How do you prevent password_hash from appearing in a FastAPI response?
Tests FastAPI response filtering and the security practice of separating DB schemas from API contracts. A strong answer proposes a dedicated output model omitting the field, then cites response_model_exclude. Red flag: manual dict deletion or monkey-patching.
Tests your understanding of FastAPI response filtering and the architectural principle of separating internal database representations from external API contracts. A strong answer first recommends a dedicated Pydantic output model that omits the sensitive field, which is the cleanest pattern. It should then mention the decorator-level escape hatch, response_model_exclude, for quick filtering. Red flag: proposing manual dictionary manipulation, runtime model mutation, or client-side filtering, all of which are fragile and insecure.
Read the original → fastapi.tiangolo.com
- #fastapi
- #pydantic
- #security
- #serialization
- #api-design
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.