# **1)What is a RESTful API4**

ans- A RESTful API (short for Representational State Transfer API) is a way for computer systems to communicate over the web using standard HTTP methods. It is built on the principles of REST, an architectural style defined by Roy Fielding in his doctoral dissertation.

Key Concepts of RESTful API
Stateless
Each request from the client to the server must contain all the information the server needs to fulfill the request. The server does not store client context between requests.

Resources and URLs
REST treats data as resources. Each resource is identified by a unique URL. For example:

GET /users/123


might retrieve the user with ID 123.

HTTP Methods

RESTful APIs use standard HTTP methods to operate on resources:

GET: Retrieve a resource.

POST: Create a new resource.

PUT: Update an existing resource.

DELETE: Delete a resource.

PATCH: Partially update a resource.

JSON or XML Responses

Most RESTful APIs return data in JSON format (lightweight and easy to parse), though XML is sometimes used.

Stateless Communication

Every API call is independent, and the server does not retain any session or state about the client.

Example:

Imagine an API for a book store:

| Action         | HTTP Method | Endpoint   | Description             |
| -------------- | ----------- | ---------- | ----------------------- |
| List all books | `GET`       | `/books`   | Returns all books       |
| Get one book   | `GET`       | `/books/1` | Returns book with ID 1  |
| Add a new book | `POST`      | `/books`   | Creates a new book      |
| Update a book  | `PUT`       | `/books/1` | Replaces book with ID 1 |
| Delete a book  | `DELETE`    | `/books/1` | Deletes book with ID 1  |



# **2)Explain the concept of API specification**

ans- An API specification is a detailed, structured description of how an API works—essentially, a blueprint that tells developers how to interact with an API. It defines the rules, endpoints, request formats, response structures, authentication methods, and more.

🔑 Key Components of an API Specification
Endpoints
The specific URLs or paths that a client can call (e.g., /users, /products/{id}).

HTTP Methods
The allowed methods (GET, POST, PUT, DELETE, etc.) for each endpoint.

Request Parameters
Details about path parameters, query strings, headers, or request bodies (e.g., ?page=2 or JSON payloads).

Response Format
The structure and format (usually JSON or XML) of the data the API returns, including HTTP status codes (200 OK, 404 Not Found, etc.).

Authentication
How clients authenticate (e.g., API keys, OAuth tokens, JWT).

Error Handling
Describes the structure of error responses (e.g., { "error": "Invalid token" }).

Data Models / Schemas
Definitions of the data types used in the request and response (e.g., a "User" object with fields like id, name, and email).

🛠 Tools and Formats Used
Common formats for writing and sharing API specifications include:

OpenAPI (formerly Swagger)
Most popular; uses JSON or YAML to define RESTful APIs.

RAML (RESTful API Modeling Language)
Human-readable format for designing APIs.

API Blueprint
Markdown-based API spec format.

✅ Why API Specifications Matter

Clarity: Ensures everyone (developers, testers, clients) understands how to use the API.

Automation: Allows tools to generate documentation, SDKs, and tests automatically.

Validation: Ensures that APIs follow rules and expectations.

Version Control: Enables consistent and trackable changes across API versions.

Example :


In [None]:
paths:
  /users/{id}:
    get:
      summary: Get user by ID
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
      responses:
        '200':
          description: A user object
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'


SyntaxError: invalid syntax (<ipython-input-1-64d403b307e0>, line 1)

This defines a GET endpoint to retrieve a user by ID, what parameters it takes, and what kind of response to expect.

# **3) What is Flask, and why is it popular for building API?**

ans- 🐍 What is Flask?

Flask is a lightweight and flexible Python web framework used to build web applications and APIs. It is based on Werkzeug (a WSGI utility library) and Jinja2 (a templating engine), and is known for its simplicity and minimalism.

✅ Why Flask is Popular for Building APIs

Lightweight & Minimal
Flask doesn't come with many built-in tools or features, which gives developers the freedom to structure their projects however they want.

Easy to Learn and Use

With a small learning curve, Flask is beginner-friendly—ideal for quickly prototyping APIs.

Built-in Development Server

Includes a simple server for testing your API without needing complex setup.

RESTful Routing

Flask makes it easy to define URL routes and bind them to Python functions (called view functions), which is perfect for creating RESTful APIs.

Extensible

You can easily add tools like:

Flask-RESTful: Extension for quickly building REST APIs

Flask-JWT or Flask-Login: For authentication

SQLAlchemy: For working with databases

Strong Community and Documentation

There’s a large ecosystem of extensions and resources to help you with anything from authentication to form validation.

🔧 Example: A Simple API with Flask




In [None]:
from flask import Flask, jsonify, request

app = Flask(__name__)

# In-memory "database"
users = [{"id": 1, "name": "Alice"}]

@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users)

@app.route('/users', methods=['POST'])
def create_user():
    new_user = request.get_json()
    users.append(new_user)
    return jsonify(new_user), 201

if __name__ == '__main__':
    app.run(debug=True)


When to Use Flask for APIs
Rapid prototyping or small to medium-sized projects

When you want full control over the architecture

When you prefer Python and need a fast, lightweight tool

# **4) What is routing in Flask?**

ans- Routing in Flask refers to the process of mapping URLs (web addresses) to specific functions in your Python code. These functions, called view functions, define what content or response should be returned when a user visits a particular URL on your website.

How Flask Routing Works

In Flask, you use the @app.route() decorator to define a route.

Example:

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return 'Welcome to the homepage!'

@app.route('/about')
def about():
    return 'This is the about page.'


Explanation:

@app.route('/') means when someone visits the root URL (e.g., http://localhost:5000/), the home() function runs and its return value is shown in the browser.

@app.route('/about') maps the /about URL to the about() function.

