]{.title-ref} (180{.interpreted-text role="issue"}). Thanks foresmac{.interpreted-text role="user"} for finding this.

Support:

• Add \"Returning HTTP 400 Responses\" section to docs (180{.interpreted-text role="issue"}).

3.0.0 (2018-05-06)

Changes:

• Backwards-incompatible: Custom error handlers receive the request object as the second argument. Update any functions decorated with Parser.error_handler to take a [req]{.title-ref} argument, like so:

# 2.x
@parser.error_handler
def handle_error(error):
    raise CustomError(error.messages)


# 3.x
@parser.error_handler
def handle_error(error, req):
    raise CustomError(error.messages)

• Backwards-incompatible: Remove unused instance and kwargs arguments of argmap2schema.
• Backwards-incompatible: Remove Parser.load method (Parser now calls Schema.load directly).

These changes shouldn\'t affect most users. However, they might break custom parsers calling these methods. (222{.interpreted-text role="pr"})

• Drop support for aiohttp<3.0.0.

2.1.0 (2018-04-01)

Features:

• Respect data_key field argument (in marshmallow 3). Thanks lafrech{.interpreted-text role="user"}.

2.0.0 (2018-02-08)

Changes:

• Drop support for aiohttp<2.0.0.
• Remove use of deprecated [Request.has_body]{.title-ref} attribute in aiohttpparser (186{.interpreted-text role="issue"}). Thanks ariddell{.interpreted-text role="user"} for reporting.

1.10.0 (2018-02-08)

Features:

• Add support for marshmallow>=3.0.0b7 (188{.interpreted-text role="pr"}). Thanks lafrech{.interpreted-text role="user"}.

Deprecations:

• Support for aiohttp<2.0.0 is deprecated and will be removed in webargs 2.0.0.

1.9.0 (2018-02-03)

Changes:

• HTTPExceptions raised with [webargs.flaskparser.abort]{.title-ref} will always have the data attribute, even if no additional keywords arguments are passed (184{.interpreted-text role="pr"}). Thanks lafrech{.interpreted-text role="user"}.

Support:

• Fix examples in examples/ directory.

1.8.1 (2017-07-17)

Bug fixes:

• Fix behavior of AIOHTTPParser.use_args when as_kwargs=True is passed with a Schema (179{.interpreted-text role="issue"}). Thanks Itayazolay{.interpreted-text role="user"}.

1.8.0 (2017-07-16)

Features:

• AIOHTTPParser supports class-based views, i.e. aiohttp.web.View (177{.interpreted-text role="issue"}). Thanks daniel98321{.interpreted-text role="user"}.

1.7.0 (2017-06-03)

Features:

• AIOHTTPParser.use_args and AIOHTTPParser.use_kwargs work with [async def]{.title-ref} coroutines (170{.interpreted-text role="issue"}). Thanks zaro{.interpreted-text role="user"}.

1.6.3 (2017-05-18)

Support:

• Fix Flask error handling docs in \"Framework support\" section (168{.interpreted-text role="issue"}). Thanks nebularazer{.interpreted-text role="user"}.

1.6.2 (2017-05-16)

Bug fixes:

• Fix parsing multiple arguments in AIOHTTParser (165{.interpreted-text role="issue"}). Thanks ariddell{.interpreted-text role="user"} for reporting and thanks zaro{.interpreted-text role="user"} for reporting.

1.6.1 (2017-04-30)

Bug fixes:

• Fix form parsing in aiohttp>=2.0.0. Thanks DmitriyS{.interpreted-text role="user"} for the PR.

1.6.0 (2017-03-14)

Bug fixes:

• Fix compatibility with marshmallow 3.x.

Other changes:

• Drop support for Python 2.6 and 3.3.
• Support marshmallow>=2.7.0.

1.5.3 (2017-02-04)

Bug fixes:

• Port fix from release 1.5.2 to [AsyncParser]{.title-ref}. This fixes 146{.interpreted-text role="issue"} for AIOHTTPParser.
• Handle invalid types passed to DelimitedList (149{.interpreted-text role="issue"}). Thanks psconnect-dev{.interpreted-text role="user"} for reporting.

