This module defines an AbstractOperation class which implements an abstract Operation interface and functionality shared between Swagger 2 and OpenAPI 3 specifications.

Module Contents



An API routes requests to an Operation by a (path, method) pair.





connexion.operations.abstract.DEFAULT_MIMETYPE = application/json
class connexion.operations.abstract.AbstractOperation(api, method, path, operation, resolver, app_security=None, security_schemes=None, validate_responses=False, strict_validation=False, randomize_endpoint=None, validator_map=None, pythonic_params=False, uri_parser_class=None, pass_context_arg_name=None)


An API routes requests to an Operation by a (path, method) pair. The operation uses a resolver to resolve its handler function. We use the provided spec to do a bunch of heavy lifting before (and after) we call security_schemes handler. The registered handler function ends up looking something like:

def user_provided_handler_function(important, stuff):
    if important:
  • api (apis.AbstractAPI) – api that this operation is attached to

  • method (str) – HTTP method

  • path (str) –

  • operation (dict) – swagger operation object

  • resolver – Callable that maps operationID to a function

  • app_produces – list of content types the application can return by default

  • app_security (list) – list of security rules the application uses by default

  • security_schemes (dict) – Security Definitions Object

  • validate_responses (bool) – True enables validation. Validation errors generate HTTP 500 responses.

  • strict_validation (bool) – True enables validation on invalid request parameters

  • randomize_endpoint (integer) – number of random characters to append to operation name

  • validator_map (dict) – Custom validators for the types “parameter”, “body” and “response”.

  • pythonic_params (bool) – When True CamelCase parameters are converted to snake_case and an underscore is appended to any shadowed built-ins

  • uri_parser_class (AbstractURIParser) – class to use for uri parsing

  • pass_context_arg_name (str|None) – If not None will try to inject the request context to the function using this name.

property method(self)

The HTTP method for this operation (ex. GET, POST)

property path(self)

The path of the operation, relative to the API base path

property responses(self)

Returns the responses for this operation

property validator_map(self)

Validators to use for parameter, body, and response validation

property operation_id(self)

The operation id used to identify the operation internally to the app

property randomize_endpoint(self)

number of random digits to generate and append to the operation_id.

property router_controller(self)

The router controller to use (python module where handler functions live)

property strict_validation(self)

If True, validate all requests against the spec

property pythonic_params(self)

If True, convert CamelCase into pythonic_variable_names

property validate_responses(self)

If True, check the response against the response schema, and return an error if the response does not validate.

property parameters(self)

Returns the parameters for this operation

property produces(self)

Content-Types that the operation produces

property consumes(self)

Content-Types that the operation consumes

property body_schema(self)

The body schema definition for this operation.

property body_definition(self)

The body definition for this operation. :rtype: dict

get_arguments(self, path_params, query_params, body, files, arguments, has_kwargs, sanitize)

get arguments for handler function

response_definition(self, status_code=None, content_type=None)

response definition for this endpoint

abstract response_schema(self, status_code=None, content_type=None)

response schema for this endpoint

abstract example_response(self, status_code=None, content_type=None)

Returns an example from the spec

abstract get_path_parameter_types(self)

Returns the types for parameters in the path

abstract with_definitions(self, schema)

Returns the given schema, but with the definitions from the spec attached. This allows any remaining references to be resolved by a validator (for example).


If the endpoint has no ‘produces’ then the default is ‘application/json’.

:rtype str

property function(self)

Operation function with decorators

Return type:


json_loads(self, data)

A wrapper for calling the API specific JSON loader.


data (bytes) – The JSON data in textual form.

property api(self)
property security(self)
property security_schemes(self)
property security_decorator(self)

Gets the security decorator for operation

From Swagger Specification:

Security Definitions Object

A declaration of the security schemes available to be used in the specification.

This does not enforce the security schemes on the operations and only serves to provide the relevant details for each scheme.

Operation Object -> security

A declaration of which security schemes are applied for this operation. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). This definition overrides any declared top-level security. To remove a top-level security declaration, an empty array can be used.

Security Requirement Object

Lists the required security schemes to execute this operation. The object can have multiple security schemes declared in it which are all required (that is, there is a logical AND between the schemes).

The name used for each property MUST correspond to a security scheme declared in the Security Definitions.

Return type: