Python Intermediate

FastAPI Response Models and Status Codes

Q: What is the difference between returning a dict and returning a Pydantic model from a FastAPI endpoint?

FastAPI is extremely flexible; it can handle both. However, returning a Pydantic model instance is a TheCodeForge best practice because it enables better IDE autocompletion and allows for more complex field transformations. If a `response_model` is defined, FastAPI will convert either a dict or a model into the final JSON structure defined by that schema anyway, so the main benefit is code maintainability.

Q: How do I return a different status code based on what happened in the endpoint?

You can inject the `Response` object directly into your function signature. By setting `response.status_code = status.HTTP_202_ACCEPTED` inside the function body, you override the default value declared in the decorator. This is useful for upsert logic where you might want to return 201 for a new resource but 200 for an update to an existing one.

Q: How do I exclude fields with default values from my JSON response?

Use the `response_model_exclude_unset=True` parameter in your decorator. This ensures that only the data actually retrieved from your database or business logic is sent to the client, keeping your JSON payloads lean and efficient. Be aware that fields with explicit defaults (including `= None`) are considered 'set' — use `response_model_exclude_none=True` if you want to strip None values specifically.

📅 March 05, 2026 ⏱ 3 min read 🎯 Intermediate

Where developers are forged. · Structured learning · Free forever.

📍 Part of: Python Libraries → Topic 39 of 51

Master FastAPI response handling: utilize response_model for secure data filtering, implement standard HTTP status codes, and manage structured error responses with HTTPException.

⚙️ Intermediate — basic Python knowledge assumed

In this tutorial, you'll learn

Master FastAPI response handling: utilize response_model for secure data filtering, implement standard HTTP status codes, and manage structured error responses with HTTPException.

Use the status module for readability: status.HTTP_201_CREATED is superior to the integer 201.
The response_model is an active filter — it does not just validate, it actively reshapes your data before transmission.
Multiple response types: You can use responses={404: {"model": ErrorModel}} in the decorator to document complex error schemas in Swagger.

✦ Plain-English analogy ✦ Real code with output ✦ Interview questions

⚡Quick Answer

Use status_code in the path decorator to set HTTP codes declaratively (e.g., @app.post(..., status_code=201))
response_model is an active output filter — it strips fields not defined in the Pydantic schema before transmission
Use the status module (status.HTTP_201_CREATED) instead of magic numbers for self-documenting code
HTTPException halts execution and returns structured JSON — the frontend can parse detail to show user-facing alerts
response_model_exclude_unset=True keeps payloads lean by omitting fields that were never assigned a value
The biggest mistake: returning a raw ORM object without a response_model — internal fields like password hashes leak into the API response

🚨 START HERE

FastAPI Response Debug Cheat Sheet

When your FastAPI responses are leaking data or returning wrong status codes, run these checks in order.

🟡Sensitive fields appearing in API response

Immediate ActionSearch for endpoints returning ORM models without response_model

Commands

grep -rn '@app\.' app/routes/ | grep -v 'response_model'

curl -s http://localhost:8000/users/1 | python -m json.tool | grep -i 'password\|hash\|secret'

Fix NowAdd response_model=PublicSchema to the endpoint and verify sensitive fields are absent

🟡Wrong status code returned to client

Immediate ActionCheck the decorator status_code and any dynamic Response injection

Commands

curl -v -X POST http://localhost:8000/items -d '{"name":"test"}' -H 'Content-Type: application/json' 2>&1 | head -15

grep -rn 'status_code' app/routes/ | head -20

Fix NowSet status_code in the decorator or use Response.status_code for dynamic codes

🟡HTTPException detail not reaching the client as expected

Immediate ActionCheck if a custom exception handler is overriding the default behavior

Commands

grep -rn 'exception_handler' app/main.py

curl -s http://localhost:8000/forge/access/restricted | python -m json.tool

Fix NowEnsure your custom exception handler calls the original handler or returns the correct JSON structure with the detail field intact

Production IncidentPI_001 — User Password Hashes Exposed in GET EndpointA developer returned a SQLAlchemy User object directly from a GET endpoint without setting a response_model. FastAPI serialized all columns including the bcrypt password hash. The hash was visible in API responses for 3 weeks before a security audit caught it.

SymptomDuring a routine security audit, the penetration tester reported that the /users/{id} endpoint returned a field named 'hashed_password' containing a bcrypt hash. No error was thrown. The API returned 200 OK with the full user object including the password hash, internal timestamps, and a soft-delete flag.

