Eve Changelog

Here you can see the full list of changes between each Eve release.

Version 0.4

Not released yet.

  • [fix] Documentation improvements (Jen Montes).
  • [change] MarkupSafe 0.21 is now required.
  • [new] Ability to send entire document in write responses. BANDWITH_SAVER aka Coherence Mode (Josh Villbrandt).
  • [fix] KeyError exception was raised when field specified in schema as embeddable was missing in a particular document (Jaroslav Semančík).
  • [fix] Tests on HEAD requests would very occasionally fail. See #316.
  • [change] PyMongo 2.7 is now required.
  • [fix] Automatic fields such as DATE_CREATD and DATE_CREATED are correctly handled in client projections (Josh Villbrandt). Closes #282.
  • [change] Callbacks get whole json response on on_fetched. This allows for callbacks functions to alter the whole payload, even when HATEOAS is enabled and _items and _links metafields are present.
  • [new] on_pre_<METHOD> events expose the lookup dictionary which allows for setting up dynamic database lookups on both resource and item endpoints.
  • [fix] Make codebase compliant with latest PEP8/flake8 release (Javier Gonel).
  • [fix] If you had a media field, and set datasource projection to 0 for that field, the media would not be deleted. Closes #284.
  • [new] Return a 400 response on pymongo DuplicateKeyError, with exception message if debug mode is on (boosh).
  • [change] on_update(ed) and on_replace(ed) callbacks now receive both the original document and the updates (Jaroslav Semančík).
  • [new] PyPy officially supported and tested (Javier Gonel).
  • [new] tox support (Javier Gonel).
  • [new] Post database events (Javier Gonel). Addresses #272.
  • [change] Review event names (Javier Gonel).
  • [new] Versioned Documents (Josh Villbrandt). Closes #224.
  • [fix] tests cleanup (Javier Gonel).
  • [fix] tests now run on any system without needing to set ulimit to a higher value (Javier Gonel).
  • [change] MarksupSafe 0.19 is now required.
  • [new] Python trove classifiers added to setup.py.
  • [fix] media files: don’t try to delete a field that does not exist (Taylor Brown).
  • [fix] Occasional KeyError while building _media helper dict. See #271 (Alexander Hendorf).
  • [fix] If-Modified-Since misbehaviour when a datasource filter is set. Closes #258.
  • [new] Client projections are also honored at item endpoints.
  • [new] validate that ID_FIELD is not set as a resource auth_field. Addresses #266.
  • [fix] Trouble serializing list of dicts. Closes #265 and #244.
  • [fix] HATEOAS item links are now coherent actual endpoint URL even when natural immutable keys are used in URLs (Junior Vidotti). Closes #256.
  • Replaced ID_FIELD by item_lookup_field on self link. item_lookup_field will default to ID_FIELD if blank.
  • [new] URL_PROTOCOL defines the HTTP protocol used when building HATEOAS links. Defaults to '' for relative paths (Junior Vidotti).
  • [new] on_delete_item and on_deleted_item is raised on DELETE requests sent to document endpoints. Addresses #232.
  • [new] on_delete_resource and on_deleted_resource is raised on DELETE requests sent to resource endpoints. Addresses #232.
  • [new] on_update is raised on PATCH requests, when a document is about to be updated on the database. Addresses #232.
  • [new] on_replace is raised on PUT requests, when a document is about to be replaced on the database. Addresses #232.
  • [change] on_insert is not raised anymore on PUT requests (replaced by above mentioned on_replace).
  • [change] auth.request_auth_value is no more. Yay. See below.
  • [change] auth.set_request_auth_value() allows to set the auth_field value for the current request.
  • [change] auth.get_request_auth_value() allows to retrieve the auth_field value for the current request.
  • [new] auth constructor argument accepts either a class instance or a callable. Closes #248.

Version 0.3

Released on 14 February, 2014.

