flask-api-development
Develop lightweight Flask APIs with routing, blueprints, database integration, authentication, and request/response handling. Use when building RESTful APIs, microservices, or lightweight web services with Flask.
Best use case
flask-api-development is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Develop lightweight Flask APIs with routing, blueprints, database integration, authentication, and request/response handling. Use when building RESTful APIs, microservices, or lightweight web services with Flask.
Teams using flask-api-development should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/flask-api-development/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How flask-api-development Compares
| Feature / Agent | flask-api-development | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Develop lightweight Flask APIs with routing, blueprints, database integration, authentication, and request/response handling. Use when building RESTful APIs, microservices, or lightweight web services with Flask.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Flask API Development
## Overview
Create efficient Flask APIs with blueprints for modular organization, SQLAlchemy for ORM, JWT authentication, comprehensive error handling, and proper request validation following REST principles.
## When to Use
- Building RESTful APIs with Flask
- Creating microservices with minimal overhead
- Implementing lightweight authentication systems
- Designing API endpoints with proper validation
- Integrating with relational databases
- Building request/response handling systems
## Instructions
### 1. **Flask Application Setup**
```python
# app.py
from flask import Flask, request, jsonify
from flask_cors import CORS
from flask_sqlalchemy import SQLAlchemy
from flask_jwt_extended import JWTManager
import os
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URL', 'sqlite:///app.db')
app.config['JWT_SECRET_KEY'] = os.getenv('JWT_SECRET_KEY', 'dev-secret')
app.config['JSON_SORT_KEYS'] = False
db = SQLAlchemy(app)
jwt = JWTManager(app)
CORS(app)
# Request ID middleware
@app.before_request
def assign_request_id():
import uuid
request.request_id = str(uuid.uuid4())
# Error handlers
@app.errorhandler(400)
def bad_request(error):
return jsonify({
'error': 'Bad Request',
'message': str(error),
'request_id': request.request_id
}), 400
@app.errorhandler(404)
def not_found(error):
return jsonify({
'error': 'Not Found',
'message': 'Resource does not exist',
'request_id': request.request_id
}), 404
@app.errorhandler(500)
def internal_error(error):
db.session.rollback()
return jsonify({
'error': 'Internal Server Error',
'request_id': request.request_id
}), 500
if __name__ == '__main__':
app.run(debug=os.getenv('ENV') != 'production')
```
### 2. **Database Models with SQLAlchemy**
```python
# models.py
from datetime import datetime
from flask_sqlalchemy import SQLAlchemy
from sqlalchemy.dialects.postgresql import UUID
import uuid
db = SQLAlchemy()
class User(db.Model):
__tablename__ = 'users'
id = db.Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
email = db.Column(db.String(255), unique=True, nullable=False, index=True)
password_hash = db.Column(db.String(255), nullable=False)
first_name = db.Column(db.String(100))
last_name = db.Column(db.String(100))
role = db.Column(db.String(20), default='user', index=True)
is_active = db.Column(db.Boolean, default=True)
created_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
# Relationships
posts = db.relationship('Post', backref='author', lazy='dynamic', cascade='all, delete-orphan')
def __repr__(self):
return f'<User {self.email}>'
def set_password(self, password):
from werkzeug.security import generate_password_hash
self.password_hash = generate_password_hash(password)
def verify_password(self, password):
from werkzeug.security import check_password_hash
return check_password_hash(self.password_hash, password)
def to_dict(self):
return {
'id': str(self.id),
'email': self.email,
'first_name': self.first_name,
'last_name': self.last_name,
'role': self.role,
'created_at': self.created_at.isoformat()
}
class Post(db.Model):
__tablename__ = 'posts'
id = db.Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
title = db.Column(db.String(255), nullable=False, index=True)
content = db.Column(db.Text, nullable=False)
published = db.Column(db.Boolean, default=False)
user_id = db.Column(UUID(as_uuid=True), db.ForeignKey('users.id'), nullable=False)
created_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
def to_dict(self):
return {
'id': str(self.id),
'title': self.title,
'content': self.content,
'published': self.published,
'author_id': str(self.user_id),
'created_at': self.created_at.isoformat()
}
```
### 3. **Authentication and JWT**
```python
