Enable Pydantic polymorphic_serialization flag on response serialization #15498

cwinters · 2026-05-09T16:43:50Z

cwinters
May 9, 2026

First Check

I added a very descriptive title here.
I used the GitHub search to find a similar question and didn't find it.
I searched the FastAPI documentation, with the integrated search.
I already searched in Google "How to X in FastAPI" and didn't find any information.
I already read and followed all the tutorial in the docs and didn't find an answer.
I already checked if it is not related to FastAPI but to Pydantic.
I already checked if it is not related to FastAPI but to Swagger UI.
I already checked if it is not related to FastAPI but to ReDoc.

Commit to Help

I commit to help with one of those options 👆

Example Code

# this example is copied from the Pydantic docs with updates to work with FastAPI
# docs: https://pydantic.dev/docs/validation/latest/concepts/serialization/#polymorphic-serialization

from fastapi import FastAPI, Response
from pydantic import BaseModel, ConfigDict

class User(BaseModel):
    name: str


class UserLogin(User):
    password: str


class OuterModel(BaseModel):
    # would love if FastAPI could read this!
    model_config = ConfigDict(polymorphic_serialization=True)

    user: User


app = FastAPI()


@app.get("/")
def current():
    model = OuterModel(
        user=UserLogin(name='pydantic', password='password'),
    )
    return model


@app.get("/expected")
def expected():
    model = OuterModel(
        user=UserLogin(name='pydantic', password='password'),
    )
    content = model.model_dump_json(polymorphic_serialization=True)
    return Response(media_type="application/json", content=content)

Description

Pydantic 2.13+ uses polymorphic_serialization=True to serialize a model with its actual type vs declared type
- PR: Add polymorphic_serialization option pydantic/pydantic#12518
- Release notes: https://pydantic.dev/articles/pydantic-v2-13-release
When serializing a response it'd be great to either:
- Be able to declare in the route to pass this flag when serializing (e.g., @app.get(..., polymorphic_serialization=True)), or...
- For FastAPI to peek into the model's config to see if the flag is there, and if so apply it (this would be awesome!)

Operating System

Linux, macOS

Operating System Details

No response

FastAPI Version

0.135.3

Pydantic Version

2.13.4

Python Version

3.11.14

Additional Context

No response

valentinDruzhinin · 2026-05-10T04:18:25Z

valentinDruzhinin
May 10, 2026

Hey @cwinters . Thank you for the suggestion. I've created the PR for that: #15499

0 replies

yudin-s · 2026-05-14T07:22:00Z

yudin-s
May 14, 2026

I would make this opt-in if FastAPI adds support for it. The current declared-type serialization behavior is an important safety default: if the response field is typed as User, FastAPI/Pydantic currently avoids leaking subclass-only fields such as password from UserLogin unless the API author asks for that behavior.

For now, the explicit workaround you showed is the safest one:

content = model.model_dump_json(polymorphic_serialization=True)
return Response(content=content, media_type='application/json')

or use Pydantic's annotation-level tools when the polymorphic field is part of the public contract.

If this becomes a FastAPI route option, I think it should probably be route-level or response-model-level rather than silently inferred everywhere from model config. That would keep the security boundary obvious in code review:

@app.get('/...', response_model=OuterModel, polymorphic_serialization=True)

The tests should cover nested models and lists, but also the sensitive-subclass-field case, because that is exactly the behavior difference between declared-type and actual-type serialization.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Enable Pydantic polymorphic_serialization flag on response serialization #15498

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Enable Pydantic polymorphic_serialization flag on response serialization #15498

Uh oh!

cwinters May 9, 2026

First Check

Commit to Help

Example Code

Description

Operating System

Operating System Details

FastAPI Version

Pydantic Version

Python Version

Additional Context

Replies: 2 comments

Uh oh!

valentinDruzhinin May 10, 2026

Uh oh!

yudin-s May 14, 2026

cwinters
May 9, 2026

valentinDruzhinin
May 10, 2026

yudin-s
May 14, 2026