---

# 🔗 Case Study — API Schemas End-to-End

### 🎯 Intent

Design **stable, secure API contracts** from request → domain → response with Pydantic v2.

---

### 🧩 Core Points (super short)

1. **🧱 DTO Layers**

   * `In` (create), `Update` (all optional), `Out` (public, no secrets).

2. **🧪 Validation**

   * `Field(...)` constraints + `@field_validator` / `@model_validator`.
   * Use `Strict*` or `strict=True` when coercion is risky.

3. **🛡️ Security-by-Design**

   * Never expose secrets; mask via serializers.
   * `extra="forbid"`; discriminated unions for controlled variants.

4. **📤 Serialization & Aliases**

   * `by_alias=True`, `exclude_none=True`.
   * `@model_serializer` to reshape (e.g., money strings).

5. **📄 Error Shape**

   * Normalize: `code`, `message`, `fields[]`.
   * Map from `ValidationError.errors()`.

6. **📑 Pagination / Sorting / Filtering**

   * Request: `limit/offset/sort/filters`.
   * Response: `{items, total, limit, offset}`.
   * Whitelist `sort`.

7. **🧭 Versioning**

   * `/v1` (or media-type).
   * Additive changes; `deprecated=True`; keep aliases stable.

8. **🔗 ORM Boundary**

   * `from_attributes=True` for `Out`.
   * Eager-load relations to avoid N+1.

9. **🧰 Envelopes & Metadata**

   * Wrapper: `data` + optional `meta` (trace id, rate limits, version).

10. **🧬 Polymorphism**

* Discriminated unions (`discriminator="kind"`) for payments/notifications.

11. **🧪 Contract Tests & Examples**

* Fill `description`/`examples`; golden round-trip tests.

12. **📜 OpenAPI / JSON Schema**

* `mode="serialization"`, `by_alias=True`; titles/descriptions for docs.

13. **⚙️ Performance**

* Batch with `TypeAdapter(list[...])`; prefer discriminators; `exclude_unset` for PATCH.

14. **🧠 Common Types**

* IDs: `UUID` • Money: `Decimal` (+ serializer) • Time: `AwareDatetime` (UTC ISO) • `EmailStr`/`AnyUrl` • `Enum`/`Literal`.

---
