Python Intermediate

Python Decorators Explained — How, Why, and When to Use Them

📅 March 2026 ⏱ 8 min read 🎯 Intermediate

In Plain English 🔥

Imagine you order a plain coffee. A decorator is like the barista who takes that coffee and wraps it in a sleeve, adds a lid, and writes your name on it — the coffee itself never changed, but now it has extra features. In Python, a decorator wraps a function and adds behaviour before or after it runs, without touching the original function's code. That's it. Wrapper on top of something that already works.

⚡ Quick Answer

Every serious Python codebase you'll ever read uses decorators. Flask routes use them (@app.route). Django views use them (@login_required). pytest uses them (@pytest.mark.parametrize). They're not a niche feature — they're the language's primary tool for separating cross-cutting concerns like logging, authentication, caching, and validation from your core business logic. If you can't read a decorator confidently, you'll hit a wall the moment you open any production codebase.

The problem decorators solve is repetition with a twist. You've got ten API endpoint functions and every single one needs to log how long it took, check that the user is authenticated, and catch exceptions gracefully. You could copy-paste that boilerplate into all ten functions — and then spend the next month debugging why you missed updating it in two of them. Or you could write that logic once as a decorator and apply it with a single line above each function. The decorator pattern enforces the DRY principle at the function level.

By the end of this article you'll understand exactly what happens when Python sees the @ symbol, you'll be able to write your own decorators from scratch including ones that accept arguments, and you'll know the one functools trick that prevents decorators from silently breaking your code in production. Let's build this up from first principles.

What Python Is Actually Doing When It Sees a Function

Before decorators make sense, you need one mental model locked in: in Python, functions are objects. Not a metaphor — literally objects you can assign to variables, pass as arguments, and return from other functions. This is called 'first-class functions' and it's the entire foundation decorators are built on.

When you write def greet():, Python creates a function object and binds it to the name greet. You can then do say_hello = greet and now both names point to the same function object. You can pass greet into another function just like you'd pass a number or a string.

This means a function can accept another function, do something before calling it, call it, do something after, and return the result. That pattern — wrapping one function's call inside another function — is manually what a decorator automates. The @ syntax is pure convenience. @my_decorator above a function is exactly equivalent to writing my_function = my_decorator(my_function) on the next line. Python replaces the original name with whatever the decorator returns.

first_class_functions.py · PYTHON

123456789101112131415161718192021222324252627282930313233

# Demonstrating that functions are objects in Python
# This is the foundation that makes decorators possible

def say_good_morning(name):
    return f"Good morning, {name}!"

# Assign the function to a new variable — no parentheses, we're not calling it
greeting_function = say_good_morning

# Both names point to the same function object
print(greeting_function("Alice"))   # Works exactly like the original
print(say_good_morning("Alice"))    # Same output

# Functions can be passed as arguments
def run_twice(func, value):
    """Accepts a function and calls it twice with the same value."""
    first_result = func(value)
    second_result = func(value)
    return first_result, second_result

results = run_twice(say_good_morning, "Bob")
print(results)

# Functions can be returned from other functions
def get_greeter():
    """Returns a function — note we return the function object, not its result."""
    def say_hello(name):
        return f"Hello, {name}!"
    return say_hello   # No parentheses — returning the function itself

created_greeter = get_greeter()
print(created_greeter("Carol"))     # Call the returned function
print(type(created_greeter))        # It really is a function object

▶ Output

Good morning, Alice!
Good morning, Alice!
('Good morning, Bob!', 'Good morning, Bob!')
Hello, Carol!
<class 'function'>

🔥

The One Rule to Remember:A function name without parentheses is the function object itself. A function name with parentheses calls it and gives you its return value. Decorators work entirely with the object, not the call — keep that distinction sharp.

Building Your First Decorator From Scratch

Now that you know functions are objects, writing a decorator is just writing a function that accepts a function and returns a (usually different) function. That returned function is called the 'wrapper' — it's the sleeve around your coffee cup.

Here's the anatomy every decorator shares: an outer function that accepts the original function as its argument, an inner 'wrapper' function that adds behaviour and calls the original, and a return statement that hands back the wrapper. When you use @my_decorator, Python passes your function into my_decorator and replaces it with whatever comes back — the wrapper.