1.5.2 (2017-01-08)

Bug fixes:

• Don\'t add marshmallow.missing to original_data when using marshmallow.validates_schema(pass_original=True) (146{.interpreted-text role="issue"}). Thanks lafrech{.interpreted-text role="user"} for reporting and for the fix.

Other changes:

• Test against Python 3.6.

1.5.1 (2016-11-27)

Bug fixes:

• Fix handling missing nested args when many=True (120{.interpreted-text role="issue"}, 145{.interpreted-text role="issue"}). Thanks chavz{.interpreted-text role="user"} and Bangertm{.interpreted-text role="user"} for reporting.
• Fix behavior of load_from in AIOHTTPParser.

1.5.0 (2016-11-22)

Features:

• The use_args and use_kwargs decorators add a reference to the undecorated function via the __wrapped__ attribute. This is useful for unit-testing purposes (144{.interpreted-text role="issue"}). Thanks EFF{.interpreted-text role="user"} for the PR.

Bug fixes:

• If load_from is specified on a field, first check the field name before checking load_from (118{.interpreted-text role="issue"}). Thanks jasonab{.interpreted-text role="user"} for reporting.

1.4.0 (2016-09-29)

Bug fixes:

• Prevent error when rendering validation errors to JSON in Flask (e.g. when using Flask-RESTful) (122{.interpreted-text role="issue"}). Thanks frol{.interpreted-text role="user"} for the catch and patch. NOTE: Though this is a bugfix, this is a potentially breaking change for code that needs to access the original ValidationError object.

# Before
@app.errorhandler(422)
def handle_validation_error(err):
    return jsonify({"errors": err.messages}), 422


# After
@app.errorhandler(422)
def handle_validation_error(err):
    # The marshmallow.ValidationError is available on err.exc
    return jsonify({"errors": err.exc.messages}), 422

1.3.4 (2016-06-11)

Bug fixes:

• Fix bug in parsing form in Falcon>=1.0.

1.3.3 (2016-05-29)

Bug fixes:

• Fix behavior for nullable List fields (107{.interpreted-text role="issue"}). Thanks shaicantor{.interpreted-text role="user"} for reporting.

1.3.2 (2016-04-14)

Bug fixes:

• Fix passing a schema factory to use_kwargs (103{.interpreted-text role="issue"}). Thanks ksesong{.interpreted-text role="user"} for reporting.

1.3.1 (2016-04-13)

Bug fixes:

• Fix memory leak when calling parser.parse with a dict in a view (101{.interpreted-text role="issue"}). Thanks frankslaughter{.interpreted-text role="user"} for reporting.
• aiohttpparser: Fix bug in handling bulk-type arguments.

Support:

• Massive refactor of tests (98{.interpreted-text role="issue"}).
• Docs: Fix incorrect use_args example in Tornado section (100{.interpreted-text role="issue"}). Thanks frankslaughter{.interpreted-text role="user"} for reporting.
• Docs: Add \"Mixing Locations\" section (90{.interpreted-text role="issue"}). Thanks tuukkamustonen{.interpreted-text role="user"}.

1.3.0 (2016-04-05)

Features:

• Add bulk-type arguments support for JSON parsing by passing many=True to a Schema (81{.interpreted-text role="issue"}). Thanks frol{.interpreted-text role="user"}.

Bug fixes:

• Fix JSON parsing in Flask<=0.9.0. Thanks brettdh{.interpreted-text role="user"} for the PR.
• Fix behavior of status_code argument to ValidationError (85{.interpreted-text role="issue"}). This requires marshmallow>=2.7.0. Thanks ParthGandhi{.interpreted-text role="user"} for reporting.

Support:

• Docs: Add \"Custom Fields\" section with example of using a Function field (94{.interpreted-text role="issue"}). Thanks brettdh{.interpreted-text role="user"} for the suggestion.

1.2.0 (2016-01-04)

Features:

• Add view_args request location to FlaskParser (82{.interpreted-text role="issue"}). Thanks oreza{.interpreted-text role="user"} for the suggestion.

Bug fixes:

• Use the value of load_from as the key for error messages when it is provided (83{.interpreted-text role="issue"}). Thanks immerrr{.interpreted-text role="user"} for the catch and patch.