# auth.py
from flask import request, jsonify
from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity
from functools import wraps
from models import User, db
def authenticate_user(email, password):
user = User.query.filter_by(email=email).first()
if user and user.verify_password(password):
return user
return None
def login_required(f):
@wraps(f)
@jwt_required()
def decorated_function(*args, **kwargs):
identity = get_jwt_identity()
user = User.query.get(identity)
if not user or not user.is_active:
return jsonify({'error': 'User not found or inactive'}), 401
request.current_user = user
return f(*args, **kwargs)
return decorated_function
def admin_required(f):
@wraps(f)
@login_required
def decorated_function(*args, **kwargs):
if request.current_user.role != 'admin':
return jsonify({'error': 'Admin access required'}), 403
return f(*args, **kwargs)
return decorated_function
# routes/auth.py
from flask import Blueprint, request, jsonify
from auth import authenticate_user, login_required
from models import User, db
from flask_jwt_extended import create_access_token
auth_bp = Blueprint('auth', __name__, url_prefix='/api/auth')
@auth_bp.route('/login', methods=['POST'])
def login():
data = request.get_json()
if not data or not data.get('email') or not data.get('password'):
return jsonify({'error': 'Missing credentials'}), 400
user = authenticate_user(data['email'], data['password'])
if not user:
return jsonify({'error': 'Invalid credentials'}), 401
access_token = create_access_token(identity=str(user.id))
return jsonify({
'access_token': access_token,
'user': user.to_dict()
}), 200
@auth_bp.route('/register', methods=['POST'])
def register():
data = request.get_json()
if User.query.filter_by(email=data['email']).first():
return jsonify({'error': 'Email already exists'}), 409
user = User(email=data['email'], first_name=data.get('first_name'))
user.set_password(data['password'])
db.session.add(user)
db.session.commit()
return jsonify({'user': user.to_dict()}), 201
@auth_bp.route('/profile', methods=['GET'])
@login_required
def get_profile():
return jsonify({'user': request.current_user.to_dict()}), 200
```
### 4. **Blueprints for Modular API Design**
```python
# routes/users.py
from flask import Blueprint, request, jsonify
from auth import login_required, admin_required
from models import User, db
from sqlalchemy import or_
users_bp = Blueprint('users', __name__, url_prefix='/api/users')
@users_bp.route('', methods=['GET'])
@login_required
def list_users():
page = request.args.get('page', 1, type=int)
limit = request.args.get('limit', 20, type=int)
search = request.args.get('q', '', type=str)
query = User.query
if search:
query = query.filter(or_(
User.email.ilike(f'%{search}%'),
User.first_name.ilike(f'%{search}%')
))
paginated = query.paginate(page=page, per_page=limit)
return jsonify({
'data': [user.to_dict() for user in paginated.items],
'pagination': {
'page': page,
'limit': limit,
'total': paginated.total,
'pages': paginated.pages
}
}), 200
@users_bp.route('/<user_id>', methods=['GET'])
@login_required
def get_user(user_id):
user = User.query.get(user_id)
if not user:
return jsonify({'error': 'User not found'}), 404
return jsonify({'user': user.to_dict()}), 200
@users_bp.route('/<user_id>', methods=['PATCH'])
@login_required
def update_user(user_id):
if str(request.current_user.id) != user_id:
return jsonify({'error': 'Unauthorized'}), 403
user = User.query.get(user_id)
if not user:
return jsonify({'error': 'User not found'}), 404
data = request.get_json()
if 'first_name' in data:
user.first_name = data['first_name']
if 'last_name' in data:
user.last_name = data['last_name']
db.session.commit()
return jsonify({'user': user.to_dict()}), 200
@users_bp.route('/<user_id>', methods=['DELETE'])
@admin_required
def delete_user(user_id):
user = User.query.get(user_id)
if not user:
return jsonify({'error': 'User not found'}), 404
db.session.delete(user)
db.session.commit()
return '', 204
```
### 5. **Request Validation**
```python
# validators.py
from flask import request, jsonify
from functools import wraps
def validate_json(*required_fields):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if not request.is_json:
return jsonify({'error': 'Request body must be JSON'}), 400
data = request.get_json()
missing = [field for field in required_fields if field not in data]
if missing:
return jsonify({
'error': 'Missing required fields',
'missing_fields': missing
}), 400
return f(*args, **kwargs)
return decorated_function
return decorator
def validate_email(email):
import re
pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
return re.match(pattern, email) is not None
# Usage
@users_bp.route('', methods=['POST'])
@validate_json('email', 'password', 'first_name')
def create_user():
