django-rest-framework/docs/api-guide/exceptions.md

<a class="github" href="exceptions.py"></a>

# Exceptions

> Exceptions… allow error handling to be organized cleanly in a central or high-level place within the program structure.
>
> &mdash; Doug Hellmann, [Python Exception Handling Techniques][cite]

## Exception handling in REST framework views

REST framework's views handle various exceptions, and deal with returning appropriate error responses.

The handled exceptions are:

* Subclasses of `APIException` raised inside REST framework.
* Django's `Http404` exception.
* Django's `PermissionDenied` exception.

In each case, REST framework will return a response with an appropriate status code and content-type.  The body of the response will include any additional details regarding the nature of the error.

By default all error responses will include a key `detail` in the body of the response, but other keys may also be included.

For example, the following request:

    DELETE http://api.example.com/foo/bar HTTP/1.1
    Accept: application/json

Might receive an error response indicating that the `DELETE` method is not allowed on that resource:

    HTTP/1.1 405 Method Not Allowed
    Content-Type: application/json
    Content-Length: 42

    {"detail": "Method 'DELETE' not allowed."}

## Custom exception handling

You can implement custom exception handling by creating a handler function that converts exceptions raised in your API views into response objects.  This allows you to control the style of error responses used by your API.

The function must take a single argument, which is the exception to be handled, and should either return a `Response` object, or return `None` if the exception cannot be handled.  If the handler returns `None` then the exception will be re-raised and Django will return a standard HTTP 500 'server error' response.

For example, you might want to ensure that all error responses include the HTTP status code in the body of the response, like so:

    HTTP/1.1 405 Method Not Allowed
    Content-Type: application/json
    Content-Length: 62

    {"status_code": 405, "detail": "Method 'DELETE' not allowed."}

In order to alter the style of the response, you could write the following custom exception handler:

    from rest_framework.views import exception_handler

    def custom_exception_handler(exc):
        # Call REST framework's default exception handler first,
        # to get the standard error response.
        response = exception_handler(exc)

        # Now add the HTTP status code to the response.
        if response is not None:
            response.data['status_code'] = response.status_code

        return response

The exception handler must also be configured in your settings, using the `EXCEPTION_HANDLER` setting key. For example:

    REST_FRAMEWORK = {
        'EXCEPTION_HANDLER': 'my_project.my_app.utils.custom_exception_handler'
    }

If not specified, the `'EXCEPTION_HANDLER'` setting defaults to the standard exception handler provided by REST framework:

    REST_FRAMEWORK = {
        'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler'
    }

Note that the exception handler will only be called for responses generated by raised exceptions.  It will not be used for any responses returned directly by the view, such as the `HTTP_400_BAD_REQUEST` responses that are returned by the generic views when serializer validation fails.

---

# API Reference

## APIException

**Signature:** `APIException()`

The **base class** for all exceptions raised inside an APIView class or @api_view.

To provide a custom exception, subclass `APIException` and set the `.status_code` and `.default_detail` properties on the class.

For example, if your API relies on a third party service that may sometimes be unreachable, you might want to implement an exception for the "503 Service Unavailable" HTTP response code.  You could do this like so:

    from rest_framework.exceptions import APIException

    class ServiceUnavailable(APIException):
        status_code = 503
        default_detail = 'Service temporarily unavailable, try again later.'

## ParseError

**Signature:** `ParseError(detail=None)`

Raised if the request contains malformed data when accessing `request.DATA` or `request.FILES`.

By default this exception results in a response with the HTTP status code "400 Bad Request".

## AuthenticationFailed

**Signature:** `AuthenticationFailed(detail=None)`

Raised when an incoming request includes incorrect authentication.

By default this exception results in a response with the HTTP status code "401 Unauthenticated", but it may also result in a "403 Forbidden" response, depending on the authentication scheme in use.  See the [authentication documentation][authentication] for more details.

## NotAuthenticated

**Signature:** `NotAuthenticated(detail=None)`

Raised when an unauthenticated request fails the permission checks.

By default this exception results in a response with the HTTP status code "401 Unauthenticated", but it may also result in a "403 Forbidden" response, depending on the authentication scheme in use.  See the [authentication documentation][authentication] for more details.

## PermissionDenied

**Signature:** `PermissionDenied(detail=None)`

Raised when an authenticated request fails the permission checks.

By default this exception results in a response with the HTTP status code "403 Forbidden".

## MethodNotAllowed

**Signature:** `MethodNotAllowed(method, detail=None)`

Raised when an incoming request occurs that does not map to a handler method on the view.

By default this exception results in a response with the HTTP status code "405 Method Not Allowed".

## UnsupportedMediaType

**Signature:** `UnsupportedMediaType(media_type, detail=None)`

Raised if there are no parsers that can handle the content type of the request data when accessing `request.DATA` or `request.FILES`.

By default this exception results in a response with the HTTP status code "415 Unsupported Media Type".

## Throttled

**Signature:** `Throttled(wait=None, detail=None)`

Raised when an incoming request fails the throttling checks.

