Okay, so I think adding WSME to Flask isn't actually useful for me, so it's back to just Flask plus random other bits and doing it myself to get a REST API that looks the way I want out of it. It seems like a microframework isn't actually /helpful/ in getting everything done for you off the bat; who would have thought?

Anyhoo, I'm now left wondering how to structure my code -- where the breakdown between the REST API handling versus the logic should go, and if other bits should be broken down further too. The question that's bugging me, I guess is whether a REST API is actually a "view/controller" in the MVC architecture, or if it's actually the "model"... I'd like it to look like accessing the model directly (more or less) from remote workers/clients and ideally even from the admin web interface. So I think that means that I want to provide fairly minimal boiler-plate over the top of the functions/classes where I define my logic. But I think I'd like to have some separation between the actual database manipulation and the REST API, probably both so that it wouldn't be too kludgy to add an XMLRPC API or to separate testing of the underlying logic...

I guess that means the key elements of defining the REST API for me would then be mapping the incoming request (HTTP verb, URI (sub)path, and any parameters) to the right class/object/function in the model, and then converting the model's response to JSON -- if I limit the model's response to being either a dictionary or an exception I could then handle that pretty automatically, I think. I guess it would end up something like:

class FooView(MyRESTAPIView):
    # MyRESTAPIView will apply jsonify decorators to everything

    def query(self):
        # gets routed to from GET .../query
        return self.model.query( **request.args )

   @perms('admin')
    def put(self):
        # gets routed to from PUT .../
        return self.model.add( **request.args )

I guess I wonder if that still seems like too much boiler plate? Hmm, also, should permission checking go in the model? I guess I think that it should, though I'm not sure how the model should find out who the user is.
Shared publiclyView activity