{"library":"flask-appbuilder","title":"Flask-AppBuilder","description":"Flask-AppBuilder (FAB) is a simple and rapid application development framework built on top of Flask. It provides detailed security features, automatic CRUD generation for database models, Google Charts integration, and more. It is currently at version 5.2.0 and maintains an active release cadence with frequent updates and new features. [3, 4]","status":"active","version":"5.2.0","language":"en","source_language":"en","source_url":"https://github.com/dpgaspar/flask-appbuilder/","tags":["Flask","admin","web development","CRUD","security","ORM"],"install":[{"cmd":"pip install Flask-AppBuilder","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Core web framework upon which Flask-AppBuilder is built.","package":"Flask"},{"reason":"Provides SQLAlchemy integration for database management, a core feature for model views.","package":"Flask-SQLAlchemy"},{"reason":"ORM used for database interaction; Flask-AppBuilder heavily leverages its declarative syntax.","package":"SQLAlchemy"},{"reason":"Manages user sessions and authentication.","package":"Flask-Login"},{"reason":"Provides internationalization and localization support.","package":"Flask-Babel"},{"reason":"Integrates WTForms for web forms, used extensively in CRUD operations.","package":"Flask-WTF"},{"reason":"Required for OAuth 2.0 authentication support.","package":"Authlib","optional":true},{"reason":"Required for SAML 2.0 authentication support.","package":"python3-saml","optional":true}],"imports":[{"symbol":"AppBuilder","correct":"from flask_appbuilder import AppBuilder"},{"note":"While older versions or specific examples might show a submodule import, the recommended minimal quickstart for current versions directly imports `SQLA` from `flask_appbuilder` for its SQLAlchemy database object. [2, 13]","wrong":"from flask_appbuilder.models.sqla.base import SQLA","symbol":"SQLA","correct":"from flask_appbuilder import SQLA"},{"symbol":"ModelView","correct":"from flask_appbuilder import ModelView"},{"symbol":"SQLAInterface","correct":"from flask_appbuilder.models.sqla.interface import SQLAInterface"}],"quickstart":{"code":"import os\nfrom flask import Flask\nfrom flask_appbuilder import SQLA, AppBuilder, ModelView\nfrom flask_appbuilder.models.sqla.interface import SQLAInterface\n\n# Your App class\nclass MyUser(SQLA.Model):\n    id = SQLA.Column(SQLA.Integer, primary_key=True)\n    name = SQLA.Column(SQLA.String(50), unique=True, nullable=False)\n\n    def __repr__(self):\n        return self.name\n\n# Instantiate Flask app\napp = Flask(__name__)\napp.config['SECRET_KEY'] = os.environ.get('FLASK_SECRET_KEY', 'a-very-secret-key-that-you-should-change')\napp.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///' + os.path.join(os.path.dirname(__file__), 'app.db')\napp.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n\n# Instantiate SQLAlchemy and AppBuilder\ndb = SQLA(app)\nappbuilder = AppBuilder(app, db.session)\n\n# Create a ModelView for MyUser\nclass MyUserView(ModelView):\n    datamodel = SQLAInterface(MyUser)\n    list_columns = ['name']\n\n# Add the view to AppBuilder\nappbuilder.add_view(MyUserView, 'List My Users', icon='fa-users', category='My App')\n\n# To run the app:\n# $ export FLASK_APP=your_app_file_name.py\n# $ flask fab create-admin (follow prompts to create an admin user)\n# $ flask run\n# Access at http://127.0.0.1:5000","lang":"python","description":"This quickstart sets up a minimal Flask-AppBuilder application with a simple SQLAlchemy model and a corresponding ModelView for CRUD operations. It initializes Flask, Flask-SQLAlchemy, and Flask-AppBuilder, then registers a basic view. You'll need to set a `FLASK_SECRET_KEY` environment variable or replace the placeholder. After running, use `flask fab create-admin` to set up an administrative user. [2, 8, 10, 12, 21]"},"warnings":[{"fix":"Migrate MongoDB data to a supported SQL database (PostgreSQL, MySQL, SQLite, etc.). Update models to use SQLAlchemy syntax. Switch from OpenID 2.0 to OAuth 2.0, LDAP, SAML, or database authentication. Remove `flask-mongoengine`, `mongoengine`, `pymongo`, `flask-openid` dependencies. [1]","message":"Flask-AppBuilder 5.0.0 completely removed support for MongoDB/MongoEngine and OpenID 2.0 authentication. Applications relying on these backends will require significant migration to SQLAlchemy-based databases and alternative authentication methods (e.g., OAuth2, LDAP, SAML). [1, 11, 16, 17]","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Review and update SQLAlchemy query patterns to align with 2.x best practices. Ensure Flask-SQLAlchemy is configured correctly. For `AppBuilder` initialization, pass `db.session` directly rather than the `db` object itself. If encountering `SQLA` import errors, consider `from flask_appbuilder.utils.legacy import get_sqla_class()` or use Flask-SQLAlchemy's `db` object directly for models and session. [1, 13]","message":"Version 5.0.0 introduced breaking changes for SQLAlchemy 2.x and Flask-SQLAlchemy 3.x compatibility. This affects query syntax, session handling, relationship loading, and potentially the `SQLA` import path or how the SQLAlchemy object is passed to `AppBuilder`. [1, 11, 13, 24, 25]","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Review migration guides for each updated dependency (Flask, Jinja2, Werkzeug, etc.) and adapt application code accordingly. Ensure all dependencies are updated and compatible with Flask-AppBuilder v4.0.0+. [14]","message":"Flask-AppBuilder 4.0.0 introduced major version bumps for several core Flask dependencies including Flask (1.x to 2.x), Flask-JWT-Extended (3.x to 4.x), Jinja2 (2.x to 3.x), Werkzeug (1.x to 2.x), pyJWT (1.x to 2.x), and Click (7.x to 8.x). These changes often come with their own breaking changes. [14]","severity":"breaking","affected_versions":">=4.0.0"},{"fix":"Always back up your database before migrations. For the very first migration, if you encounter `No changes in schema detected`, you might need to drop all `ab_` tables and the `alembic_version` table, then run `flask db upgrade` to create all tables and initialize Alembic correctly. Use `flask fab upgrade-db` after a Flask-AppBuilder upgrade. [2, 23]","message":"Database migrations with Alembic (managed by Flask-Migrate via `flask fab`) require careful handling, especially on initial setup or when schema changes are introduced. Simply running `flask db migrate` might not detect changes if the setup isn't exact. [23]","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always set `app.config['SECRET_KEY']` to a long, random, and secret string. It's best practice to load this from an environment variable (e.g., `os.environ.get('FLASK_SECRET_KEY')`) rather than hardcoding it. [12, 21]","message":"The `SECRET_KEY` configuration is crucial for Flask's session security. Using a weak or default key in production makes the application vulnerable to session hijacking and other attacks. [12, 21]","severity":"gotcha","affected_versions":"All versions"},{"fix":"Update `OAUTH_PROVIDERS` configuration in `config.py` to use the new `client_id` and `client_secret` keys within the `remote_app` dictionary. Also ensure `authlib` is correctly installed and used. [14]","message":"The configuration structure for OAuth providers changed significantly in version 4.0.0, specifically impacting the keys used for client credentials (e.g., `consumer_key` and `consumer_secret` were replaced by `client_id` and `client_secret`). [14]","severity":"gotcha","affected_versions":">=4.0.0"}],"env_vars":null,"last_verified":"2026-04-05T00:00:00.000Z","next_check":"2026-07-04T00:00:00.000Z"}