1.1.1 (2015-11-14)

Bug fixes:

• aiohttpparser: Fix bug that raised a JSONDecodeError raised when parsing non-JSON requests using default locations (80{.interpreted-text role="issue"}). Thanks leonidumanskiy{.interpreted-text role="user"} for reporting.
• Fix parsing JSON requests that have a vendor media type, e.g. application/vnd.api+json.

1.1.0 (2015-11-08)

Features:

• Parser.parse, Parser.use_args and Parser.use_kwargs can take a Schema factory as the first argument (73{.interpreted-text role="issue"}). Thanks DamianHeard{.interpreted-text role="user"} for the suggestion and the PR.

Support:

• Docs: Add \"Custom Parsers\" section with example of parsing nested querystring arguments (74{.interpreted-text role="issue"}). Thanks dwieeb{.interpreted-text role="user"}.
• Docs: Add \"Advanced Usage\" page.

1.0.0 (2015-10-19)

Features:

• Add AIOHTTPParser (71{.interpreted-text role="issue"}).
• Add webargs.async module with AsyncParser.

Bug fixes:

• If an empty list is passed to a List argument, it will be parsed as an empty list rather than being excluded from the parsed arguments dict (70{.interpreted-text role="issue"}). Thanks mTatcher{.interpreted-text role="user"} for catching this.

Other changes:

• Backwards-incompatible: When decorating resource methods with FalconParser.use_args, the parsed arguments dictionary will be positioned after the request and response arguments.
• Backwards-incompatible: When decorating views with DjangoParser.use_args, the parsed arguments dictionary will be positioned after the request argument.
• Backwards-incompatible: Parser.get_request_from_view_args gets passed a view function as its first argument.
• Backwards-incompatible: Remove logging from default error handlers.

0.18.0 (2015-10-04)

Features:

• Add FalconParser (63{.interpreted-text role="issue"}).
• Add fields.DelimitedList (66{.interpreted-text role="issue"}). Thanks jmcarp{.interpreted-text role="user"}.
• TornadoParser will parse json with simplejson if it is installed.
• BottleParser caches parsed json per-request for improved performance.

No breaking changes. Yay!

0.17.0 (2015-09-29)

Features:

• TornadoParser returns unicode strings rather than bytestrings (41{.interpreted-text role="issue"}). Thanks thomasboyt{.interpreted-text role="user"} for the suggestion.
• Add Parser.get_default_request and Parser.get_request_from_view_args hooks to simplify Parser implementations.
• Backwards-compatible: webargs.core.get_value takes a Field as its last argument. Note: this is technically a breaking change, but this won\'t affect most users since get_value is only used internally by Parser classes.

Support:

• Add examples/annotations_example.py (demonstrates using Python 3 function annotations to define request arguments).
• Fix examples. Thanks hyunchel{.interpreted-text role="user"} for catching an error in the Flask error handling docs.

Bug fixes:

• Correctly pass validate and force_all params to PyramidParser.use_args.

0.16.0 (2015-09-27)

The major change in this release is that webargs now depends on marshmallow for defining arguments and validation.

Your code will need to be updated to use Fields rather than Args.

# Old API
from webargs import Arg

args = {
    "name": Arg(str, required=True),
    "password": Arg(str, validate=lambda p: len(p) >= 6),
    "display_per_page": Arg(int, default=10),
    "nickname": Arg(multiple=True),
    "Content-Type": Arg(dest="content_type", location="headers"),
    "location": Arg({"city": Arg(str), "state": Arg(str)}),
    "meta": Arg(dict),
}

# New API
from webargs import fields

args = {
    "name": fields.Str(required=True),
    "password": fields.Str(validate=lambda p: len(p) >= 6),
    "display_per_page": fields.Int(load_default=10),
    "nickname": fields.List(fields.Str()),
    "content_type": fields.Str(load_from="Content-Type"),
    "location": fields.Nested({"city": fields.Str(), "state": fields.Str()}),
    "meta": fields.Dict(),
}

Features:

• Error messages for all arguments are \"bundled\" (58{.interpreted-text role="issue"}).

Changes:

• Backwards-incompatible: Replace Args with marshmallow fields (61{.interpreted-text role="issue"}).
• Backwards-incompatible: When using use_kwargs, missing arguments will have the special value missing rather than None.
• TornadoParser raises a custom HTTPError with a messages attribute when validation fails.

Bug fixes:

• Fix required validation of nested arguments (39{.interpreted-text role="issue"}, 51{.interpreted-text role="issue"}). These are fixed by virtue of using marshmallow\'s Nested field. Thanks ewang{.interpreted-text role="user"} and chavz{.interpreted-text role="user"} for reporting.

Support:

• Updated docs.
• Add examples/schema_example.py.
• Tested against Python 3.5.

0.15.0 (2015-08-22)

Changes:

• If a parsed argument is None, the type conversion function is not called 54{.interpreted-text role="issue"}. Thanks marcellarius{.interpreted-text role="user"}.

Bug fixes:

• Fix parsing nested Args when the argument is missing from the input (52{.interpreted-text role="issue"}). Thanks stas{.interpreted-text role="user"}.

0.14.0 (2015-06-28)

Features:

• Add parsing of matchdict to PyramidParser. Thanks hartror{.interpreted-text role="user"}.

Bug fixes:

• Fix PyramidParser's use_kwargs method (42{.interpreted-text role="issue"}). Thanks hartror{.interpreted-text role="user"} for the catch and patch.
• Correctly use locations passed to Parser\'s constructor when using use_args (44{.interpreted-text role="issue"}). Thanks jacebrowning{.interpreted-text role="user"} for the catch and patch.
• Fix behavior of default and dest argument on nested Args (40{.interpreted-text role="issue"} and 46{.interpreted-text role="issue"}). Thanks stas{.interpreted-text role="user"}.

Changes:

• A 422 response is returned to the client when a ValidationError is raised by a parser (38{.interpreted-text role="issue"}).

0.13.0 (2015-04-05)

Features:

• Support for webapp2 via the [webargs.webapp2parser]{.title-ref} module. Thanks Trii{.interpreted-text role="user"}.
• Store argument name on RequiredArgMissingError. Thanks stas{.interpreted-text role="user"}.
• Allow error messages for required validation to be overriden. Thanks again stas{.interpreted-text role="user"}.

Removals:

• Remove source parameter from Arg.

0.12.0 (2015-03-22)

Features:

• Store argument name on ValidationError (32{.interpreted-text role="issue"}). Thanks alexmic{.interpreted-text role="user"} for the suggestion. Thanks stas{.interpreted-text role="user"} for the patch.
• Allow nesting of dict subtypes.

0.11.0 (2015-03-01)

Changes:

• Add dest parameter to Arg constructor which determines the key to be added to the parsed arguments dictionary (32{.interpreted-text role="issue"}).
• Backwards-incompatible: Rename targets parameter to locations in Parser constructor, Parser#parse_arg, Parser#parse, Parser#use_args, and Parser#use_kwargs.
• Backwards-incompatible: Rename Parser#target_handler to Parser#location_handler.

Deprecation:

• The source parameter is deprecated in favor of the dest parameter.

Bug fixes:

• Fix validate parameter of DjangoParser#use_args.

0.10.0 (2014-12-23)

• When parsing a nested Arg, filter out extra arguments that are not part of the Arg's nested dict (28{.interpreted-text role="issue"}). Thanks Derrick Gilland for the suggestion.
• Fix bug in parsing Args with both type coercion and multiple=True (30{.interpreted-text role="issue"}). Thanks Steven Manuatu for reporting.
• Raise RequiredArgMissingError when a required argument is missing on a request.

0.9.1 (2014-12-11)

• Fix behavior of multiple=True when nesting Args (29{.interpreted-text role="issue"}). Thanks Derrick Gilland for reporting.

0.9.0 (2014-12-08)

• Pyramid support thanks to \@philtay.
• User-friendly error messages when Arg type conversion/validation fails. Thanks Andriy Yurchuk.
• Allow use argument to be a list of functions.
• Allow Args to be nested within each other, e.g. for nested dict validation. Thanks \@saritasa for the suggestion.
• Backwards-incompatible: Parser will only pass ValidationErrors to its error handler function, rather than catching all generic Exceptions.
• Backwards-incompatible: Rename Parser.TARGET_MAP to Parser.__target_map__.
• Add a short-lived cache to the Parser class that can be used to store processed request data for reuse.
• Docs: Add example usage with Flask-RESTful.