  • [fix] Serialization of sub-documents (Hannes Tiede). Closes #244.
  • [new] X_MAX_AGE allows to configure CORS Access-Control-Max-Age (David Buchmann).
  • [fix] GET with If-Modified-Since on list endpoint returns incorrect 304 if resource is empty. Closes #243.
  • [change] POST will return 201 Created if at least one document was accepted for insertion; 200 OK otherwise (meaning the request was accepted and processed). It is still client’s responsability to parse the response payload to check if any document did not pass validation. Addresses #201 #202 #215.
  • [new] number data type. Allows both integers and floats as field values.
  • [fix] Using primary keys other than _id. Closes #237.
  • [fix] Add tests for PUT when User Restricted Resource Access is active.
  • [fix] Auth field not set if resource level authentication is set. Fixes #231.
  • [fix] RateLimit check was occasionally failing and returning a 429 (John Deng).
  • [change] Jinja2 2.7.2 is now required.
  • [new] media files (images, pdf, etc.) can be uploaded as media document fields. When a document is requested, eventual media files will be returned as Base64 strings. Upload is done via POST, PUT and PATCH using the multipart/data-form content-type. For optmized performance, by default files are stored in GridFS, however custom MediaStorage classes can be provided to support alternative storage systems. Clients and API maintainers can exploit the projections feature to include/exclude media fields from requests. For example, a request like /url/<id>?projection={"image": 0} will return the document without the image field. Also, while setting a resource datasource it is possible to explicitly exclude media fields from standard responses (clients will need to explicitly add them to the payload with ?projection={"image": 1}).
  • [new] media type for schema fields.
  • [new] media application argument. Allows to specify a media storage class to be used to store media files. Defaults to GridFSMediaStorage.
  • [new] GridFSMediaStorage class. Stores files into GridFS.
  • [new] MediaStorage class provides a standardized API for storing files, along with a set of default behaviors that all other storage systems can inherit or override as necessary.
  • [new] file data type support and validation for resource schema.
  • [new] multipart/form-data content-type is now supported for requests.
  • [fix] Field exclusion (?projection={"fieldname": 0}) now supported in client projections. Remember, mixing field inclusion and exclusion is still not supported by MongoDB.
  • [fix] URL_PREFIX and API_VERSION are correctly reported in HATOEAS links.
  • [fix] DELETE on sub-resources should only delete documents referenced by the parent. Closes #212.
  • [fix] DELETE on a resource endpoint honors User-Restricted Resource Access. Closes #213.
  • [new] JSON allows to enable/disable JSON responses. Defaults to True (JSON enabled).
  • [new] XML allows to enable/disable XML responses. Defaults to True (XML enabled).
  • [fix] XML properly honors _LINKS and _ITEMS settings.
  • [fix] return all document fields when resource schema is empty.
  • [new] pytest.ini for pytest support.
  • [fix] All tests should now run with nose and pytest. Closes #209.
  • [new] query_objectid_as_string resource setting. Defaults to False. Addresses #207.
  • [new] ETAG allows to customize the etag field. Defaults to _etag.
  • [change] etag is now _etag in all default response payloads (see above).
  • [change] STATUS defaults to ‘_status’.
  • [change] ISSUES defaults to ‘_issues’.
  • [change] DATE_CREATED defaults to ‘_created’. Upgrade existing collections by running db.<collection>.update({}, { $rename: { "created": "_created" } }, { multi: true }) in the mongo shell. If an index exists on the field, drop it and create a new one using the new field name.
  • [change] LAST_UPDATED defaults to ‘_updated’. Upgrade existing collections by running db.<collection>.update({}, { $rename: { "updated": "_updated" } }, { multi: true }) in the mongo shell. If an index exists on the field, drop it and create a new one usung the new field name.
  • [change] Exclude etag from both response payload and headers if concurrency control is disabled (IF_MATCH = False). Closes #205.
  • [fix] Custom ID_FIELD would fail on update/insert methods. Fixes #203 (Jaroslav Semančík).
  • [change] GET: when If-Modified-Since header is present, either no documents (304) or all documents (200) are sent per the HTTP spec. Original behavior can be achieved with: /resource?where={"updated":{"$gt":"if-modified-since-date"}} (Josh Villbrandt).
  • [change] Validation errors are now reported as a dictionary with offending fields as keys and issues descriptions as values.
  • [change] Cerberus v0.6 is now required.