The example below builds a timing decorator — genuinely useful in production for performance monitoring. Notice how the original fetch_user_data function has no idea it's being timed. That separation is the whole point. You can add, remove, or swap the decorator without touching the business logic at all.

timing_decorator.py · PYTHON

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849

import time
import functools

# This is our decorator — a function that accepts a function
def measure_execution_time(original_function):
    """
    A decorator that prints how long the decorated function took to run.
    Works with any function regardless of its arguments or return value.
    """

    # functools.wraps copies the original function's metadata onto the wrapper
    # Without this, original_function.__name__ would return 'wrapper' — a silent bug
    @functools.wraps(original_function)
    def wrapper(*args, **kwargs):      # *args/**kwargs lets us accept ANY function signature
        start_time = time.perf_counter()              # High-resolution timer

        result = original_function(*args, **kwargs)   # Call the real function, capture result

        end_time = time.perf_counter()
        duration_ms = (end_time - start_time) * 1000  # Convert to milliseconds

        print(f"[TIMER] {original_function.__name__} completed in {duration_ms:.2f}ms")

        return result    # Always return the original result — don't swallow it!

    return wrapper       # Return the wrapper, NOT wrapper() — return the object, not the call


# Apply the decorator — Python now does: fetch_user_data = measure_execution_time(fetch_user_data)
@measure_execution_time
def fetch_user_data(user_id):
    """Simulates a database lookup with a small delay."""
    time.sleep(0.05)   # Simulate 50ms database query
    return {"id": user_id, "name": "Alice", "role": "admin"}


@measure_execution_time
def calculate_monthly_report(year, month, include_tax=True):
    """Simulates a heavy report calculation."""
    time.sleep(0.1)    # Simulate 100ms computation
    return {"year": year, "month": month, "total": 48250.75}


# These calls look completely normal — the timing is invisible to the caller
user = fetch_user_data(42)
print(f"Got user: {user['name']}\n")

report = calculate_monthly_report(2024, 6, include_tax=True)
print(f"Report total: ${report['total']}")

▶ Output

[TIMER] fetch_user_data completed in 50.31ms
Got user: Alice

[TIMER] calculate_monthly_report completed in 100.18ms
Report total: $48250.75

⚠️

Watch Out: Always Use @functools.wrapsWithout @functools.wraps(original_function) on your wrapper, your decorated function loses its __name__, __doc__, and __module__. This breaks introspection tools, API documentation generators, and pytest — and it fails silently. It's a one-liner that costs nothing. Always include it.

Decorators That Accept Their Own Arguments

The next level is writing decorators that are themselves configurable. Think of Flask's @app.route('/users', methods=['GET']) — that decorator takes arguments. How does that work? You need one more layer of nesting.

The trick is that @app.route('/users') is not the decorator itself — it's a call that returns the decorator. So you have a factory function (the outermost layer) that accepts your configuration, then returns a standard decorator, which in turn returns the wrapper. Three layers total: factory → decorator → wrapper.

This pattern is extremely common in production code for things like retry logic with configurable attempts, rate limiting with a configurable threshold, or permission checking with a configurable role. The example below builds a @retry decorator that you can configure per-function — something you'd actually ship.

retry_decorator.py · PYTHON

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667

import time
import functools

# LAYER 1: The factory — accepts the configuration, returns a decorator
def retry(max_attempts=3, delay_seconds=1.0, exceptions_to_catch=(Exception,)):
    """
    A configurable retry decorator.
    max_attempts: how many times to try before giving up
    delay_seconds: how long to wait between attempts
    exceptions_to_catch: only retry on these specific exception types
    """

    # LAYER 2: The actual decorator — accepts the function to wrap
    def decorator(original_function):

        # LAYER 3: The wrapper — runs every time the decorated function is called
        @functools.wraps(original_function)
        def wrapper(*args, **kwargs):
            last_exception = None

            for attempt_number in range(1, max_attempts + 1):
                try:
                    print(f"  Attempt {attempt_number}/{max_attempts} for '{original_function.__name__}'")
                    result = original_function(*args, **kwargs)   # Try the actual call
                    print(f"  Success on attempt {attempt_number}!")
                    return result    # It worked — return immediately

                except exceptions_to_catch as error:
                    last_exception = error
                    print(f"  Failed: {error}")

                    # Don't sleep after the final attempt — pointless to wait then give up
                    if attempt_number < max_attempts:
                        time.sleep(delay_seconds)

            # All attempts exhausted — re-raise the last error
            raise RuntimeError(
                f"'{original_function.__name__}' failed after {max_attempts} attempts. "
                f"Last error: {last_exception}"
            )

        return wrapper   # Decorator returns the wrapper
    return decorator     # Factory returns the decorator