Key Features:

You can define dynamic routes using variable rules:

In [None]:
@app.route('/user/<username>')
def show_user(username):
    return f'User: {username}'


You can specify route methods (GET, POST, etc.):

@app.route('/submit', methods=['POST'])
def submit():
    return 'Form submitted!'


Summary:

Routing in Flask allows you to define what code should run when a user accesses a specific URL. It is a fundamental part of building a web application.

# **5) How do you create a simple Flask application?**

ans- Creating a simple Flask application is straightforward. Here’s a step-by-step guide to get you started.

✅ 1. Install Flask

If you haven’t installed Flask yet, you can do so using pip:

In [None]:
pip install Flask


✅ 2. Create the Application

Create a Python file, for example: app.py

In [None]:
from flask import Flask

app = Flask(__name__)  # Create the Flask app

@app.route('/')  # Define the route for the home page
def home():
    return 'Hello, Flask!'

if __name__ == '__main__':
    app.run(debug=True)  # Start the Flask development server


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


✅ 3. Run the App

In the terminal, navigate to the folder containing app.py, and run:

In [None]:
python app.py


You should see output like:

In [None]:
 * Running on http://127.0.0.1:5000/


Open your browser and go to http://127.0.0.1:5000/. You’ll see:


In [None]:
Hello, Flask!


 Summary:

 | Step              | What it Does                                                 |
| ----------------- | ------------------------------------------------------------ |
| `Flask(__name__)` | Initializes the app                                          |
| `@app.route()`    | Maps a URL to a Python function                              |
| `app.run()`       | Starts the server (with `debug=True` for easier development) |


# **6) What are HTTP methods used in RESTful APIs?**

ans- In RESTful APIs, HTTP methods define the type of action you want to perform on a resource (like data or an object). The most commonly used methods are:

🔹 1. GET
Purpose: Retrieve data from the server.

Safe: Yes (does not change data)

Idempotent: Yes (same request gives the same result)

Example: GET /users/1 – Get user with ID 1

🔹 2. POST
Purpose: Create a new resource on the server.

Safe: No

Idempotent: No

Example: POST /users – Create a new user

🔹 3. PUT
Purpose: Update or replace a resource completely.

Safe: No

Idempotent: Yes

Example: PUT /users/1 – Replace user with ID 1

🔹 4. PATCH
Purpose: Partially update a resource.

Safe: No

Idempotent: Yes

Example: PATCH /users/1 – Update part of user with ID 1

🔹 5. DELETE
Purpose: Delete a resource.

Safe: No

Idempotent: Yes

Example: DELETE /users/1 – Delete user with ID 1

Summary Table:

| Method | Action        | Safe | Idempotent | Typical Use                  |
| ------ | ------------- | ---- | ---------- | ---------------------------- |
| GET    | Read          | ✅    | ✅          | Fetch data                   |
| POST   | Create        | ❌    | ❌          | Add new data                 |
| PUT    | Update (all)  | ❌    | ✅          | Replace existing data        |
| PATCH  | Update (part) | ❌    | ✅          | Modify part of existing data |
| DELETE | Delete        | ❌    | ✅          | Remove data                  |



# **7) What is the purpose of the @app.route() decorator in Flask?**

ans- The purpose of the @app.route() decorator in Flask is to bind a URL path to a Python function, known as a view function. When a client (like a web browser) makes a request to that URL, Flask calls the associated function and returns its response.

🔹 How it Works

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return 'Welcome to the homepage!'


In this example:

@app.route('/') tells Flask:

When a user visits the root URL (/), run the home() function.

The return value from home() is sent as the HTTP response.

🔹 Why Use It?

Defines routes: Maps specific URLs to functions.

Makes the app readable: Clearly shows which function handles each URL.

Supports HTTP methods: Can define allowed request types like GET, POST, etc.

In [None]:
@app.route('/submit', methods=['POST'])
def submit():
    return 'Form submitted!'


🔹 Summary:

| Feature               | Explanation                                  |
| --------------------- | -------------------------------------------- |
| Binds URL to function | `@app.route('/path')` connects a URL to code |
| Handles HTTP methods  | Supports `GET`, `POST`, `PUT`, etc.          |
| Makes routing simple  | Easy way to create and manage endpoints      |


# **8) What is the difference between GET and POST HTTP methods?**

ans- The difference between GET and POST HTTP methods lies in how they send data and what they're used for in web applications and RESTful APIs.

🔹 1. GET Method

| Feature             | Description                                              |
| ------------------- | -------------------------------------------------------- |
| **Purpose**         | Retrieve data from the server (read-only)                |
| **Data Location**   | Sent in the **URL** query string (e.g., `?name=John`)    |
| **Visible to user** | ✅ Yes (appears in browser address bar)                   |
| **Safe**            | ✅ Yes (does not modify server data)                      |
| **Idempotent**      | ✅ Yes (multiple identical requests have the same effect) |
| **Size Limit**      | Limited (due to URL length constraints)                  |
| **Caching**         | Often cached by browsers                                 |


In [None]:
GET /search?query=flask


🔹 2. POST Method

Feature	Description
Purpose	Submit data to the server (e.g., create or update a resource)
Data Location	Sent in the request body, not visible in the URL
Visible to user	❌ No
Safe	❌ No (can change server state)
Idempotent	❌ No (multiple submissions may have side effects)
Size Limit	Larger than GET (no URL size limit)
Caching	Not cached by default

Example:




In [None]:
POST /submit
Body: { "name": "John", "email": "john@example.com" }


🔸 Summary Table:

| Feature            | GET                    | POST                      |
| ------------------ | ---------------------- | ------------------------- |
| **Used for**       | Retrieving data        | Sending or modifying data |
| **Data sent via**  | URL (query parameters) | Request body              |
| **Visible in URL** | ✅ Yes                  | ❌ No                      |
| **Affects server** | ❌ No                   | ✅ Yes                     |
| **Idempotent**     | ✅ Yes                  | ❌ No                      |
| **Cacheable**      | ✅ Yes                  | ❌ No                      |


# **9) How do you handle errors in Flask APIs?**

ans- Handling errors properly in a Flask API is crucial for building robust and user-friendly applications. Here's how you can handle errors in Flask:

1. Use Flask’s @app.errorhandler Decorator

Flask allows you to register error handlers for specific HTTP status codes or exceptions.

