10 Advanced Pydantic V2 Tricks to Harden Your FastAPI Production

This article presents ten practical, production‑ready techniques for using Pydantic V2 with FastAPI, aiming to improve data validation, security, and developer experience.

1. Enable strict mode to block automatic type conversion

By default Pydantic coerces values (e.g., a string "29.99" becomes a float). In production, enable ConfigDict(strict=True) to reject mismatched types and raise ValidationError. You can also apply strict validation to individual fields using StrictInt and StrictStr.

from pydantic import BaseModel, ConfigDict

class PaymentStrict(BaseModel):
    model_config = ConfigDict(strict=True)
    amount: float
    currency: str

# ValidationError: amount - Input should be a valid number

2. Use field constraints instead of custom validators

Leverage Field() for length, pattern, range, and type checks. Constraints automatically appear in the OpenAPI schema, providing clear documentation without extra code.

from pydantic import BaseModel, Field, EmailStr

class CreateUser(BaseModel):
    username: str = Field(min_length=3, max_length=30, pattern=r'^[a-zA-Z0-9_]+$')
    email: EmailStr
    age: int = Field(ge=13, le=120)
    bio: str | None = Field(default=None, max_length=500)

3. Separate models for create, update, and response

Define distinct Pydantic models for each operation. Use exclude_unset=True on model_dump() to update only the fields sent by the client, and enable ConfigDict(from_attributes=True) on response models to serialize ORM objects directly.

class UserCreate(BaseModel):
    username: str = Field(min_length=3, max_length=30)
    email: EmailStr
    password: str = Field(min_length=8)

class UserUpdate(BaseModel):
    username: str | None = Field(default=None, min_length=3, max_length=30)
    email: EmailStr | None = None
    bio: str | None = Field(default=None, max_length=500)

class UserResponse(BaseModel):
    id: int
    username: str
    email: str
    bio: str | None
    created_at: datetime
    model_config = ConfigDict(from_attributes=True)

4. Cross‑field validation with @model_validator

Use @model_validator(mode='after') to enforce relationships between fields, such as ensuring an end date follows a start date or that a discount percentage stays within 0‑100.

from pydantic import BaseModel, model_validator
from datetime import date

class DateRange(BaseModel):
    start_date: date
    end_date: date

    @model_validator(mode='after')
    def validate_dates(cls, values):
        if values.end_date <= values.start_date:
            raise ValueError('结束日期必须在开始日期之后')
        return values

5. Customize error responses for front‑end friendliness

Override FastAPI’s default 422 response to return a simple {"field": "error message"} mapping, making it easy for UI code to display inline validation messages.

from fastapi import FastAPI, Request
from fastapi.exceptions import RequestValidationError
from fastapi.responses import JSONResponse

app = FastAPI()

@app.exception_handler(RequestValidationError)
async def custom_validation_handler(request: Request, exc: RequestValidationError):
    errors = {}
    for err in exc.errors():
        field = err['loc'][-1] if err['loc'] else 'unknown'
        errors[field] = err['msg']
    return JSONResponse(status_code=422, content={"success": False, "message": "校验失败", "errors": errors})

6. Reusable annotated types to avoid duplication

Create reusable annotated types (e.g., PhoneNumber, Slug, CurrencyCode) with shared validation logic, then reference them across many models.

from typing import Annotated
from pydantic import Field, AfterValidator

def validate_phone(value: str) -> str:
    cleaned = ''.join(c for c in value if c.isdigit() or c == '+')
    if not (10 <= len(cleaned) <= 15):
        raise ValueError('手机号必须是10-15位数字')
    return cleaned

PhoneNumber = Annotated[str, AfterValidator(validate_phone)]

class UserProfile(BaseModel):
    phone: PhoneNumber

7. forbid extra fields to prevent dirty data

Set ConfigDict(extra='forbid') so any unexpected keys cause a validation error, protecting against hidden attack vectors.

class SecureUserCreate(BaseModel):
    model_config = ConfigDict(extra='forbid')
    username: str
    email: str
    password: str

8. Nested models for complex JSON structures

Model hierarchical data (orders, addresses, items) with nested Pydantic classes, each with its own validation rules.

class OrderItem(BaseModel):
    product_id: int
    quantity: int = Field(gt=0, le=100)
    unit_price: float = Field(gt=0)

class ShippingAddress(BaseModel):
    street: str = Field(min_length=5)
    postal_code: str = Field(pattern=r'^\d{5}(-\d{4})?$')

class CreateOrder(BaseModel):
    model_config = ConfigDict(extra='forbid')
    customer_id: int
    items: list[OrderItem] = Field(min_length=1, max_length=50)
    shipping: ShippingAddress

9. Computed fields for dynamic response data

Use @computed_field to add properties like total amount, item count, or age in hours that are calculated on serialization and appear in OpenAPI docs.

class OrderResponse(BaseModel):
    model_config = ConfigDict(from_attributes=True)
    id: int
    items: list[OrderItem]
    created_at: datetime

    @computed_field
    @property
    def total(self) -> float:
        return sum(i.quantity * i.unit_price for i in self.items)

10. Discriminated unions for polymorphic payloads

Define a union of models with a Field(discriminator='channel') so the incoming JSON determines which concrete model validates the data, eliminating manual if/else branching.

class EmailNotification(BaseModel):
    channel: Literal['email']
    email_address: str

class SlackNotification(BaseModel):
    channel: Literal['slack']
    webhook_url: str

NotificationConfig = Annotated[Union[EmailNotification, SlackNotification], Field(discriminator='channel')]

Applying these patterns early in the request lifecycle ensures that the data reaching your endpoint logic is already clean, type‑safe, and trustworthy.