Version 0.2

Released on 30 November, 2013.

  • [new] Sub-Resources. It is now possible to configure endpoints such as: /companies/<company_id>/invoices. Also, the corresponding item endpoints, such as /companies/<company_id>/invoices/<invoice_id>, are available. All CRUD operations on these endpoints are allowed. Closes 156.
  • [new] resource_title allows to customize the endpoint title (HATEOAS).
  • [new][dev] extra cursor property, when present, will be added to GET responses (with same key). This feature can be used by Eve extensions to inject proprietary data into the response stream (Petr Jašek).
  • [new] IF_MATCH allows to disable checks for ETag matches on edit, replace and delete requests. If disabled, requests without an If-Match header will be honored without returning a 403 error. Defaults to True (enabled by default).
  • [new] LINKS allows to customize the links field. Default to ‘_links’.
  • [new] ITEMS allows to customize the items field. Default to ‘_items’.
  • [new] STATUS allows to customize the status field. Default to ‘status’.
  • [new] ISSUES allows to customize the issues field. Default to ‘issues’.
  • [new] Handling custom ID fields tutorial.
  • [new] A new json_encoder initialization argument is available. It allows to pass custom JSONEncoder or eve.io.BaseJSONEncoder to the Eve instance.
  • [new] A new url_converters initialization argument is available. It allows to pass custom Flask url converters to the Eve constructor.
  • [new] ID_FIELD fields can now be of arbitrary types, not only ObjectIds. Thanks to Kelvin Hammond for contributing to this one. Closes #136.
  • [new] pre_<method> and pre_<method>_<resource> event hooks are now available. They are raised when a request is received and before processing it. The resource involved and the Flask request object are returned to the callback function (dccrazyboy).
  • [new] embedded_fields activates default Embedded Resource Serialization on a list of selected document fields. Eventual embedding requests by clients will be processed along with default embedding. In order for default embedding to work, the field must be defined as embeddable, and embedding must be active for the resource (with help from Christoph Witzany).
  • [new] default_sort option added to the datasource resource setting. It allows to set default sorting for the endpoint. Default sorting will be overriden by a client request that happens to include a ?sort argument within the query string (with help from Christoph Witzany).
  • [new] You can now choose to provide custom settings as a Python dictionary.
  • [new] New method Eve.register_resource() for registering new resource after initialization of Eve object. This is needed for simpler initialization API of all ORM/ODM extensions (Stanislav Heller).
  • [change] Rely on Flask endpoints to map urls to resources.
  • [change] For better consistency with new pre_<method> hooks, on_<method> event hooks have been renamed to on_post_<method>.
  • [change] Custom authentication classes can now be set at endpoint level. When set, an endpoint-level auth class will override the eventual global level auth class. Authentication docs have been updated (and greatly revised) accordingly. Closes #89.
  • [change] JSON encoding is now handled at the DataLayer level allowing for specialized, granular, data-aware encoding. Also, since the JSON encoder is now a class attribute, extensions can replace the pre-defined data layer encoder with their own implementation. Closes #102.
  • [fix] HMAC example and docs updated to align with new hmac in Python 2.7.3, which is only accepting bytes string. Closes #199.
  • [fix] Properly escape leaf values in XML responses (Florian Rathgeber).
  • [fix] A read-only field with a default value would trigger a validation error on POST and PUT methods.

Version 0.1.1

Released on October 31th, 2013.