Example:

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.errorhandler(404)
def not_found_error(error):
    return jsonify({'error': 'Not found'}), 404

@app.errorhandler(500)
def internal_error(error):
    return jsonify({'error': 'Internal server error'}), 500


2. Handle Custom Exceptions

You can define custom exceptions and handle them in a structured way.

Example:

In [None]:
class InvalidUsage(Exception):
    status_code = 400

    def __init__(self, message, status_code=None, payload=None):
        super().__init__()
        self.message = message
        if status_code is not None:
            self.status_code = status_code
        self.payload = payload

    def to_dict(self):
        rv = dict(self.payload or ())
        rv['error'] = self.message
        return rv

@app.errorhandler(InvalidUsage)
def handle_invalid_usage(error):
    response = jsonify(error.to_dict())
    response.status_code = error.status_code
    return response


3. Validate Input Using request and Return Errors

Check user input and return a clear error if something is wrong.

In [None]:
from flask import request

@app.route('/add', methods=['POST'])
def add():
    data = request.get_json()
    if not data or 'a' not in data or 'b' not in data:
        return jsonify({'error': 'Missing required parameters'}), 400
    return jsonify({'result': data['a'] + data['b']})


4. Use abort() for Simple Errors

In [None]:
from flask import abort

@app.route('/restricted')
def restricted():
    abort(403)  # Forbidden



5. Logging Errors

Always log errors for debugging and monitoring.

In [None]:
import logging

logging.basicConfig(level=logging.ERROR)

@app.errorhandler(Exception)
def handle_exception(e):
    app.logger.error(f"Unhandled Exception: {str(e)}")
    return jsonify({'error': 'Something went wrong'}), 500


Summary:

| Technique                       | Use Case                              |
| ------------------------------- | ------------------------------------- |
| `@app.errorhandler`             | Handle specific HTTP or custom errors |
| Custom exception classes        | Structured, reusable error handling   |
| Input validation with `request` | Check request body and parameters     |
| `abort()`                       | Quick way to return error responses   |
| Logging                         | Debugging and production monitoring   |


# **10) How do you connect Flask to a SQL database?**

ans- To connect Flask to a SQL database, you typically use an ORM (Object Relational Mapper) like SQLAlchemy, or a lightweight connector for raw SQL queries. Here's how you can do it using Flask-SQLAlchemy, the most common and powerful approach.

✅ 1. Install Required Packages

In [None]:
pip install flask flask-sqlalchemy


If you're using PostgreSQL or MySQL, you'll also need:

PostgreSQL: pip install psycopg2-binary

MySQL: pip install pymysql

✅ 2. Basic Configuration with Flask-SQLAlchemy

In [None]:
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)

# Example for SQLite
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db'

# Example for PostgreSQL
# app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://user:password@localhost/dbname'

# Example for MySQL
# app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://user:password@localhost/dbname'

app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

db = SQLAlchemy(app)


ModuleNotFoundError: No module named 'flask_sqlalchemy'

✅ 3. Define Models

In [None]:
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)

    def __repr__(self):
        return f'<User {self.username}>'


✅ 4. Create the Tables

You can initialize the database with:

In [None]:
with app.app_context():
    db.create_all()


✅ 5. Interact with the Database

Add a record:

In [None]:
new_user = User(username='john', email='john@example.com')
db.session.add(new_user)
db.session.commit()


Query records:

In [None]:
users = User.query.all()
user = User.query.filter_by(username='john').first()


Update:

In [None]:
user.email = 'newemail@example.com'
db.session.commit()


Delete:

In [None]:
db.session.delete(user)
db.session.commit()


✅ 6. Structuring Larger Projects

For larger apps, consider using the application factory pattern and separate config files, e.g., config.py, models.py, routes.py.



✅ Summary:

| Task                | Tool / Code Example                          |
| ------------------- | -------------------------------------------- |
| Install             | `pip install flask flask-sqlalchemy`         |
| Setup               | `app.config['SQLALCHEMY_DATABASE_URI']`      |
| Define models       | `class User(db.Model): ...`                  |
| Create tables       | `db.create_all()`                            |
| Insert/query/update | `db.session.add()`, `User.query.filter_by()` |


# **11) What is the role of Flask-SQLAlchemy?**

ans- The role of Flask-SQLAlchemy is to simplify the integration of SQLAlchemy (a powerful SQL toolkit and ORM) into Flask applications. It provides a more Flask-friendly interface for database operations, while still giving you access to the full power of SQLAlchemy.

✅ Key Roles of Flask-SQLAlchemy
1. Database Configuration and Connection
Flask-SQLAlchemy makes it easy to connect your Flask app to a SQL database by managing the SQLAlchemy engine and session for you.

In [None]:
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db'
db = SQLAlchemy(app)


2. Model Definition

It provides a db.Model base class that you use to define your database tables (ORM models).

In [None]:
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(50))


This lets you work with database rows as Python objects.

3. Query Interface

Flask-SQLAlchemy gives you an easy way to run queries using the ORM.

In [None]:
User.query.all()
User.query.filter_by(name="John").first()


4. Session Management

It manages the database session lifecycle for you:

Starts a session automatically

Commits transactions

Rolls back on exceptions

Closes sessions when requests end

5. Migration Compatibility

It works well with Flask-Migrate, a wrapper for Alembic, allowing you to version control your database schem

In [None]:
pip install flask-migrate


✅ Benefits Over Plain SQLAlchemy

| Feature                  | Plain SQLAlchemy | Flask-SQLAlchemy           |
| ------------------------ | ---------------- | -------------------------- |
| Flask integration        | Manual           | Built-in                   |
| Session management       | Manual           | Automatic                  |
| App context awareness    | None             | Yes                        |
| Model declaration        | Standard         | Simplified with `db.Model` |
| Works with Flask-Migrate | Manual setup     | Seamless                   |


✅ Summary:

Flask-SQLAlchemy is a bridge between Flask and SQLAlchemy. It simplifies:

Database configuration

ORM model creation

Querying and session handling

Integration with Flask extensions like Flask-Migrate



# **12) What are Flask blueprints, and how are they useful?**

ans- The role of Flask-SQLAlchemy is to simplify the integration of SQLAlchemy (a powerful SQL toolkit and ORM) into Flask applications. It provides a more Flask-friendly interface for database operations, while still giving you access to the full power of SQLAlchemy.

✅ Key Roles of Flask-SQLAlchemy

1. Database Configuration and Connection
Flask-SQLAlchemy makes it easy to connect your Flask app to a SQL database by managing the SQLAlchemy engine and session for you.

In [None]:
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db'
db = SQLAlchemy(app)


2. Model Definition

It provides a db.Model base class that you use to define your database tables (ORM models).

In [None]:
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(50))


This lets you work with database rows as Python objects.

3. Query Interface

Flask-SQLAlchemy gives you an easy way to run queries using the ORM.

In [None]:
User.query.all()
User.query.filter_by(name="John").first()


You can also write raw SQL if needed.

4. Session Management

It manages the database session lifecycle for you:

Starts a session automatically

Commits transactions

Rolls back on exceptions

Closes sessions when requests end

5. Migration Compatibility

It works well with Flask-Migrate, a wrapper for Alembic, allowing you to version control your database schema.

In [None]:
pip install flask-migrate


✅ Benefits Over Plain SQLAlchemy

| Feature                  | Plain SQLAlchemy | Flask-SQLAlchemy           |
| ------------------------ | ---------------- | -------------------------- |
| Flask integration        | Manual           | Built-in                   |
| Session management       | Manual           | Automatic                  |
| App context awareness    | None             | Yes                        |
| Model declaration        | Standard         | Simplified with `db.Model` |
| Works with Flask-Migrate | Manual setup     | Seamless                   |


✅ Summary:

Flask-SQLAlchemy is a bridge between Flask and SQLAlchemy. It simplifies:

Database configuration

ORM model creation

Querying and session handling

Integration with Flask extensions like Flask-Migrate

# **13) What is the purpose of Flask's request object?**

ans- ChatGPT said:

The purpose of Flask's request object is to give you access to all the data sent by the client in an HTTP request—such as form data, query parameters, JSON payloads, headers, cookies, and more.

It’s provided by Flask as a global proxy (like a thread-safe global object) that you can use in your route functions to handle incoming data.

✅ Common Uses of request
1. Accessing Query Parameters (GET)

In [None]:
from flask import request

@app.route('/search')
def search():
    query = request.args.get('q')  # e.g., /search?q=books
    return f'Searching for: {query}'


2. Accessing Form Data (POST)

In [None]:
@app.route('/submit', methods=['POST'])
def submit():
    name = request.form.get('name')  # For form-urlencoded data
    return f'Hello, {name}!'


3. Accessing JSON Data

In [None]:
@app.route('/api/data', methods=['POST'])
def get_json():
    data = request.get_json()
    return {'received': data}


4. Accessing Request Headers

In [None]:
@app.route('/headers')
def headers():
    user_agent = request.headers.get('User-Agent')
    return f'Your User-Agent is {user_agent}'


5. Accessing Cookies

In [None]:
@app.route('/cookies')
def cookies():
    token = request.cookies.get('session_token')
    return f'Session token: {token}'


In [None]:
✅ Other Useful Attributes

| Attribute             | Description                             |
| --------------------- | --------------------------------------- |
| `request.method`      | HTTP method (GET, POST, etc.)           |
| `request.path`        | Path of the URL (`/api/data`)           |
| `request.url`         | Full URL including query string         |
| `request.files`       | Uploaded files (e.g., from file inputs) |
| `request.remote_addr` | IP address of the client                |
| `request.is_json`     | Checks if request has JSON content      |



✅ Summary

| Purpose of `request`          | Description                                          |
| ----------------------------- | ---------------------------------------------------- |
| Handle incoming data          | Query strings, form data, JSON, files, headers, etc. |
| Context-aware and thread-safe | Flask ensures it's safe to use in each request       |
| Central to API and web dev    | Needed to process and respond based on client input  |


# ** 14) How do you create a RESTful API endpoint using Flask?**

ans- Creating a RESTful API endpoint using Flask involves defining routes that handle HTTP methods like GET, POST, PUT, and DELETE, and returning JSON responses. Here's a step-by-step guide with a working example:

✅ 1. Install Flask

In [None]:
pip install flask


✅ 2. Basic API Example

Here’s how you create a simple REST API for managing a list of users.




In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

# Sample data
users = [
    {"id": 1, "name": "Alice"},
    {"id": 2, "name": "Bob"}
]

# GET all users
@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users), 200

# GET single user by ID
@app.route('/users/<int:user_id>', methods=['GET'])
def get_user(user_id):
    user = next((u for u in users if u["id"] == user_id), None)
    if user:
        return jsonify(user), 200
    return jsonify({"error": "User not found"}), 404

# POST - Create new user
@app.route('/users', methods=['POST'])
def create_user():
    data = request.get_json()
    if not data or 'name' not in data:
        return jsonify({"error": "Missing name"}), 400
    new_user = {"id": users[-1]["id"] + 1 if users else 1, "name": data['name']}
    users.append(new_user)
    return jsonify(new_user), 201

# PUT - Update user
@app.route('/users/<int:user_id>', methods=['PUT'])
def update_user(user_id):
    user = next((u for u in users if u["id"] == user_id), None)
    if not user:
        return jsonify({"error": "User not found"}), 404
    data = request.get_json()
    user['name'] = data.get('name', user['name'])
    return jsonify(user), 200

# DELETE - Remove user
@app.route('/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
    global users
    users = [u for u in users if u["id"] != user_id]
    return jsonify({"message": "User deleted"}), 200

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


✅ 3. Test the API

You can test your API using tools like:

Postman

curl

A browser (for GET requests)

✅ Summary of HTTP Methods:

| Method   | Action      | Route Example        |
| -------- | ----------- | -------------------- |
| `GET`    | Read data   | `/users`, `/users/1` |
| `POST`   | Create data | `/users`             |
| `PUT`    | Update data | `/users/1`           |
| `DELETE` | Delete data | `/users/1`           |


# **15) What is the purpose of Flask's jsonify() function?**

ans- The purpose of Flask’s jsonify() function is to convert Python data structures (like dictionaries and lists) into a JSON-formatted HTTP response.

It ensures that:

The data is serialized to valid JSON

The response has the correct MIME type (application/json)

The response is safely returned to the client

✅ Why Use jsonify() Instead of json.dumps()?

| Feature                       | `json.dumps()`    | `jsonify()`            |
| ----------------------------- | ----------------- | ---------------------- |
| Converts to JSON              | ✅                 | ✅                      |
| Sets content-type header      | ❌                 | ✅ (`application/json`) |
| Returns Flask response        | ❌ (just a string) | ✅ (`Response` object)  |
| Handles Unicode/special types | ❌ Manual handling | ✅ Built-in support     |

✅ Example: Using jsonify() in an API



In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/user')
def get_user():
    user = {"id": 1, "name": "Alice"}
    return jsonify(user)


This returns:

In [None]:
HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "name": "Alice"
}


✅ Supported Types
jsonify() works with:

Dictionaries

Lists/tuples

Nested structures

None (converted to null)

Booleans and numbers

✅ Summary

| Purpose                     | Description                                         |
| --------------------------- | --------------------------------------------------- |
| Convert Python to JSON      | Automatically serializes Python objects             |
| Return proper HTTP response | Returns a Flask `Response` object                   |
| Set correct headers         | Automatically sets `Content-Type: application/json` |


# **16) Explain Flask’s url_for() function?**

ans- The purpose of Flask’s url_for() function is to dynamically build URLs for routes using the function name, instead of hardcoding URL paths.

This makes your application:

More maintainable (you can change route paths in one place)

Less error-prone (no broken links from typos)

Flexible (URLs adjust automatically if route structure changes)

✅ Basic Usage

In [None]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/profile/<username>')
def profile(username):
    return f"Profile page of {username}"

@app.route('/')
def index():
    return f"Go to user: {url_for('profile', username='alice')}"


url_for('profile', username='alice') returns /profile/alice

You use the function name, not the URL string

✅ Benefits:

| Feature                | Benefit                                     |
| ---------------------- | ------------------------------------------- |
| Route independence     | Avoid hardcoding URLs like `"/profile/xyz"` |
| Auto-updates           | URLs update if the route changes            |
| Reverse routing        | Turn route names + params into full URLs    |
| Supports query strings | Add query args: `url_for('home', page=2)`   |

✅ With Query Parameters


In [None]:
url_for('search', q='flask', page=2)
# Outputs: /search?q=flask&page=2


✅ Common Use in Templates:






In [None]:
<a href="{{ url_for('login') }}">Login</a>


In Jinja templates, this dynamically generates a valid link to the login route.

✅ Summary:

| Function    | Purpose                                      |
| ----------- | -------------------------------------------- |
| `url_for()` | Generate a URL from a route’s function name  |
| Input       | Route function name + optional parameters    |
| Output      | Full path like `/user/john` or `/search?q=a` |


# **17) How does Flask handle static files (CSS, JavaScript, etc.)?**

ans- Flask handles static files (like CSS, JavaScript, and images) by serving them from a special folder named **static** by default. This allows you to easily include client-side assets in your web pages.

✅ 1. Default Static Folder Structure

In [None]:
your_project/
│
├── app.py
├── static/
│   ├── style.css
│   └── script.js
├── templates/
│   └── index.html


✅ 2. Accessing Static Files in HTML Templates
Use the url_for('static', filename='...') helper inside templates:

In [None]:
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
<script src="{{ url_for('static', filename='script.js') }}"></script>


Flask will generate the correct path:

In [None]:
/static/style.css
/static/script.js


✅ 3. Serving Static Files Behind the Scenes
Flask automatically sets up a static file route:

In [None]:
@app.route('/static/<path:filename>')
def static_file(filename):
    return send_from_directory(app.static_folder, filename)


You don't usually write this yourself—Flask handles it for you.

✅ 4. Customizing the Static Folder

In [None]:
app = Flask(__name__, static_folder='assets', static_url_path='/files')


Now:

Files go in the assets/ folder

Access them via /files/...

✅ 5. Static File Use Cases


| File Type      | Use For                   |
| -------------- | ------------------------- |
| `.css`         | Styling HTML pages        |
| `.js`          | Client-side interactivity |
| `.png`, `.jpg` | Images and logos          |
| `.svg`, `.ico` | Icons and favicons        |

✅ Summary:

| Feature           | Description                                          |
| ----------------- | ---------------------------------------------------- |
| Folder name       | `static/` (by default)                               |
| Template helper   | `url_for('static', filename='...')`                  |
| File access URL   | `/static/filename.ext`                               |
| Custom folder/url | `Flask(..., static_folder=..., static_url_path=...)` |


# **18)What is an API specification, and how does it help in building a Flask AP?**

ans- An API specification is a detailed, structured description of how an API (Application Programming Interface) behaves and how clients can interact with it. It defines:

Endpoints (URLs)

HTTP methods (GET, POST, PUT, DELETE, etc.)

Request parameters (path, query, body, headers)

Response formats (status codes, response bodies)

Authentication methods

Data schemas (typically in JSON or XML)

Common formats for API specifications include:

OpenAPI (formerly Swagger) – widely used for REST APIs

RAML

API Blueprint

How It Helps in Building a Flask API
When you're building an API using Flask, having an API specification helps in several key ways:

✅ Clarity and Planning

Acts as a blueprint: helps you plan the structure before writing code.

Ensures you and your team know what endpoints need to be implemented and how they should behave.

✅ Automatic Documentation

Tools like Swagger UI or Redoc can auto-generate interactive documentation from OpenAPI specs.

Great for frontend developers and third-party users to understand and test your API.

✅ Validation

You can use libraries like flask-smorest or flask-apispec to:

Automatically validate input and output data against the schema.

Return useful error messages when the request doesn’t match the spec.

✅ Mocking and Testing

Tools like Postman or SwaggerHub can mock your API based on the spec before it's even built.

Enables parallel work: frontend teams can start building against the mock API while backend development is ongoing.

✅ Consistency and Maintainability

A spec ensures all endpoints follow consistent rules for inputs, outputs, and error formats.

Easier to maintain and update the API as it grows.

Example Workflow with Flask and OpenAPI
Write the spec (OpenAPI YAML or JSON).

Use a Flask extension like:

flask-smorest

apispec

flask-restx

Define your endpoints in Flask and link them to the spec.

Use tools to validate, document, and test the API automatically.



# **19) What are HTTP status codes, and why are they important in a Flask AP?**

ans- HTTP status codes are standardized three-digit numbers returned by a server in response to a client's HTTP request. They indicate the result of the request—whether it was successful, caused an error, or needs further action.

Categories of HTTP Status Codes:

| Code Range | Category      | Meaning                          |
| ---------- | ------------- | -------------------------------- |
| 1xx        | Informational | Request received, continuing     |
| 2xx        | Success       | Request was successful           |
| 3xx        | Redirection   | Further action is needed         |
| 4xx        | Client Error  | Request has issues (bad input)   |
| 5xx        | Server Error  | Server failed to fulfill request |

Common Status Codes in Flask APIs:

| Code | Meaning               | When to Use in Flask              |
| ---- | --------------------- | --------------------------------- |
| 200  | OK                    | Successful GET or general success |
| 201  | Created               | After creating a resource (POST)  |
| 204  | No Content            | Success, but no response body     |
| 400  | Bad Request           | Invalid input from client         |
| 401  | Unauthorized          | Missing/invalid authentication    |
| 403  | Forbidden             | Authenticated but not allowed     |
| 404  | Not Found             | Resource doesn't exist            |
| 409  | Conflict              | Duplicate resource or conflict    |
| 500  | Internal Server Error | Unhandled server-side error       |

✅ Why Status Codes Matter in a Flask API:

Clear Communication: They tell clients exactly what happened.

Was the data saved?

Did the client send bad data?

Is the server broken?

Better Error Handling: Clients (apps, browsers, mobile devices) can react appropriately.

Show error messages

Retry requests

Redirect users

Debugging and Logging: Easier to troubleshoot issues when logs include proper codes.

RESTful Standards: Following status code conventions keeps your API consistent and predictable.

🧪 Example in Flask:

In [1]:
from flask import Flask, jsonify, request

app = Flask(__name__)

@app.route('/items/<int:item_id>', methods=['GET'])
def get_item(item_id):
    items = {1: 'Book', 2: 'Pen'}
    item = items.get(item_id)
    if item:
        return jsonify({"id": item_id, "name": item}), 200
    else:
        return jsonify({"error": "Item not found"}), 404


This example:

Returns 200 OK with item details if found

Returns 404 Not Found if the item doesn't exist

# **20) How do you handle POST requests in Flask?**

ans- ChatGPT said:
In Flask, you handle POST requests using route decorators with the methods=['POST'] argument. A POST request typically means the client is sending data to the server—usually to create or submit something (like a form or a new resource).

🔧 Basic Structure for Handling POST in Flask:

In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit_data():
    data = request.get_json()  # Get JSON data from request body
    name = data.get('name')
    age = data.get('age')

    # Do something with the data (e.g., store in DB)

    return jsonify({"message": "Data received", "name": name, "age": age}), 201


Basic Structure for Handling POST in Flask:

In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit_data():
    data = request.get_json()  # Get JSON data from request body
    name = data.get('name')
    age = data.get('age')

    # Do something with the data (e.g., store in DB)

    return jsonify({"message": "Data received", "name": name, "age": age}), 201


📦 How to Send Data to a POST Endpoint
JSON (most common for APIs)

Form data (from HTML forms)

✅ JSON Example (from a client):

In [None]:
{
  "name": "Alice",
  "age": 30
}


Flask Code to Handle It:

In [None]:
data = request.get_json()


 Example: Handling Form Data (HTML form submission)

In [None]:
@app.route('/form-submit', methods=['POST'])
def handle_form():
    name = request.form.get('name')
    email = request.form.get('email')
    return f"Received form for {name} with email {email}"


🛡️ Optional: Input Validation
Before using the data, validate it:

In [None]:
if not name or not isinstance(age, int):
    return jsonify({"error": "Invalid input"}), 400


 Full Example (JSON API):

In [2]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/users', methods=['POST'])
def create_user():
    data = request.get_json()
    if not data or 'name' not in data:
        return jsonify({"error": "Name is required"}), 400

    user = {
        "id": 1,
        "name": data['name']
    }
    return jsonify(user), 201  # 201 Created


Testing It with curl or Postman:
curl:

In [None]:
curl -X POST http://localhost:5000/users \
     -H "Content-Type: application/json" \
     -d '{"name": "Alice"}'


# **21) How would you secure a Flask AP?**

ansSecuring a Flask API involves several layers of protection to guard against unauthorized access, data breaches, and common web attacks. Here's a breakdown of essential techniques to secure your Flask API:

🔐 1. Use Authentication & Authorization
✅ Token-Based Authentication
Use JWT (JSON Web Tokens) or OAuth2 tokens to authenticate users.