# --- Simulate an unreliable external API ---
call_counter = 0

@retry(max_attempts=3, delay_seconds=0.1, exceptions_to_catch=(ConnectionError,))
def fetch_weather_data(city):
    """Simulates a flaky HTTP call that succeeds on the 3rd attempt."""
    global call_counter
    call_counter += 1

    if call_counter < 3:
        raise ConnectionError(f"Connection timed out reaching weather API (call #{call_counter})")

    return {"city": city, "temperature_c": 22, "condition": "Sunny"}


# Usage is clean — the retry logic is completely invisible here
print("Fetching weather...")
weather = fetch_weather_data("London")
print(f"\nFinal result: {weather['city']} is {weather['temperature_c']}°C and {weather['condition']}")

# Verify functools.wraps preserved the function name
print(f"\nFunction name preserved: {fetch_weather_data.__name__}")

▶ Output

Fetching weather...
Attempt 1/3 for 'fetch_weather_data'
Failed: Connection timed out reaching weather API (call #1)
Attempt 2/3 for 'fetch_weather_data'
Failed: Connection timed out reaching weather API (call #2)
Attempt 3/3 for 'fetch_weather_data'
Success on attempt 3!

Final result: London is 22°C and Sunny

Function name preserved: fetch_weather_data

⚠️

Pro Tip: Stacking DecoratorsYou can stack multiple decorators on one function — Python applies them bottom-up. So @measure_execution_time above @retry means the timer wraps the retry logic, measuring total time including all retry attempts. Order matters: always think about which behaviour should be outermost.

Real-World Pattern — A Decorator for Route Authentication

Let's cement everything with a pattern you'll write within your first month on any web backend: an authentication guard. This is exactly how Flask's @login_required works under the hood, and understanding it means you'll never be intimidated by framework decorator magic again.

The decorator below simulates checking a user session before allowing a function to execute. If the session is invalid, execution stops and an error is returned immediately. The protected functions never run their own logic — that's the power of the decorator acting as a gate.

Notice how this decorator doesn't time anything or retry anything — it's purely about access control. This is the single-responsibility principle applied at the decorator level. Each decorator does one job, and you compose them by stacking.

auth_decorator.py · PYTHON

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566

import functools

# --- Simulated session store (in real life this would be a database or Redis) ---
active_sessions = {
    "token_abc123": {"user_id": 7, "username": "alice", "role": "admin"},
    "token_xyz789": {"user_id": 12, "username": "bob",   "role": "viewer"},
}


def require_authentication(required_role=None):
    """
    Decorator factory that guards a function behind session authentication.
    Optionally enforces a specific role (e.g., 'admin').
    """
    def decorator(original_function):
        @functools.wraps(original_function)
        def wrapper(session_token, *args, **kwargs):
            # Step 1: Check if the token exists in active sessions
            session = active_sessions.get(session_token)

            if session is None:
                # Abort immediately — don't call the original function at all
                return {"error": "Unauthorised. Invalid or expired session token.", "status": 401}

            # Step 2: If a role is required, check it
            if required_role and session["role"] != required_role:
                return {
                    "error": f"Forbidden. Requires role '{required_role}', got '{session['role']}'.",
                    "status": 403
                }

            # Step 3: Inject the session data as a keyword argument — the function can use it
            kwargs["current_user"] = session

            # Step 4: All checks passed — call the real function
            return original_function(session_token, *args, **kwargs)

        return wrapper
    return decorator


# Any authenticated user can view their own profile
@require_authentication()
def get_user_profile(session_token, **kwargs):
    user = kwargs["current_user"]
    return {"status": 200, "profile": {"username": user["username"], "role": user["role"]}}


# Only admins can delete accounts
@require_authentication(required_role="admin")
def delete_user_account(session_token, target_user_id, **kwargs):
    admin = kwargs["current_user"]
    return {"status": 200, "message": f"Account {target_user_id} deleted by {admin['username']}"}


# --- Test the decorator with different scenarios ---
print("=== Valid admin token ===")
print(get_user_profile("token_abc123"))
print(delete_user_account("token_abc123", target_user_id=99))

print("\n=== Valid viewer token (no admin rights) ===")
print(get_user_profile("token_xyz789"))
print(delete_user_account("token_xyz789", target_user_id=99))

print("\n=== Invalid token ===")
print(get_user_profile("token_fake999"))

▶ Output

=== Valid admin token ===
{'status': 200, 'profile': {'username': 'alice', 'role': 'admin'}}
{'status': 200, 'message': 'Account 99 deleted by alice'}

=== Valid viewer token (no admin rights) ===
{'status': 200, 'profile': {'username': 'bob', 'role': 'viewer'}}
{'error': "Forbidden. Requires role 'admin', got 'viewer'.", 'status': 403}

=== Invalid token ===
{'error': 'Unauthorised. Invalid or expired session token.', 'status': 401}

🔥

Interview Gold:When asked 'how would you implement authentication in a Python API without a framework', this decorator pattern is the answer. It demonstrates first-class functions, closures, separation of concerns, and practical Python — all in one pattern.

