Flask Cheat Sheet

Updated 2026-04-26

Next Topic: Full-Stack Application Deployment Cheat Sheet

Flask is a lightweight WSGI web framework for Python, designed to make getting started quick and easy while providing the flexibility to scale to complex applications. Unlike full-stack frameworks, Flask is intentionally minimalist — it provides core functionality for routing, requests, and templating, then lets you choose extensions for databases, authentication, and other features. As of Flask 3.x, the framework supports async views natively, class-based views via MethodView, secret key rotation, and improved configuration patterns including environment prefix loading. This modular approach makes Flask particularly well-suited for microservices, REST APIs, and projects where you want full control over the architecture without unnecessary abstractions.

What This Cheat Sheet Covers

This topic spans 24 focused tables and 193 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Application Setup and ConfigurationTable 2: Routing and URL RulesTable 3: Request HandlingTable 4: Response ObjectsTable 5: Templates and Jinja2Table 6: Sessions and CookiesTable 7: Error HandlingTable 8: Blueprints and Application StructureTable 9: Database IntegrationTable 10: Request Lifecycle HooksTable 11: Application Context and GlobalsTable 12: TestingTable 13: CLI and Custom CommandsTable 14: Security FeaturesTable 15: Extensions and MiddlewareTable 16: Asynchronous SupportTable 17: Streaming and Real-TimeTable 18: Logging and DebuggingTable 19: File UploadsTable 20: SignalsTable 21: Deployment and ProductionTable 22: Class-Based ViewsTable 23: Message FlashingTable 24: Static Files

Table 1: Application Setup and Configuration

Method	Example	Description
Flask app instance	`app = Flask(__name__)`	• Creates the core application object • `__name__` helps Flask locate resources and templates relative to the module.
app.run()	`app.run(debug=True, port=5000)`	• Starts the development server with optional debug mode and custom port • never use in production.
config.from_object()	`app.config.from_object('config.DevelopmentConfig')`	Loads configuration from a class object containing uppercase-named settings.
config.from_envvar()	`app.config.from_envvar('APP_SETTINGS')`	Loads configuration from a file whose path is specified in an environment variable.
config.from_prefixed_env()	`app.config.from_prefixed_env(prefix='FLASK_')`	Automatically loads prefixed environment variables into config (default `FLASK_`).
config.from_file()	`app.config.from_file('config.json', load=json.load)`	Loads config from a JSON, TOML, or other file using a callable parser.
app.secret_key	`app.secret_key = 'your-secret-key'` `# or app.config['SECRET_KEY']`	• Sets the secret key used to sign session cookies and CSRF tokens • must be random and kept secure.
app.debug	`app.debug = True`	• Enables debug mode with automatic reloading and detailed error pages • set via config or environment.

Table 1: Application Setup and Configuration

Method	Example	Description
Flask app instance	`app = Flask(__name__)`	• Creates the core application object • `__name__` helps Flask locate resources and templates relative to the module.
app.run()	`app.run(debug=True, port=5000)`	• Starts the development server with optional debug mode and custom port • never use in production.
config.from_object()	`app.config.from_object('config.DevelopmentConfig')`	Loads configuration from a class object containing uppercase-named settings.
config.from_envvar()	`app.config.from_envvar('APP_SETTINGS')`	Loads configuration from a file whose path is specified in an environment variable.
config.from_prefixed_env()	`app.config.from_prefixed_env(prefix='FLASK_')`	Automatically loads prefixed environment variables into config (default `FLASK_`).
config.from_file()	`app.config.from_file('config.json', load=json.load)`	Loads config from a JSON, TOML, or other file using a callable parser.
app.secret_key	`app.secret_key = 'your-secret-key'` `# or app.config['SECRET_KEY']`	• Sets the secret key used to sign session cookies and CSRF tokens • must be random and kept secure.
app.debug	`app.debug = True`	• Enables debug mode with automatic reloading and detailed error pages • set via config or environment.