Popular libraries: Flask-JWT-Extended, Authlib-

In [None]:
from flask_jwt_extended import JWTManager, jwt_required

app.config["JWT_SECRET_KEY"] = "super-secret-key"
jwt = JWTManager(app)

@app.route('/protected', methods=['GET'])
@jwt_required()
def protected():
    return jsonify(message="Access granted")


✅ API Keys (for simpler use cases)
Require clients to send a key in the header or query params.

Validate key before granting access.

🛡️ 2. Validate Input to Prevent Injection Attacks
✅ Use Strong Input Validation
Avoid trusting client input directly.

Use libraries like marshmallow or pydantic to validate and sanitize input.

In [None]:
from marshmallow import Schema, fields

class UserSchema(Schema):
    name = fields.String(required=True)
    age = fields.Integer(strict=True)


🌐 3. Use HTTPS
Always run your API over HTTPS in production to encrypt traffic.

Use a reverse proxy like Nginx with a Let's Encrypt SSL certificate.

🛡️ 4. Protect Against CSRF and CORS (if applicable)
✅ CSRF Protection
If your API is used by browsers (e.g., with cookies), use CSRF tokens via Flask-WTF.

✅ CORS (Cross-Origin Resource Sharing)
Use flask-cors to restrict which domains can access your API.

In [None]:
from flask_cors import CORS
CORS(app, resources={r"/api/*": {"origins": ["https://yourfrontend.com"]}})


🔒 5. Rate Limiting
Prevent abuse and brute-force attacks using Flask-Limiter:

In [None]:
from flask_limiter import Limiter
limiter = Limiter(app, default_limits=["100 per hour"])


🧱 6. Avoid Exposing Sensitive Info
Never expose raw error messages or stack traces in production.

Disable debug mode:

In [None]:
if __name__ == "__main__":
    app.run(debug=False)



🧰 7. Use Secure Headers
Set HTTP security headers to prevent common attacks:

In [None]:
@app.after_request
def set_security_headers(response):
    response.headers["X-Content-Type-Options"] = "nosniff"
    response.headers["X-Frame-Options"] = "DENY"
    response.headers["Content-Security-Policy"] = "default-src 'self'"
    return response


8. Keep Dependencies Updated
Regularly audit packages with tools like pip-audit.

Use requirements.txt to pin versions and avoid vulnerable updates.

Want to See a Real Example?
I can show you a secure Flask API starter template with:

JWT auth

CORS

Rate limiting

Input validation

# **22)What is the significance of the Flask-RESTful extension?**

ans- The Flask-RESTful extension is a powerful tool that simplifies the process of building RESTful APIs with Flask. It adds structure, consistency, and useful features on top of Flask’s basic routing system, making it easier to develop APIs that follow REST principles.

✅ Significance of Flask-RESTful
1. 🧱 Organized Resource-Based Routing
Flask-RESTful introduces the concept of resources—classes that map to endpoints. Instead of writing logic in function-based views, you define class-based views:

In [None]:
from flask_restful import Resource

class Hello(Resource):
    def get(self):
        return {"message": "Hello, World!"}


This approach:

Groups related logic (e.g., get, post, put, delete) into one place

Follows REST principles by treating each URL as a resource

2. ⚙️ Automatic Request Parsing and Validation
Using reqparse, you can easily extract and validate incoming request data:

In [None]:
from flask_restful import reqparse

parser = reqparse.RequestParser()
parser.add_argument('name', type=str, required=True)

args = parser.parse_args()


This avoids writing repetitive input validation code.

3. 🔁 Standardized HTTP Response Handling
Flask-RESTful makes it easy to return consistent HTTP responses with status codes:




In [None]:
return {"message": "Created"}, 201


You can also handle common errors centrally using custom error handlers.

4. 🧩 Integration with Flask’s Ecosystem
Works well with extensions like Flask-JWT, SQLAlchemy, Marshmallow

You can use Flask-RESTful alongside Flask's default routes

5. 📄 Helps Create Clean, Scalable APIs
Makes large APIs easier to manage and scale

Encourages good design by mapping endpoints to resources (e.g., /users, /posts/<id>)

📦 Basic Example:



In [None]:
from flask import Flask
from flask_restful import Api, Resource

app = Flask(__name__)
api = Api(app)

class Hello(Resource):
    def get(self):
        return {"message": "Hello from Flask-RESTful"}

api.add_resource(Hello, '/hello')

if __name__ == '__main__':
    app.run(debug=True)


When Should You Use Flask-RESTful?

| Use It If...                        | Maybe Skip It If...                            |
| ----------------------------------- | ---------------------------------------------- |
| You want clean REST-style endpoints | Your app is very small or simple               |
| You prefer class-based design       | You prefer function-based routes               |
| You're building a large API         | You're using another framework (e.g., FastAPI) |


# **23)What is the role of Flask’s session object?**

The session object in Flask is used to store data about a user across multiple requests—in other words, it allows for server-side sessions in web applications.

It plays a key role in maintaining state in an otherwise stateless HTTP environment.