AssumptionThe developer assumed FastAPI would only serialize fields explicitly returned in the response dict. They did not realize that returning a SQLAlchemy model instance causes FastAPI to serialize ALL columns via the model's __dict__ attribute.

Root causeThe endpoint returned the SQLAlchemy User model instance directly without a response_model parameter. FastAPI's default behavior is to serialize any Pydantic model or ORM object into JSON using all available fields. Without a response_model whitelist, every column in the users table — including hashed_password, is_deleted, internal_notes — was exposed in the API response.

FixAdded a UserPublicProfile Pydantic model with only safe fields (id, username, email, created_at). Set response_model=UserPublicProfile on the endpoint. Added a CI lint rule that flags any endpoint returning an ORM model without an explicit response_model. Added a test that asserts 'hashed_password' is never present in any GET response body.

Key Lesson

Never return ORM model instances directly without a response_model — FastAPI serializes ALL columns.Treat response_model as a security control, not just a documentation tool.Add CI checks that verify no endpoint returns raw ORM objects. This is the #1 source of PII leaks in FastAPI APIs.Write integration tests that assert sensitive field names are absent from response bodies.

Production Debug GuideSymptom → Action mapping for response model and status code failures

API response contains sensitive fields (password hash, internal ID) that should be hidden→Check if a response_model is set on the endpoint. If the endpoint returns a raw ORM object or dict with extra keys, FastAPI serializes everything. Add a response_model Pydantic class with only the whitelisted fields.

204 No Content response throws a client-side parsing error or behaves unexpectedly→204 responses must not have a body. Ensure the endpoint returns None (not an empty dict {}). If using a response_model, remove it for 204 endpoints — Pydantic validation on None can produce unexpected behavior.

Swagger UI shows the wrong response schema for error responses→Add the responses parameter to the decorator: responses={404: {'model': ErrorModel, 'description': 'Not found'}}. This documents error schemas in the OpenAPI spec so Swagger renders them correctly.

response_model_exclude_unset not working — null fields still appear in JSON→Verify the field has no default value in the Pydantic model. Fields with = None as a default ARE set (to None). Only fields without any default are considered 'unset'. Use response_model_exclude_none=True to strip None values instead.

500 error returns raw Python traceback to the client→Add a custom exception handler with @app.exception_handler(Exception) that logs the traceback server-side and returns a generic error message to the client. Never expose stack traces in production — they reveal internal paths and library versions.

In a professional API lifecycle, what you don't return is just as important as what you do. FastAPI's response handling is a core security feature, not just a formatting tool. By declaring a response_model, you create an immutable contract for your output. This ensures that internal database IDs, password hashes, or legacy fields never leak into the public-facing JSON.

Unlike older frameworks where output filtering is an afterthought, FastAPI integrates this directly into the routing layer, providing automatic documentation and type safety for every response. The response_model does double duty: it validates your return data against a Pydantic schema AND actively strips any fields not defined in that schema. This dual behavior is the most misunderstood aspect of FastAPI's response system — and the most consequential for security.

HTTP Status Codes: The First Contract with Your Client

Status codes are not decoration. They are a machine-readable contract that every HTTP client, proxy, load balancer, and monitoring tool reads before it even looks at the response body. When you return a 200 for a resource creation, you are telling the entire downstream stack — CDNs, API gateways, client retry logic — that nothing new was created. That is a lie that propagates silently.

FastAPI lets you declare the status code at the decorator level, which means it is documented in OpenAPI automatically. Use the status module from FastAPI rather than bare integers. status.HTTP_201_CREATED is self-documenting in a code review. 201 requires a mental lookup. The module also protects against typos — 2001 is a valid Python integer that will never match a real HTTP status class, but your linter will not catch it if you are using bare numbers.

io/thecodeforge/responses/status_codes.py · PYTHON

123456789101112131415

from fastapi import FastAPI, status

app = FastAPI()

@app.post('/forge/items', status_code=status.HTTP_201_CREATED)
async def create_item(name: str):
    # 201 signals that a new resource was created.
    # Clients expecting 201 will trigger post-creation workflows.
    return {"name": name, "status": "created"}

@app.delete('/forge/items/{item_id}', status_code=status.HTTP_204_NO_CONTENT)
async def delete_item(item_id: int):
    # 204 means success with no response body.
    # Return None explicitly — never return a dict here.
    return None

▶ Output

POST /forge/items → HTTP 201 Created
DELETE /forge/items/42 → HTTP 204 No Content

🔥Why Status Codes Matter Beyond Documentation

2xx means success — the client should parse the response body as the requested resource.
4xx means client error — the request was malformed, unauthorized, or references a nonexistent resource.
5xx means server error — the client did nothing wrong; retry with backoff is appropriate.
Using the status module prevents typos and makes code reviews easier — 'HTTP_201_CREATED' is unambiguous.
204 responses must return None — any body content causes a protocol violation.

📊 Production Insight

Returning 200 for a creation endpoint confuses clients expecting 201. Clients may not trigger post-creation workflows (e.g., cache invalidation, webhook dispatch) if they only check for 201. Rule: use 201 for POST creation, 204 for DELETE with no body, 200 for GET and PUT updates.

🎯 Key Takeaway

Status codes are your API's first contract with the client — get them wrong and every downstream integration breaks. Use the status module, not magic numbers — it prevents typos and makes code self-documenting. 204 responses must return None — any body content is a protocol violation.

Choosing the Right Status Code

IfPOST endpoint creates a new resource

→

UseUse status.HTTP_201_CREATED — clients expect this for creation

IfDELETE endpoint removes a resource

→

UseUse status.HTTP_204_NO_CONTENT and return None — no body needed

IfPUT/PATCH updates an existing resource

→

UseUse status.HTTP_200_OK and return the updated resource

IfAsync operation accepted but not yet complete

→

UseUse status.HTTP_202_ACCEPTED — the client should poll or subscribe for completion

The response_model: Your Output Security Filter

The response_model is your most powerful tool for data masking. Even if your database query returns a full ORM object loaded with internal columns, FastAPI will filter it through the Pydantic schema you provide — ensuring only whitelisted fields reach the consumer.

The critical behavior most developers miss: response_model does not just validate — it actively strips. If your endpoint returns a dict with 20 keys but your response_model only defines 5 fields, FastAPI silently discards the other 15 keys. This is a security feature, not a limitation. It means you can return a full ORM object from your database layer and the response_model acts as a firewall between your internal data model and your public API contract.

However, this dual behavior has a performance cost. For large objects (1000+ fields or deeply nested models), Pydantic validation runs twice: once for the return type hint (if present) and once for the response_model. This is the 'Double Validation' problem. For performance-critical endpoints, avoid specifying both a return type hint AND a response_model — use only the response_model.

io/thecodeforge/responses/filtering.py · PYTHON

1234567891011121314151617181920

from fastapi import FastAPI
from pydantic import BaseModel, EmailStr

app = FastAPI()

class UserRegistration(BaseModel):
    username: str
    password: str  # Sensitive input — must never appear in the response
    email: EmailStr

class UserPublicProfile(BaseModel):
    username: str
    email: EmailStr
    # password is intentionally absent — response_model strips it automatically

@app.post('/forge/users/register', response_model=UserPublicProfile)
async def register_user(user: UserRegistration):
    # Even if we return the full 'user' dict containing the password,
    # FastAPI's response_model logic strips it before transmission.
    return user

▶ Output

{"username": "forge_dev", "email": "dev@thecodeforge.io"}

⚠ response_model Strips — It Does Not Just Validate

📊 Production Insight

Pydantic validation runs twice when both a return type hint and response_model are present. For large objects (1000+ fields), this doubles serialization latency from ~2ms to ~4ms per response. Rule: use only response_model on the decorator, not both a return type hint and response_model on hot paths.

🎯 Key Takeaway

response_model is a security control — it strips fields not defined in the schema before transmission. It silently discards extra keys — this prevents leaks but can hide bugs if you misspell a field name. Avoid double validation: use only response_model on the decorator, not both a return type hint and response_model.

Designing response_model Schemas

IfEndpoint returns a user object with sensitive fields

→

UseCreate a PublicProfile model with only safe fields — never expose password hashes, internal IDs, or admin flags

IfEndpoint returns a list of objects with varying field availability

→

UseUse response_model_exclude_unset=True to omit fields that were never assigned

IfSame endpoint needs to return different field sets for different clients

→

UseUse response_model_include or response_model_exclude parameters to dynamically filter without creating separate models

IfEndpoint returns a large object and performance is critical

→

UseAvoid double validation — use only response_model, not both return type hint and response_model

Structured Error Handling with HTTPException

When a business rule is violated, you must halt execution immediately. HTTPException allows you to send back a structured error message that your frontend can parse to show user-facing alerts without any additional boilerplate.

HTTPException is not just an error — it is a control flow mechanism. When you raise HTTPException, FastAPI catches it before your function returns, preventing any further code from executing. This means you can safely raise it from utility functions, dependency injection chains, and middleware — the exception propagates up and FastAPI handles the response serialization.

The detail field is the key integration point with your frontend. It can be a string (for simple errors) or a dict/list (for structured validation errors). For production APIs, prefer structured details: detail={"code": "FORGE_403_001", "message": "Insufficient clearance", "required_level": 4}. This gives your frontend a machine-readable error code for i18n and conditional UI rendering.

The headers parameter on HTTPException is often overlooked. It allows you to inject response headers on error responses — useful for WWW-Authenticate on 401, Retry-After on 429, or custom tracing headers for distributed debugging.

io/thecodeforge/responses/errors.py · PYTHON

12345678910111213

from fastapi import FastAPI, HTTPException, status

app = FastAPI()

@app.get('/forge/access/{module_id}')
async def check_access(module_id: str):
    if module_id == "restricted":
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="This module requires Senior Technical Editor clearance.",
            headers={"X-Forge-Reason": "Security-Level-4"}
        )
    return {"status": "granted", "module": module_id}

▶ Output

{"detail": "This module requires Senior Technical Editor clearance."}

Mental Model

HTTPException as Control Flow, Not Just Error Reporting

HTTPException halts execution immediately — no code after the raise statement runs, making it safe to use in utility functions and dependency chains.

HTTPException is caught by FastAPI before your function returns — it prevents further code execution.
The detail field can be a string (simple) or dict/list (structured) — prefer structured for production APIs.
Use the headers parameter to inject error-specific response headers (WWW-Authenticate, Retry-After).
For global error formatting, register a custom exception handler with @app.exception_handler(HTTPException).
Never return error dicts with a 200 status code — always raise HTTPException to ensure the correct status code is set.

📊 Production Insight

Raising HTTPException from a dependency injection function propagates cleanly to the endpoint. The endpoint code never executes — FastAPI catches the exception at the DI layer and returns the error response immediately. Rule: use HTTPException in dependencies for auth checks, rate limiting, and feature flag gates.

🎯 Key Takeaway

HTTPException is control flow, not just error reporting — it halts execution and prevents any further code from running. Use structured detail dicts for production APIs — machine-readable error codes enable i18n and conditional UI rendering. Never return error dicts with 200 status — always raise HTTPException to ensure correct status codes.

Error Handling Strategy in FastAPI

IfBusiness rule violated in endpoint logic

→

UseRaise HTTPException with appropriate status code and a structured detail dict containing a machine-readable error code

IfAuth check fails in a dependency

→

UseRaise HTTPException(status_code=401) from the dependency — the endpoint never executes

IfUncaught exception in endpoint code

→

UseRegister @app.exception_handler(Exception) to log server-side and return a generic error message to the client

IfNeed consistent error format across all endpoints

→

UseDefine an ErrorModel Pydantic class and register a global exception handler that serializes all errors into that schema

🗂 FastAPI Response Strategies

Choosing the right approach for success responses, error handling, and output filtering

Strategy	Use Case	Trade-off
response_model (Pydantic class)	Whitelist output fields, auto-document OpenAPI schema	Adds Pydantic validation overhead — avoid double validation with return type hints
response_model_exclude_unset	Omit fields that were never assigned a value	Only works for fields without defaults — fields with = None are considered 'set'
response_model_include / exclude	Dynamically filter fields without creating separate models	Less type-safe than dedicated schemas — use for ad-hoc filtering only
HTTPException	Halt execution on business rule violations	Cannot be caught by try/except in the same function — FastAPI intercepts it
Custom exception handler	Consistent error format across all endpoints	Must handle all exception types — unhandled exceptions bypass the custom handler
Dynamic Response.status_code	Upsert logic (201 for create, 200 for update)	Overrides decorator default — document the dynamic behavior in your OpenAPI spec

🎯 Key Takeaways

Use the status module for readability: status.HTTP_201_CREATED is superior to the integer 201.
The response_model is an active filter — it does not just validate, it actively reshapes your data before transmission.
Multiple response types: You can use responses={404: {"model": ErrorModel}} in the decorator to document complex error schemas in Swagger.
Dynamic Status: Use the Response parameter to change status codes dynamically based on logic inside the function.
Efficiency: response_model significantly improves API security by preventing PII (Personally Identifiable Information) leaks.
Never return ORM objects without a response_model — it is the #1 source of data leaks in FastAPI applications.

