Chapter DMultimodal API labPage 2 of 8

Multimodal API lab

Define upload, MIME, and response schema contracts

Page 2 advances one concrete typed receipt-vision API: explain the decision, run the code, inspect failure, measure evidence, and keep only what is ready to ship.

~14 minData contract

Before you start

Why this matters

Predict which field in the typed receipt-vision API contract must reject a bad value before any model or database work runs. Name one wrong output that would still look fluent to a reviewer who only reads the final answer.

1Learn the idea

Read

Build focus

Make malformed input fail before it reaches the interesting algorithm. The accepted contract is authenticated upload bytes plus a question string, after MIME and size validation. This boundary matters because overconfident misread of a blurred total often begins as a value that should never have been accepted. Keep transformation functions separate from scoring, retrieval, training, or generation so a test can identify which boundary changed the data.

Contracts cover authentication, MIME sniffing (not just Content-Type), max bytes, max dimensions, and a response schema with answer, confidence, and evidence fields. 413 and 415 must happen before provider calls.

The artifact's user-facing goal is specific: return a typed answer with confidence and evidence location, or abstain when pixels are unreadable. Its accepted input is authenticated upload bytes plus a question string, after MIME and size validation. Those statements are intentionally narrower than “build an AI system.” Narrow scope lets us inspect every input and expected result, and it prevents a toy result from being presented as a production claim. System shape for this chapter: an upload boundary checks authentication, MIME signature, dimensions, and byte limits; an image worker strips metadata and resizes safely; a provider adapter sends text and image parts; a schema validator rejects malformed or overconfident output. Keep model calls behind adapters, keep authorization and validation in deterministic code, and carry stable IDs and versions through every response. That separation lets you decide whether a bad result came from input handling, retrieval, inference, validation, or deployment. This page's job is the data contract step: make malformed input fail before it reaches the interesting algorithm. Setup baseline for the chapter (run once per machine, not secrets in git):

python -m venv .venv && source .venv/bin/activate
pip install fastapi uvicorn pillow pydantic httpx
export MAX_IMAGE_BYTES=5000000

If hardware or a hosted provider differs, preserve the interface and expected behavior. Do not present provider syntax as universal—when a vendor adapter is unavoidable, keep it behind a thin boundary and test with a fake first. The deliverable is not “it ran once”; it is a reproducible artifact another developer can inspect, including expected output and one deliberate failure related to overconfident misread of a blurred total. Operationally, write down the owner of this stage, the command you ran, the observed output, and the next page's dependency on that output. If you cannot point to a file, fixture, metric, or config key, the stage is not done. Prefer small, reviewable increments: one contract, one path, one metric, one failure, one gate. When tradeoffs appear—latency versus quality, hit rate versus false hits, local privacy versus cloud quality—record both numbers instead of moving the threshold until the report looks green. The chapter ships only when evidence for field exact-match on clear fixtures, high abstention precision on blurred fixtures, schema validity 100% and a rehearsed recovery path exist beside FastAPI /analyze endpoint with normalization, schema validation, and model pin.

Read

Run the example

Save this as lesson.py and run python3 lesson.py. Prefer the standard library or the pinned packages from the setup block so the example stays reproducible.

ALLOWED={"image/jpeg","image/png"}
def check_upload(mime, nbytes, max_b=5_000_000):
    if mime not in ALLOWED: return 415
    if nbytes>max_b: return 413
    return 200
print(check_upload("text/plain", 100), check_upload("image/jpeg", 9_000_000))

Expected output: 415 then 413 for bad mime and oversized bytes. Exact floating-point formatting may vary slightly, but the asserted behavior must not. Read the output as evidence about this stage, not merely proof that the interpreter started.

Read

Debug the stage

Print rejected inputs with the violated field names. Silent coercion is how overconfident misread of a blurred total later looks like a model problem. At the data contract stage, save the smallest failing fixture beside the expected result. Change one cause at a time and rerun the exact command printed above; that makes the repair reviewable and keeps this chapter's progressive artifact reproducible.

Read

Evaluate before continuing

Contract tests must run offline without credentials when possible. Quality claims wait for labeled sets. For this data contract page, preserve the fixture and result as evidence for the next page. Label observations separately from conclusions: a passing assertion establishes the behavior it names, while broader usefulness requires the chapter's full evaluation set and stated operating limits. Primary metrics for the chapter remain field exact-match on clear fixtures, high abstention precision on blurred fixtures, schema validity 100%.

Checking tutor…

Continue learning · glossary & guides
  • [ ] Which malformed values are rejected before the algorithm?
  • [ ] Can transformation and core logic be tested separately?
  • [ ] Does the error identify the violated field or shape?
  • [ ] Is authenticated upload bytes plus a question string, after MIME and size validation enforced in code?

Glossary: multimodal · Snippet: vision message · How-to: call a vision API · Cheatsheet: image prompt card

Previous · Next