Aspect	Decorator Pattern	Manually Repeated Code
Where the cross-cutting logic lives	One place — the decorator definition	Duplicated in every function that needs it
Adding auth to 10 new endpoints	Add one line (@require_authentication) per function	Copy-paste auth block into all 10 functions
Fixing a bug in the auth logic	Fix it once in the decorator	Find and fix it in every single function
Original function readability	Clean — shows only business logic	Cluttered with unrelated boilerplate
Testability	Decorator and business logic tested independently	Must test both together, harder to isolate
Risk of inconsistency	Zero — one source of truth	High — easy to forget or diverge

🎯 Key Takeaways

The @ symbol is pure syntax sugar — @my_decorator above a function is identical to writing my_function = my_decorator(my_function) on the line after the definition.
Always use args and *kwargs in your wrapper function so the decorator works with any function signature — hardcoding parameters makes the decorator useless for any other function.
Always add @functools.wraps(original_function) to your wrapper — without it you silently corrupt __name__, __doc__, and other metadata that frameworks and tools depend on.
When a decorator needs its own arguments, you need three layers — a factory function (takes config), which returns a decorator (takes the function), which returns a wrapper (takes the call arguments). Recognising this pattern makes all framework decorators instantly readable.

⚠ Common Mistakes to Avoid

✕Mistake 1: Calling the function inside the decorator instead of returning it — Writing return wrapper() instead of return wrapper means the decorator executes the wrapped function immediately at import time and returns its result (likely None) instead of the wrapper function. Every call after that hits None, giving you TypeError: 'NoneType' object is not callable. Fix: always return the function object — no parentheses.
✕Mistake 2: Forgetting @functools.wraps — Without it, decorated_function.__name__ returns 'wrapper' instead of the original name. This silently breaks pytest test discovery (tests with identical names get skipped), Sphinx documentation, Flask's URL routing, and any tool that inspects function metadata. Fix: add @functools.wraps(original_function) as the first line inside every decorator, directly above def wrapper.
✕Mistake 3: Swallowing the return value in the wrapper — Writing original_function(args, kwargs) without capturing and returning the result means the decorated function always returns None, no matter what the original returned. This is a silent data-loss bug with no error message. Fix: always write result = original_function(args, *kwargs) then return result, or simply return original_function(args, **kwargs) on one line.

Interview Questions on This Topic

QExplain what `@decorator` syntax actually does under the hood — can you rewrite it without the @ symbol?
QWhy is @functools.wraps important and what breaks if you leave it out? Give a specific example.
QIf I stack two decorators on one function — @decorator_a on top of @decorator_b — which one executes first, and why does the order matter for something like authentication plus logging?

Frequently Asked Questions

Can I use a Python decorator on a class method?

Yes. Class methods work the same way, but remember that the first argument will be self (or cls for class methods). Your wrapper's args captures it automatically, so a well-written decorator using args, **kwargs will work on both regular functions and methods without any modification.

What's the difference between a decorator and a context manager in Python?

A decorator wraps a function definition and modifies its behaviour every time it's called. A context manager (used with with) manages a block of code's entry and exit — typically for resource handling like file handles or database connections. They solve related but different problems; decorators modify function behaviour, context managers manage resource lifecycles.

Does using a decorator make my function slower?

There's a tiny overhead from one extra function call per invocation — in practice, nanoseconds that never matter for business logic. The only time decorator overhead is measurable is in extremely tight loops running millions of iterations per second, and in those cases you wouldn't be using decorators anyway. For all real-world use cases, the maintainability gain vastly outweighs the negligible performance cost.

🔥

TheCodeForge Editorial Team Verified Author

Written and reviewed by senior developers with real-world experience across enterprise, startup and open-source projects. Every article on TheCodeForge is written to be clear, accurate and genuinely useful — not just SEO filler.

About Our Team Editorial Standards

Forged with 🔥 at TheCodeForge.io — Where Developers Are Forged