Enhancements

  • DELETE now uses the original document ID_FIELD when issuing the delete command to the underlying data layer (Xavi Cubillas).
  • Embedded Resource Serialization also available at item endpoints (/invoices/<id>/?embedded={'person':1}),
  • collection (used when setting up a data relation, see Embedded Resource Serialization) has been renamed to resource in order to avoid confusion between the Eve schema and underlying MongoDB collections.
  • Nested endpoints. Endpoints with deep paths like /contacts/overseas can now function in conjuction with top-level endpoints (/contacts). Endpoints are completely independent: each can allow item lookups (/contacts/<id> and contacts/overseas/<id>) and different access methods. Previously, while you could have complex urls, you could not get nested endpoints to work properly.
  • PyMongo 2.6.3 is now supported.
  • item-id wrappers have been removed from POST/PATCH/PUT requests and responses. Requests for single document insertion/edition are now performed by just submitting the relevant document. Bulk insert requests are performed by submitting a list of documents. The response to bulk requests is a list itself in which every list item contains the state of the corresponding request document. Please note that this is a breaking change. Also be aware that when the request content-type is x-www-form-urlencoded, single document insert is performed. Closes #139.
  • ObjectId are properly serialized on POST/PATCH/PUT methods.
  • Queries on ObjectId and datetime values in nested documents.
  • auth.user_id renamed to auth.request_auth_value for better consistency with the auth_field setting. Closes #132 (Ryan Shea).
  • Same behavior as Flask, SERVER_NAME now defaults to None. It allows much easier development on distant machine that may changes IP (Ronan Delacroix).

Fixes

  • CORS support was not available for additional_lookup urls (Petr Jašek.)
  • ‘default’ field values that could be assimilated to None (0, None, “”) would be ignored.
  • POST and PUT would fail with 400 if there was no auth class while auth_field was set for a resource.
  • Fix order of string arguments in exception message in flaskapp.validate_schema() (Roy Smith).

Version 0.1

Released on September 30th, 2013.

New Features

  • PUT method for completely replace a document while keeping the same unique identifier. Closes #96.
  • Embedded Resource Serialization. If a document field is referencing a document in another resource, clients can request the referenced document to be embedded within the requested document (Bryan Cattle). Closes #68.
  • “No trailing slash” URLs are now supported. Closes #118.
  • HATEOAS is now optional and can be disabled both at global and resource level.
  • X-HTTP-Method-Override supported for all HTTP Methods. Closes #95.

Enhancements

  • HTTP method is now passed into authenticate() and check_auth() (Ken Carpenter). Closes #90 .
  • Cleanup and hardening of User-Restricted Resource Access Edit (Bryan Cattle).
  • Account Management tutorial updated to reflect the event hooks naming update introduced in v0.0.9.
  • Some more Python 3 refactoring (Dong Wei Ming).
  • Events 0.2.0 is now supported.
  • PyMongo 2.6.2 is now supported.
  • Cerberus 0.4.0 is now supported.

Fixes

  • Item GET on documents with non-existent ‘created’ field (because stored outside of API context) were not returning a default value for the field.
  • Edits on documents with non-existent ‘created’ or ‘updated’ fields (because stored outside of the API context) were returning 412 Precondition Failed. Closes #123.
  • on_insert is raised when a PUT (replace action) is about to be performed. Closes #120.
  • Installation on Windows with Python 3 was returning encoding errors.
  • Fixed #99: malformed XML render when href includes forbidden URI/URL chars.
  • Fixed a bug introduced with 0.0.9 and Python 3 support. Filters (?where) on datetime values were not working when running on Python 2.x.
  • Fixed some typos and minor grammatical errors all across the documentation (Ken Carpenter, Jean Boussier, Kracekumar, Francisco Corrales Morales).

Version 0.0.9

Released on August 29, 2013

  • PyMongo 2.6 is now supported.
  • FILTERS boolean replaced by ALLOWED_FILTERS list which allows for explicit whitelisting of filter-enabled fields (Bryan Cattle). Closes #78.
  • Custom user ids for User-Restricted Resource Access, allowing for more flexibility and token revocation with token-based authentication. Closes #73.
  • AUTH_USERNAME_FIELD renamed to AUTH_FIELD.
  • auth_username_field renamed to auth_field.
  • BasicAuth and subclasses now support user_id property.
  • Updated the event hooks naming system to be more robuts and consistent. Closes #80.
  • To emphasize the fact that they are tied to a method, all on_<method> hooks now have <method> in uppercase.
  • on_getting hook renamed to on_fetch_resource.
  • on_getting_<resource> hook renamed to on_fetch_resource_<resource>
  • on_getting_item hook renamed to on_fetch_item.
  • on_getting_item_<item_title> hook renamed to on_fetch_item_<item_title>.
  • on_posting hook renamed to on_insert.
  • Datasource projections always include automatic fields (ID_FIELD, LAST_UPDATED, DATE_CREATED). Closes #85.
  • Public HTTP methods now override auth_username_field Edit. Closes #70 (Bryan Cattle).
  • Response date fields are now using GMT instead of UTC. Closes #83.
  • Handle the case of ‘additional_lookup’ field being an integer. If this is the case you can omit the ‘url’ key, as it will be ignored, and the integer value correctly parsed.
  • More informative HTTP error messages. Some more informative error messages have been added for HTTP 400/3/12 and 500 errors. The error messages only show if DEBUG==True (Bryan Cattle).
  • on_getting(resource, documents) is now on_getting_resource(resource, documents); on_getting_<resource>(documents) is now known as ``on_getting_resource_<resource>(documents) (Ryan Shea).
  • Added a new event hook: on_getting_item_<title>(_id, document) (Ryan Shea).
  • Allow auth_username_field to be set to ID_FIELD (Bryan Cattle).
  • Python 3.3 is now supported.
  • Flask 0.10.1 is now supported.
  • Werkzeug 0.9.4 is now supported.
  • Copyright finally updated to 2013.

Version 0.0.8

Released on July 25th 2013.

  • Only run RateLimiting tests if redis-py is installed and redis-server is running.
  • CORS Access-Control-Allow-Headers header support (Garrin Kimmell).
  • CORS OPTIONS support for resource and items endpoints (Garrin Kimmell).
  • float is now available as a data-type in the schema definition ruleset.
  • nullable field schema rule is now available. If True the field value can be set to null. Defaults to False.
  • v0.3.0 of Cerberus is now a requirement.
  • on_getting, on_getting_<resource> and on_getting_item event hooks. These events are raised when documents have just been read from the database and are about to be sent to the client. Registered callback functions can eventually manipulate the documents as needed. Please be aware that last_modified and etag headers will always be consistent with the state of the documents on the database (they won’t be updated to reflect changes eventually applied by the callback functions). Closes #65.
  • Documentation fix: AUTH_USERFIELD_NAME renamed to AUTH_USERNAME_FIELD (Julien Barbot).
  • Responses to GET requests for resource endpoints now include a last item in the _links dictionary. The value is a link to the last page available. The item itself is only provided if pagination is enabled and the page being requested isn’t the last one. Closes #62.
  • It is now possible to set the MongoDB write concern level at both global (MONGO_WRITE_CONCERN) and endpoint (mongo_write_concern) levels. The value is a dictionary with all valid MongoDB write_concern settings (w, wtimeout, j and fsync) as keys. {'w': 1} is the default, which is also MongoDB’s default setting.
  • TestMininal class added to the test suite. This will allow to start the building of the tests for an application based on Eve, by subclassing the TestMinimal class (Daniele Pizzolli).

Version 0.0.7

Released on June 18th 2013.

  • Pinned Werkzeug requirement to v0.8.3 to avoid issues with the latest release which breaks backward compatibility (actually a Flask 0.9 requirements issue, which backtracked to Eve).
  • Support for Rate Limiting on all HTTP methods. Closes #58. Please note: to successfully execute the tests in ‘eve.tests.methods.ratelimit.py`, a running redis server is needed.
  • utils.request_method internal helper function added, which allowed for some nice code cleanup (DRY).
  • Setting the default ‘field’ value would not happen if a ‘data_relation’ was nested deeper than the first schema level. Fixes #60.
  • Support for EXTRA_RESPONSE_FIELDS. It is now possible to configure a list of additonal document fields that should be provided with POST responses. Normally only automatically handled fields (ID_FIELD, LAST_UPDATED, DATE_CREATED, etag) are included in POST payloads. EXTRA_RESPONSE_FIELDS is a global setting that will apply to all resource endpoint . Defaults to [], effectively disabling the feature. extra_response_fields is a local resource setting and will override EXTRA_RESPONSE_FIELDS when present.
  • on_posting and on_posting_<resource> event hooks. on_posting and on_posting_<resource> events are raised when documents are about to be stored. Among other things this allows callback functions to arbitrarily update the documents being inserted. on_posting(resource, documents) is raised on every successful POST while on_posting_<resource>(documents) is only raised when <resource> is being updated. In both circumstances events will be raised only if at least one document passed validation and is going to be inserted.
  • Flask native request.json is now used when decoding request payloads.
  • resource argument added to Authorization classes. The check_auth() method of all classes in the eve.auth package (BasicAuth, HMACAuth, TokenAuth) now supports the resource argument. This allows subclasses to eventually build their custom authorization logic around the resource being accessed.
  • MONGO_QUERY_BLACKLIST option added. Allows to blacklist mongo query operators that should not be allowed in resource queries (?where=). Defaults to [‘$where’, ‘$regex’]. Mongo Javascript operators are disabled by default as they might be used as vectors for injection attacks. Javascript queries also tend to be slow and generally can be easily replaced with the (very rich) Mongo query dialect.
  • MONGO_HOST defaults to ‘localhost’.
  • MONGO_PORT defaults to 27017.
  • Support alternative hosts/ports for the test suite (Paul Doucet).

