Hide "input" from response upon 422 Validation Error #10352

themightywolfie · 2023-09-29T11:01:47Z

themightywolfie
Sep 29, 2023

First Check

I added a very descriptive title here.
I used the GitHub search to find a similar question and didn't find it.
I searched the FastAPI documentation, with the integrated search.
I already searched in Google "How to X in FastAPI" and didn't find any information.
I already read and followed all the tutorial in the docs and didn't find an answer.
I already checked if it is not related to FastAPI but to Pydantic.
I already checked if it is not related to FastAPI but to Swagger UI.
I already checked if it is not related to FastAPI but to ReDoc.

Commit to Help

I commit to help with one of those options 👆

Example Code

from fastapi import Body, FastAPI
from fastapi.security import HTTPBasicCredentials
from fastapi.responses import JSONResponse

app = FastAPI()

@app.post("/login")
async def login(credentials: HTTPBasicCredentials = Body(...)):
   return JSONResponse(content={'username': credentials.username})

Description

The example code is a simplified version of the basic auth I am trying to implement. I am sending "username" and "password" in request body.

If either of the fields are missing from the request body, I get the following detailed response because obviously the HTTPBasicCredentials pydantic model has only two fields. I used "user" instead of "username" in the request body

{
    "detail": [
        {
            "type": "missing",
            "loc": [
                "body",
                "username"
            ],
            "msg": "Field required",
            "input": {
                "user": "john.smith",
                "password": "3xtr3m#"
            },
            "url": "https://errors.pydantic.dev/2.4/v/missing"
        }
    ]
}

I want to hide the input from this response. Is there any way possible?

Operating System

Windows

Operating System Details

No response

FastAPI Version

0.103.1

Pydantic Version

2.4.0

Python Version

3.11.4

Additional Context

No response

Answered by NeilBotelho

Sep 30, 2023

fastapi allows you to override request validation exceptions. One sort of solution to this is to override the exception with a modified version of the default fastapi request validation exception handler and exclude the input/url field from the response i.e. :

@app.exception_handler(RequestValidationError)
async def request_validation_exception_handler(
    request: Request, exc: RequestValidationError
) -> JSONResponse:
    print(exc.errors())
    return JSONResponse(
        status_code=HTTP_422_UNPROCESSABLE_ENTITY,
        content={"detail": jsonable_encoder(exc.errors(), exclude={"input"})})

The downside of this method would be that this removes the input/url field from all exception…

View full answer

a-was · 2023-09-29T19:59:48Z

a-was
Sep 29, 2023

Same here, but for the url field
Here's Pydantic docs on how to hide these fields
https://docs.pydantic.dev/2.4/api/pydantic_core/#pydantic_core._pydantic_core.ValidationError.json
Of course, FastAPI uses this method internally and should provide a way to set this kwargs

0 replies

NeilBotelho · 2023-09-30T16:00:47Z

NeilBotelho
Sep 30, 2023

fastapi allows you to override request validation exceptions. One sort of solution to this is to override the exception with a modified version of the default fastapi request validation exception handler and exclude the input/url field from the response i.e. :

@app.exception_handler(RequestValidationError)
async def request_validation_exception_handler(
    request: Request, exc: RequestValidationError
) -> JSONResponse:
    print(exc.errors())
    return JSONResponse(
        status_code=HTTP_422_UNPROCESSABLE_ENTITY,
        content={"detail": jsonable_encoder(exc.errors(), exclude={"input"})})

The downside of this method would be that this removes the input/url field from all exception responses, unless theres a way to override the response exception handler for a single method.

3 replies

a-was Oct 2, 2023

Thanks, it works! 😃

styper Oct 30, 2023

Shouldn't FastAPI hide URL and input by default since the OpenAPI generated docs doesn't have those fields? Or is my setup broken?
I used the tutorial example and passed in a string in place of the item_id and I get those fields, but the docs and redoc links don't reference them in the 422 error schema.

kinuax May 5, 2025

Current FastAPI's validation error includes input field, not url. OpenAPI schema does not include input and url.

kinuax · 2025-05-01T12:22:34Z

kinuax
May 1, 2025

I share another approach that proposes enabling/disabling both input and url fields without tweaking the request validation exceptions: #13657

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Hide "input" from response upon 422 Validation Error #10352

Uh oh!

{{title}}

Uh oh!

Replies: 3 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Hide "input" from response upon 422 Validation Error #10352

Uh oh!

themightywolfie Sep 29, 2023

First Check

Commit to Help

Example Code

Description

Operating System

Operating System Details

FastAPI Version

Pydantic Version

Python Version

Additional Context

Replies: 3 comments · 3 replies

Uh oh!

a-was Sep 29, 2023

Uh oh!

NeilBotelho Sep 30, 2023

Uh oh!

a-was Oct 2, 2023

Uh oh!

styper Oct 30, 2023

Uh oh!

Uh oh!

kinuax May 5, 2025

Uh oh!

kinuax May 1, 2025

themightywolfie
Sep 29, 2023

Replies: 3 comments 3 replies

a-was
Sep 29, 2023

NeilBotelho
Sep 30, 2023

kinuax
May 1, 2025