data = request.get_json()
if not validate_email(data['email']):
return jsonify({'error': 'Invalid email format'}), 400
# ... rest of logic
```
### 6. **Application Factory and Configuration**
```python
# config.py
import os
class Config:
SQLALCHEMY_TRACK_MODIFICATIONS = False
JSON_SORT_KEYS = False
class DevelopmentConfig(Config):
DEBUG = True
TESTING = False
SQLALCHEMY_DATABASE_URI = 'sqlite:///app.db'
class ProductionConfig(Config):
DEBUG = False
TESTING = False
SQLALCHEMY_DATABASE_URI = os.getenv('DATABASE_URL')
JWT_SECRET_KEY = os.getenv('JWT_SECRET_KEY')
class TestingConfig(Config):
TESTING = True
SQLALCHEMY_DATABASE_URI = 'sqlite:///:memory:'
# factory.py
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_jwt_extended import JWTManager
def create_app(config_name='development'):
app = Flask(__name__)
if config_name == 'production':
from config import ProductionConfig
app.config.from_object(ProductionConfig)
else:
from config import DevelopmentConfig
app.config.from_object(DevelopmentConfig)
db = SQLAlchemy(app)
jwt = JWTManager(app)
# Register blueprints
from routes.auth import auth_bp
from routes.users import users_bp
app.register_blueprint(auth_bp)
app.register_blueprint(users_bp)
return app
```
## Best Practices
### ✅ DO
- Use blueprints for modular organization
- Implement proper authentication with JWT
- Validate all user input
- Use SQLAlchemy ORM for database operations
- Implement comprehensive error handling
- Use pagination for collection endpoints
- Log errors and important events
- Return appropriate HTTP status codes
- Implement CORS properly
- Use environment variables for configuration
### ❌ DON'T
- Store secrets in code
- Use global variables for shared state
- Ignore database transactions
- Trust user input without validation
- Return stack traces in production
- Use mutable default arguments
- Forget to handle database connection errors
- Implement authentication in route handlers
## Complete Example
```python
from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
from flask_jwt_extended import JWTManager, create_access_token
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://user:pass@localhost/db'
db = SQLAlchemy(app)
jwt = JWTManager(app)
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String, unique=True)
password = db.Column(db.String)
@app.route('/api/login', methods=['POST'])
def login():
data = request.json
user = User.query.filter_by(email=data['email']).first()
if user:
token = create_access_token(identity=user.id)
return jsonify({'token': token}), 200
return jsonify({'error': 'Invalid'}), 401
@app.route('/api/users', methods=['GET'])
def get_users():
users = User.query.all()
return jsonify([{'id': u.id, 'email': u.email} for u in users]), 200
if __name__ == '__main__':
app.run()
```Related Skills
Command Development
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
ai-development-governance
AI-augmented development controls, GitHub Copilot governance, LLM security, AI-generated code review per Hack23 Secure Development Policy
Agent Development
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
wordpress-plugin-development
WordPress plugin development workflow covering plugin architecture, hooks, admin interfaces, REST API, and security best practices.
voice-ai-development
Expert in building voice AI applications - from real-time voice agents to voice-enabled apps. Covers OpenAI Realtime API, Vapi for voice agents, Deepgram for transcription, ElevenLabs for synthesis...
sql-development
T-SQL, stored procedures, and MS SQL Server DBA practices. Use when writing SQL queries, designing schemas, tuning SQL Server performance, managing backups, configuring security, or using SQL Server 2025+ features.
shopify-development
Build Shopify apps, extensions, themes using GraphQL Admin API, Shopify CLI, Polaris UI, and Liquid.
python-fastapi-development
Python FastAPI backend development with async patterns, SQLAlchemy, Pydantic, authentication, and production API patterns.
python-development-python-scaffold
You are a Python project architecture expert specializing in scaffolding production-ready Python applications. Generate complete project structures with modern tooling (uv, FastAPI, Django), type hint
moodle-external-api-development
Create custom external web service APIs for Moodle LMS. Use when implementing web services for course management, user tracking, quiz operations, or custom plugin functionality. Covers parameter va...
flask
Flask - Lightweight Python web framework for microservices, REST APIs, and flexible web applications with extensive extension ecosystem
development
Comprehensive web, mobile, and backend development workflow bundling frontend, backend, full-stack, and mobile development skills for end-to-end application delivery.