Version 0.0.6

Released on May 13th 2013.

  • Content-Type header now properly parsed when additional arguments are included (Ondrej Slinták).
  • Only fields defined in the resource schema are now returned from the database. Closes #52.
  • Default SERVER_NAME is now set to 127.0.0.1:5000.
  • auth_username_field is honored even when there is no query in the request (Thomas Sileo).
  • Pagination links in XML payloads are now properly escaped. Fixes #49.
  • HEAD requests supported. Closes #48.
  • Event Hooks. Each time a GET, POST, PATCH, DELETE method has been executed, both global on_<method> and resource-level on_<method>_<resource> events will be raised. You can subscribe to these events with multiple callback functions. Callbacks will receive the original flask.request object and the response payload as arguments.
  • Proper max_results handling in eve.utils.parse_request, refactored tests (Tomasz Jezierski).
  • Projections. Projections are conditional queries where the client dictates which fields should be returned by the API (Nicolas Bazire).
  • ALLOW_UNKNOWN option, and the corresponding allow_options local setting, allow for a less strict schema validation. Closes #34.
  • ETags are now provided with POST responses. Closes #36.
  • PATCH performance improvement: ETag is now computed in memory; performing an extra database lookup is not needed anymore.
  • Bulk Inserts on the database. POST method heavily refactored to take advantage of MongoDB native support for Bulk Inserts. Please note: validation constraints are checked against the database, and not between the payload documents themselves. This causes an interesting corner case: in the event of a multiple documents payload where two or more documents carry the same value for a field where the unique constraint is set, the payload will validate successfully, as there are no duplicates in the database (yet). If this is an issue, the client can always send the documents once at a time for insertion, or validate locally before submitting the payload to the API.
  • Responses to document GET requests now include the ETag in both the header and the payload. Closes #29.
  • methods settings keyword renamed to resource_methods for coherence with the global RESOURCE_METHODS (Nicolas Carlier).

Version 0.0.5

Released on April 11th 2013.

  • Fixed an issue that apparently caused the test suite to only run successfully on the dev box. Thanks Chronidev for reporting this.
  • Referential integrity validation via the new data_relation schema keyword. Closes #25.
  • Support for Content-Type: application/json for POST and PATCH methods. Closes #28.
  • User-restricted resource access. Works in conjunction with Authentication. When enabled, users can only read/update/delete resource items created by themselves. Can be switched on and off at global level via the AUTH_USERFIELD_NAME keywork, or at single resource endpoints with the user_userfield_name keyword (the latter will override the former). The keyword contains the actual name of the field used to store the username of the user who created the resource item. Defaults to ‘’, which disables the feature (Thomas Sileo).
  • PAGING_LIMIT keyword setting renamed to PAGINATION_LIMIT for better coherency with the new PAGINATION keyword. This could break backward compatibility in some cases.
  • PAGING_DEFAULT keyword settings renamed to PAGINATION_DEFAULT for better coherence with the new PAGINATION keyword. This could break backward compatibility in some cases.
  • ITEM_CACHE_CONTROL removed as it seems unnecessary at the moment.
  • Added an example on how to handle events to perform custom actions. Closes #23 and #22.
  • eve.validation_schema() now collects offending items and returns all of them into the exception message. Closes #24.
  • Filters (?where=), sorting (?sort=) and pagination (?page=10) can now be be disabled at both global and endpoint level. Closes #7.
  • CORS (Cross-Origin Resource Sharing) support. The new X-DOMAINS keywords allows API maintainers to specify which domains are allowed to perform CORS requests. Allowed values are: None, a list of domains, or ‘*’ for a wide-open API. Closes #1.
  • HMAC (Hash Message Authentication Code) based Autentication.
  • Token Based Authentication, a variation of Basic Authentication. Closes #20.
  • Orphan function removed (eve.methods.get.standard_links ).
  • DATE_CREATED and LAST_UPDATED fields now show default values for documents created outside the API context. Fixes #18.