⚠ Common Mistakes to Avoid

✕Returning raw ORM objects without a response_model

Symptom

Sensitive fields like password hashes, internal IDs, soft-delete flags, and timestamps leak into the public API response. No error is thrown — the API returns 200 OK with the full database row.

Fix

Always define a response_model Pydantic class with only the whitelisted fields. Add a CI lint rule that flags any endpoint returning an ORM model without an explicit response_model. Write integration tests that assert sensitive field names are absent from response bodies.

✕Using magic numbers for status codes instead of the status module

Symptom

Code reviews are slower because reviewers must look up what 204 or 202 means. Typos like 2001 instead of 201 are not caught by the linter and produce unexpected status codes in production.

Fix

Import from fastapi import status and use named constants: status.HTTP_201_CREATED, status.HTTP_204_NO_CONTENT. Add a linter rule that flags bare integer status codes in decorator arguments.

✕Returning a body with a 204 No Content response

Symptom

Some HTTP clients crash or behave unexpectedly when receiving a body alongside a 204 status. The HTTP spec forbids a message body on 204 responses — proxies and clients are within their rights to reject or truncate the response entirely.

Fix

Ensure the endpoint returns None explicitly. Remove any response_model from 204 endpoints — Pydantic validation against None produces undefined behavior and can surface as a 500 in some FastAPI versions.

✕Returning error information with a 200 OK status code

Symptom

The endpoint returns 200 OK with an error message in the body. Client code that checks status codes for error handling never triggers. Users see a blank page or unexpected state because the frontend tried to parse the error dict as valid data.

Fix

Always raise HTTPException with the appropriate status code for error conditions. Never return {"error": "something went wrong"} with a 200 status. The status code is the contract — the body is supplementary.

✕Exposing raw Python tracebacks in 500 error responses

Symptom

500 errors return a full Python traceback including file paths, library versions, and internal function names. Attackers use this information to identify vulnerable dependencies and map the internal architecture.

Fix

Register a global exception handler with @app.exception_handler(Exception) that logs the full traceback server-side and returns a generic error message to the client: {"detail": "Internal server error"}. Never expose stack traces in production.