By default this exception results in a response with the HTTP status code "429 Too Many Requests".

[cite]: http://www.doughellmann.com/articles/how-tos/python-exception-handling/index.html
[authentication]: authentication.md
-												Links to source files in docs

											
										
										
											2012-09-09 01:06:13 +04:00
+								<a class="github" href="exceptions.py"></a>
-												REST framework 2 docs

											
										
										
											2012-09-01 23:26:27 +04:00
+								# Exceptions
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
+								> Exceptions… allow error handling to be organized cleanly in a central or high-level place within the program structure.
 								>
 								> &mdash; Doug Hellmann, [Python Exception Handling Techniques][cite]
-												REST framework 2 docs

											
										
										
											2012-09-01 23:26:27 +04:00
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
+								## Exception handling in REST framework views
-												GitHub link in toolbar

											
										
										
											2012-09-12 16:11:26 +04:00
+								REST framework's views handle various exceptions, and deal with returning appropriate error responses.
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
 								The handled exceptions are:
 								* Subclasses of `APIException` raised inside REST framework.
 								* Django's `Http404` exception.
 								* Django's `PermissionDenied` exception.
-												GitHub link in toolbar

											
										
										
											2012-09-12 16:11:26 +04:00
+								In each case, REST framework will return a response with an appropriate status code and content-type.  The body of the response will include any additional details regarding the nature of the error.
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
-												Replace 'detail' with 'default_detail' in Exceptions guide and APIException class docstring.

											
										
										
											2014-02-10 22:54:56 +04:00
+								By default all error responses will include a key `detail` in the body of the response, but other keys may also be included.
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
 								For example, the following request:
 								    DELETE http://api.example.com/foo/bar HTTP/1.1
 								    Accept: application/json
-												Fixing spelling errors.

											
										
										
											2012-10-21 18:34:07 +04:00
+								Might receive an error response indicating that the `DELETE` method is not allowed on that resource:
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
 								    HTTP/1.1 405 Method Not Allowed
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								    Content-Type: application/json
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
+								    Content-Length: 42
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
+								    {"detail": "Method 'DELETE' not allowed."}
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
+								## Custom exception handling
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								You can implement custom exception handling by creating a handler function that converts exceptions raised in your API views into response objects.  This allows you to control the style of error responses used by your API.
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								The function must take a single argument, which is the exception to be handled, and should either return a `Response` object, or return `None` if the exception cannot be handled.  If the handler returns `None` then the exception will be re-raised and Django will return a standard HTTP 500 'server error' response.
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								For example, you might want to ensure that all error responses include the HTTP status code in the body of the response, like so:
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								    HTTP/1.1 405 Method Not Allowed
 								    Content-Type: application/json
 								    Content-Length: 62
 								    {"status_code": 405, "detail": "Method 'DELETE' not allowed."}
 								In order to alter the style of the response, you could write the following custom exception handler:
 								    from rest_framework.views import exception_handler
 								    def custom_exception_handler(exc):
 								        # Call REST framework's default exception handler first,
 								        # to get the standard error response.
 								        response = exception_handler(exc)
 								        # Now add the HTTP status code to the response.
 								        if response is not None:
 								            response.data['status_code'] = response.status_code
 								        return response
 								The exception handler must also be configured in your settings, using the `EXCEPTION_HANDLER` setting key. For example:
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								    REST_FRAMEWORK = {
 								        'EXCEPTION_HANDLER': 'my_project.my_app.utils.custom_exception_handler'
 								    }
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								If not specified, the `'EXCEPTION_HANDLER'` setting defaults to the standard exception handler provided by REST framework:
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								    REST_FRAMEWORK = {
 								        'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler'
 								    }
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Extra docs on custom exception handling.

											
										
										
											2013-09-07 23:45:43 +04:00
+								Note that the exception handler will only be called for responses generated by raised exceptions.  It will not be used for any responses returned directly by the view, such as the `HTTP_400_BAD_REQUEST` responses that are returned by the generic views when serializer validation fails.
-												Add EXCEPTION_HANDLER docs to exception docs

											
										
										
											2013-09-06 22:57:32 +04:00
-												Split up doc sections more cleanly

											
										
										
											2012-10-17 18:41:57 +04:00
+								---
 								# API Reference
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
+								## APIException
-												Remove the detail=None from APIException signature

The documentation not match with the implementation. The APIException doesn't have detail parameter in the constructor class, actually doesn't have constructor method at all.
											
										
										
											2013-10-21 12:24:06 +04:00
+								**Signature:** `APIException()`
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
-												Clarify "raised inside REST framework"

I ran into an issue today where I was not seeing the rest_framework.views.exception_handler do what I thought it should be doing. It turned out that I had imported View from rest_framework.views rather than importing APIView from rest_framework.views. The phrase "raised inside REST framework" was confusing as I was debugging this issue. I was unsure if that meant that I could raise those exceptions in my code or if it had to originate from within framework code.