Version 0.0.4

Released on February 25th 2013.

  • Consistent ETag computation between runs/instances. Closes #16.
  • Support for Basic Authentication (RFC2617).
  • Support for fine-tuning authentication with PUBLIC_METHODS and PUBLIC_ITEM_METHODS. By default, access is restricted to all endpoints, for all HTTP verbs (methods), effectively locking down the whole API.
  • Supporto for role-based access control with ALLOWED_ROLES and allowed_roles.
  • Support for all standard Flask initialization parameters.
  • Support for default values in resource fields. The new default keyword can now be used when defining a field rule set. Please note: currently default values are supported only for main document fields. Default values for fields in embedded documents will be ignored.
  • Multiple API endpoints can now target the same database collection. For example now you can set both /admins/ and /users/ to read and write from the same collection on the db, people. The new datasource setting allows to explicitly link API resources to database collections. It is a dictionary with two allowed keys: source and filter. source dictates the database collection consumed by the resource. filter is the underlying query, applied by the API when retrieving and validating data for the resource. Previously, the resource name would dictate the linked datasource (and of course you could not have two resources with the same name). This remains the default behaviour: if you omit the datasource setting for a resource, its name will be used to determine the database collection.
  • It is now possibile to set predefined db filters for each resource. Predefined filters run on top of user queries (GET requests with where clauses) and standard conditional requests (If-Modified-Since, etc.) Please note that datasource filters are applied on GET, PATCH and DELETE requests. If your resource allows for POST requests (document insertions), then you will probably want to set the validation rules accordingly (in our example, ‘username’ should probably be a required field).
  • JSON-Datetime dependency removed.
  • Support for Cerberus v0.0.3 and later.
  • Support for Flask-PyMongo v0.2.0 and later.
  • Repeated XML requests to the same endpoint could occasionally return an Internal Server Error (Fixes #8).

Version 0.0.3

Released on January 22th 2013.

  • XML rendering love. Lots of love.
  • JSON links are always wrapped in a _links dictionary. Key values match the relation between the item being represented and the linked resource.
  • Streamlined JSON responses. Superflous response root key has been removed from JSON payloads. GET requests to resource endpoints: items are now wrapped with an _items list. GET requests to item endpoints: item is now at root level, with no wrappers around it.
  • Support for API versioning through the new API_VERSION configuration setting.
  • Boolean values in request forms are now correctly parsed.
  • Tests now run under Python 2.6.

Version 0.0.2

Released on November 27th 2012.

  • Homepage/api entry point resource links fixed. They had bad ‘href’ tags which also caused XML validation issues when processing responses (especially when accessing the API via browser).
  • Version number in ‘Server’ response headers.
  • Added support for DELETE at resource endpoints. Expected behavior: will delete all items in the collection. Disabled by default.
  • eve.io.mongo.Validator now supports Validator signature, allowing for further subclassing.

Version 0.0.1

Released on November 20th 2012.

  • First public preview release.

You are looking at the documentation of the development version.

Support Eve

If you use Eve please consider financial support:

Support Eve

Get Updates

Receive updates on new releases and upcoming projects.

Subscribe to Newsletter

Useful Links

Feedback

Feedback is greatly appreciated. If you have any questions, comments, random praise, or anonymous threats, get on the mailing list or shoot an email.

Table Of Contents

Related Topics

Fork me on GitHub