Interview Questions on This Topic

QExplain the 'Double Validation' problem in FastAPI: Why does FastAPI validate data twice when using both a return type hint and a response_model?SeniorReveal
When you annotate your endpoint's return type (e.g., async def create() -> UserPublicProfile) AND set response_model=UserPublicProfile in the decorator, FastAPI performs Pydantic validation twice: 1. First, it validates the return value against the return type hint to ensure type safety. 2. Second, it validates and serializes the return value against the response_model to produce the final JSON output. Both validations parse the data through Pydantic's model_validate() method. For small objects, this overhead is negligible (<1ms). For large objects with hundreds of fields or deeply nested models, it can double serialization latency. The fix: use only the response_model in the decorator and omit the return type hint. The response_model already handles both validation and serialization. If you need type safety for internal refactoring, use the return type hint but be aware of the performance cost on hot paths. In Pydantic v2 (used by FastAPI 0.100+), the overhead is significantly reduced due to the Rust-based validation core, but it is still non-zero for complex schemas.
QHow would you implement a custom global exception handler to ensure that every 404 error in your application returns a company-branded JSON structure?Mid-levelReveal
Register a custom exception handler using @app.exception_handler(StarletteHTTPException) or @app.exception_handler(HTTPException). The handler receives the Request and Exception objects and must return a Response. For a company-branded 404: ``python from fastapi import Request from fastapi.responses import JSONResponse from starlette.exceptions import HTTPException as StarletteHTTPException from datetime import datetime @app.exception_handler(StarletteHTTPException) async def branded_http_exception_handler(request: Request, exc: StarletteHTTPException): return JSONResponse( status_code=exc.status_code, content={ "error": { "code": f"FORGE_{exc.status_code}", "message": exc.detail, "path": str(request.url.path), "timestamp": datetime.utcnow().isoformat(), "request_id": request.headers.get("X-Request-ID", "unknown") } } )`` Key considerations: - Use StarletteHTTPException (not FastAPI's HTTPException) to catch exceptions raised by Starlette's routing layer (e.g., 404 for undefined routes). - Log the exception server-side before returning the branded response. - Include a request_id for distributed tracing — the frontend can reference this when contacting support. - Register this handler before any routes are defined to ensure it catches all HTTP exceptions.
QScenario: Your endpoint returns a 10MB list of objects. How does the choice of response_model vs. raw dict return impact the memory footprint and CPU usage of the Uvicorn worker?SeniorReveal
With a response_model, FastAPI must parse every object in the list through Pydantic's model_validate() method. For a 10MB list with 50,000 objects, this means 50,000 Pydantic validation calls. Each call allocates a new model instance, validates field types, and serializes to dict. The memory footprint is approximately 2-3x the raw data size during serialization (original data + Pydantic instances + serialized output). With a raw dict return (no response_model), FastAPI skips Pydantic validation and directly serializes the dict to JSON using orjson or the standard json library. Memory footprint is approximately 1.5x the data size (original data + serialized output). CPU usage is significantly lower because there is no per-object validation. For a 10MB payload, the difference can be 200-500ms of CPU time and 10-20MB of additional memory allocation per request. Under concurrent load (100 requests), this can exhaust the Uvicorn worker's memory and trigger OOM kills. The trade-off: response_model gives you type safety and output filtering. Raw dict gives you performance. For large list endpoints, consider using a streaming response with ORJSONResponse and no response_model, or paginate the results to keep individual response sizes under 1MB.
QHow can you use response_model_include and response_model_exclude to dynamically filter fields without creating dozens of separate Pydantic models?Mid-levelReveal
These parameters accept a set of field names and override which fields from the response_model are included or excluded in the serialized output. response_model_include is a whitelist — only the specified fields appear in the response. response_model_exclude is a blacklist — all fields except the specified ones appear. Example: ``python @app.get('/users/{id}', response_model=UserFullProfile, response_model_include={'id', 'username', 'email'}) async def get_user_public(id: int): return get_user_from_db(id) @app.get('/users/{id}/admin', response_model=UserFullProfile, response_model_exclude={'password_hash', 'internal_notes'}) async def get_user_admin(id: int): return get_user_from_db(id)`` This avoids creating UserPublicProfile, UserAdminProfile, and UserMinimalProfile as separate Pydantic models. One model serves multiple endpoints with different field visibility. The trade-off: type safety is reduced. Your OpenAPI documentation will show the full model schema, not the filtered version. For public APIs where documentation accuracy matters, dedicated schemas are better. For internal APIs where velocity matters, include/exclude is pragmatic.
QWhy is raising an HTTPException inside a utility function better than returning an error dictionary to the main route handler?Mid-levelReveal
HTTPException halts execution immediately — FastAPI catches it and returns the response before any subsequent code runs. This prevents the common bug where a utility function returns an error dict, the calling code forgets to check for it, and the error dict gets serialized as a successful 200 response. With HTTPException: - The status code is guaranteed to be correct (4xx or 5xx, never 200). - Execution stops at the raise point — no further code in the dependency chain or endpoint runs. - The error propagates naturally through dependency injection — if a dependency raises HTTPException, the endpoint never executes. With error dicts: - The calling code must explicitly check for the error and raise HTTPException. - If the check is forgotten, the error dict is returned as a 200 OK response. - Error handling logic is scattered across every call site instead of centralized in the utility function. The pattern: raise HTTPException in utility functions and dependencies. Handle it globally with a custom exception handler. Never return error dicts from utility functions.

Frequently Asked Questions

What is the difference between returning a dict and returning a Pydantic model from a FastAPI endpoint?

FastAPI is extremely flexible; it can handle both. However, returning a Pydantic model instance is a TheCodeForge best practice because it enables better IDE autocompletion and allows for more complex field transformations. If a response_model is defined, FastAPI will convert either a dict or a model into the final JSON structure defined by that schema anyway, so the main benefit is code maintainability.

How do I return a different status code based on what happened in the endpoint?

You can inject the Response object directly into your function signature. By setting response.status_code = status.HTTP_202_ACCEPTED inside the function body, you override the default value declared in the decorator. This is useful for upsert logic where you might want to return 201 for a new resource but 200 for an update to an existing one.

How do I exclude fields with default values from my JSON response?

Use the response_model_exclude_unset=True parameter in your decorator. This ensures that only the data actually retrieved from your database or business logic is sent to the client, keeping your JSON payloads lean and efficient. Be aware that fields with explicit defaults (including = None) are considered 'set' — use response_model_exclude_none=True if you want to strip None values specifically.

🔥

Naren Founder & Author

Developer and founder of TheCodeForge. I built this site because I was tired of tutorials that explain what to type without explaining why it works. Every article here is written to make concepts actually click.

About Naren Get in touch

Forged with 🔥 at TheCodeForge.io — Where Developers Are Forged