0.8.1 (2014-10-28)

• Fix bug in TornadoParser that raised an error when request body is not a string (e.g when it is a Future). Thanks Josh Carp.

0.8.0 (2014-10-26)

• Fix Parser.use_kwargs behavior when an Arg is allowed missing. The allow_missing attribute is ignored when use_kwargs is called.
• default may be a callable.
• Allow ValidationError to specify a HTTP status code for the error response.
• Improved error logging.
• Add 'query' as a valid target name.
• Allow a list of validators to be passed to an Arg or Parser.parse.
• A more useful __repr__ for Arg.
• Add examples and updated docs.

0.7.0 (2014-10-18)

• Add source parameter to Arg constructor. Allows renaming of keys in the parsed arguments dictionary. Thanks Josh Carp.
• FlaskParser's handle_error method attaches the string representation of validation errors on err.data['message']. The raised exception is stored on err.data['exc'].
• Additional keyword arguments passed to Arg are stored as metadata.

0.6.2 (2014-10-05)

• Fix bug in TornadoParser's handle_error method. Thanks Josh Carp.
• Add error parameter to Parser constructor that allows a custom error message to be used if schema-level validation fails.
• Fix bug that raised a UnicodeEncodeError on Python 2 when an Arg\'s validator function received non-ASCII input.

0.6.1 (2014-09-28)

• Fix regression with parsing an Arg with both default and target set (see issue #11).

0.6.0 (2014-09-23)

• Add validate parameter to Parser.parse and Parser.use_args. Allows validation of the full parsed output.
• If allow_missing is True on an Arg for which None is explicitly passed, the value will still be present in the parsed arguments dictionary.
• Backwards-incompatible: Parser's parse_* methods return webargs.core.Missing if the value cannot be found on the request. NOTE: webargs.core.Missing will not show up in the final output of Parser.parse.
• Fix bug with parsing empty request bodies with TornadoParser.

0.5.1 (2014-08-30)

• Fix behavior of Arg's allow_missing parameter when multiple=True.
• Fix bug in tornadoparser that caused parsing JSON arguments to fail.

0.5.0 (2014-07-27)

• Fix JSON parsing in Flask parser when Content-Type header contains more than just [application/json]{.title-ref}. Thanks Samir Uppaluru for reporting.
• Backwards-incompatible: The use parameter to Arg is called before type conversion occurs. Thanks Eric Wang for the suggestion.
• Tested on Tornado>=4.0.

0.4.0 (2014-05-04)

• Custom target handlers can be defined using the Parser.target_handler decorator.
• Error handler can be specified using the Parser.error_handler decorator.
• Args can define their request target by passing in a target argument.
• Backwards-incompatible: DEFAULT_TARGETS is now a class member of Parser. This allows subclasses to override it.

0.3.4 (2014-04-27)

• Fix bug that caused use_args to fail on class-based views in Flask.
• Add allow_missing parameter to Arg.

0.3.3 (2014-03-20)

• Awesome contributions from the open-source community!
• Add use_kwargs decorator. Thanks \@venuatu.
• Tornado support thanks to \@jvrsantacruz.
• Tested on Python 3.4.

0.3.2 (2014-03-04)

• Fix bug with parsing JSON in Flask and Bottle.

0.3.1 (2014-03-03)

• Remove print statements in core.py. Oops.

0.3.0 (2014-03-02)

• Add support for repeated parameters (#1).
• Backwards-incompatible: All [parse_*]{.title-ref} methods take [arg]{.title-ref} as their fourth argument.
• Add error_handler param to Parser.

0.2.0 (2014-02-26)

• Bottle support.
• Add targets param to Parser. Allows setting default targets.
• Add files target.

0.1.0 (2014-02-16)

• First release.
• Parses JSON, querystring, forms, headers, and cookies.
• Support for Flask and Django.