I'm not sure if the proposed wording is ideal, I just wanted to point out what I found to be confusing.
											
										
										
											2014-09-17 16:49:54 +04:00
+								The **base class** for all exceptions raised inside an APIView class or @api_view.
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
-												Replace 'detail' with 'default_detail' in Exceptions guide and APIException class docstring.

											
										
										
											2014-02-10 22:54:56 +04:00
+								To provide a custom exception, subclass `APIException` and set the `.status_code` and `.default_detail` properties on the class.
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
-												Added example of using APIException class.  Closes #1300

											
										
										
											2013-12-22 01:10:05 +04:00
+								For example, if your API relies on a third party service that may sometimes be unreachable, you might want to implement an exception for the "503 Service Unavailable" HTTP response code.  You could do this like so:
 								    from rest_framework.exceptions import APIException
 								    class ServiceUnavailable(APIException):
 								        status_code = 503
-												Fix doc for custom exception sample

The way to provide a default detail for APIException is to define a `default_detail` attribute on the subclass.

Defining a `detail` attribute without `default_detail` will not work, and will result in empty detail instead.

											
										
										
											2014-01-31 21:26:45 +04:00
+								        default_detail = 'Service temporarily unavailable, try again later.'
-												Added example of using APIException class.  Closes #1300

											
										
										
											2013-12-22 01:10:05 +04:00
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
+								## ParseError
 								**Signature:** `ParseError(detail=None)`
 								Raised if the request contains malformed data when accessing `request.DATA` or `request.FILES`.
 								By default this exception results in a response with the HTTP status code "400 Bad Request".
-												Use two seperate exceptions - `AuthenticationFailed`, and `NotAuthenticated`

Cleaner seperation of exception and resulting HTTP response.
Should result in more obvious error messages.

											
										
										
											2012-10-17 18:23:36 +04:00
+								## AuthenticationFailed
-												Add `Unauthenticated` exception.

											
										
										
											2012-10-17 17:59:37 +04:00
-												Use two seperate exceptions - `AuthenticationFailed`, and `NotAuthenticated`

Cleaner seperation of exception and resulting HTTP response.
Should result in more obvious error messages.

											
										
										
											2012-10-17 18:23:36 +04:00
+								**Signature:** `AuthenticationFailed(detail=None)`
-												Add `Unauthenticated` exception.

											
										
										
											2012-10-17 17:59:37 +04:00
-												Use two seperate exceptions - `AuthenticationFailed`, and `NotAuthenticated`

Cleaner seperation of exception and resulting HTTP response.
Should result in more obvious error messages.

											
										
										
											2012-10-17 18:23:36 +04:00
+								Raised when an incoming request includes incorrect authentication.
 								By default this exception results in a response with the HTTP status code "401 Unauthenticated", but it may also result in a "403 Forbidden" response, depending on the authentication scheme in use.  See the [authentication documentation][authentication] for more details.
 								## NotAuthenticated
 								**Signature:** `NotAuthenticated(detail=None)`
 								Raised when an unauthenticated request fails the permission checks.
-												Add `Unauthenticated` exception.

											
										
										
											2012-10-17 17:59:37 +04:00
 								By default this exception results in a response with the HTTP status code "401 Unauthenticated", but it may also result in a "403 Forbidden" response, depending on the authentication scheme in use.  See the [authentication documentation][authentication] for more details.
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
+								## PermissionDenied
 								**Signature:** `PermissionDenied(detail=None)`
-												Use two seperate exceptions - `AuthenticationFailed`, and `NotAuthenticated`

Cleaner seperation of exception and resulting HTTP response.
Should result in more obvious error messages.

											
										
										
											2012-10-17 18:23:36 +04:00
+								Raised when an authenticated request fails the permission checks.
-												Updating docs

											
										
										
											2012-09-12 13:12:13 +04:00
 								By default this exception results in a response with the HTTP status code "403 Forbidden".
 								## MethodNotAllowed
 								**Signature:** `MethodNotAllowed(method, detail=None)`
 								Raised when an incoming request occurs that does not map to a handler method on the view.
 								By default this exception results in a response with the HTTP status code "405 Method Not Allowed".
 								## UnsupportedMediaType
 								**Signature:** `UnsupportedMediaType(media_type, detail=None)`
 								Raised if there are no parsers that can handle the content type of the request data when accessing `request.DATA` or `request.FILES`.
 								By default this exception results in a response with the HTTP status code "415 Unsupported Media Type".
 								## Throttled
 								**Signature:** `Throttled(wait=None, detail=None)`
 								Raised when an incoming request fails the throttling checks.
 								By default this exception results in a response with the HTTP status code "429 Too Many Requests".
-												Add `Unauthenticated` exception.

											
										
										
											2012-10-17 17:59:37 +04:00
+								[cite]: http://www.doughellmann.com/articles/how-tos/python-exception-handling/index.html
-												Merge with master

											
										
										
											2012-11-09 17:49:52 +04:00
+								[authentication]: authentication.md