🔑 Key Roles of session in Flask
1. ✅ User Login State
You can store user-specific data like login status, user ID, or preferences:

In [None]:
from flask import session

session['user_id'] = 42


This makes it easy to:

Keep users logged in across pages

Access user-specific data during requests

2. 🧠 Temporary Storage Between Requests
It can store data like:

Form inputs

Flash messages

Shopping cart items




In [None]:
session['cart'] = ['item1', 'item2']


3. 🔐 Client-Side Storage with Security
Flask stores session data client-side in a secure cookie using a secret key.

Data is signed (so the client can’t tamper with it)

You should never store sensitive data (like passwords) in session

In [None]:
app.secret_key = 'your-very-secret-key'  # Required for signing session cookies


⚙️ How It Works Internally
Flask serializes the session object into a signed cookie

On the next request, Flask decrypts and verifies the cookie, loading session data

🧹 Clearing the Session
To log a user out or reset session state:

In [None]:
session.clear()


🧪 Example: Login Tracking

In [None]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'secret'

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    session['username'] = username
    return redirect(url_for('profile'))

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Welcome {session['username']}"
    return "Please log in"

@app.route('/logout')
def logout():
    session.clear()
    return "Logged out"


⚠️ Tips and Cautions
Don’t store large amounts of data in the session

Never store passwords or sensitive info

Always use HTTPS in production to protect cookies

# **PRACTICAL**

# **1)How do you create a basic Flask application?**

ANS- Creating a basic Flask application is simple and quick. Flask is a micro web framework, meaning it lets you build web applications with minimal setup.

✅ Step-by-Step: Create a Basic Flask App
🔧 1. Install Flask
If you haven’t installed Flask yet, use pip:

In [None]:
pip install flask


📁 2. Create Your Flask App File
Let’s create a file named app.py:

In [None]:
# app.py
from flask import Flask

app = Flask(__name__)  # Create the Flask app

@app.route('/')         # Define the root route
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)  # Run the app in debug mode


3. Run the Flask App
In your terminal, run:




In [None]:
python app.py


Or if you want to use Flask’s CLI:

In [None]:
export FLASK_APP=app.py     # On Windows: set FLASK_APP=app.py
export FLASK_ENV=development
flask run


You’ll see something like:

In [None]:
 * Running on http://127.0.0.1:5000/


Open your browser and go to http://127.0.0.1:5000/

You’ll see:
Hello, Flask!

🧪 Add Another Route (Example)

In [None]:
@app.route('/about')
def about():
    return "This is the about page"


Now visiting http://127.0.0.1:5000/about will show the new message.

🗂 Bonus: Simple Project Structure

In [None]:
/flask_app/
│
├── app.py
├── templates/          ← for HTML files
│   └── index.html
├── static/             ← for CSS, JS, images
│   └── style.css


You can then render HTML with:



In [None]:
from flask import render_template

@app.route('/')
def home():
    return render_template('index.html')


# **2)How do you serve static files like images or CSS in Flask?**

ANS- In Flask, serving static files like images, CSS, and JavaScript is simple because Flask has built-in support for it.

🗂️ 1. Default Folder Structure for Static Files
Flask looks for static files in a folder named static by default:

In [None]:
your_app/
├── app.py
├── static/
│   ├── style.css
│   └── logo.png
└── templates/
    └── index.html


 2. Accessing Static Files in HTML Templates
Use the url_for('static', filename='...') function to link to static files:


In [None]:
<!-- templates/index.html -->
<!DOCTYPE html>
<html>
<head>
    <title>My Page</title>
    <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
</head>
<body>
    <img src="{{ url_for('static', filename='logo.png') }}" alt="Logo">
    <h1>Hello Flask with CSS!</h1>
</body>
</html>


🚀 3. Serving Automatically
When you run your Flask app with:




In [None]:
flask run


Flask will automatically serve files from the static/ directory at /static/ in the URL.

So:

/static/style.css → loads static/style.css

/static/logo.png → loads static/logo.png

 4. Custom Static Folder (Optional)
If you want to use a custom folder for static files:

In [None]:
app = Flask(__name__, static_folder='assets')


Then access files at /static/filename, but it will serve from the assets/ directory.

 Summary:

 | You Want To...           | Do This                                                           |
| ------------------------ | ----------------------------------------------------------------- |
| Add CSS to a page        | Use `<link href="{{ url_for('static', filename='style.css') }}">` |
| Display an image         | Use `<img src="{{ url_for('static', filename='logo.png') }}">`    |
| Serve from custom folder | Set `static_folder` in `Flask()` constructor                      |



# **3)How do you define different routes with different HTTP methods in Flask?**

ANS- In Flask, you can define different routes and specify which HTTP methods (like GET, POST, PUT, DELETE) each route should respond to using the @app.route() decorator with the methods argument.

✅ Basic Example: GET and POST on the Same Route

In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def handle_form():
    if request.method == 'POST':
        data = request.form.get('name')
        return f"Hello, {data}!"
    return '''
        <form method="post">
            <input name="name">
            <input type="submit">
        </form>
    '''


GET: Shows the form

POST: Processes submitted data

📌 Separate Functions for Different Methods (Optional Style)
You can also define different endpoints for different methods if you prefer to keep logic separate:

In [None]:
@app.route('/data', methods=['GET'])
def get_data():
    return "This is a GET request"

@app.route('/data', methods=['POST'])
def post_data():
    return "This is a POST request"


 Handling Other HTTP Methods
Flask supports all common methods:

GET: retrieve data

POST: create new data

PUT: update data

DELETE: delete data

In [None]:
@app.route('/item/<int:item_id>', methods=['GET', 'PUT', 'DELETE'])
def item_handler(item_id):
    if request.method == 'GET':
        return f"Fetching item {item_id}"
    elif request.method == 'PUT':
        return f"Updating item {item_id}"
    elif request.method == 'DELETE':
        return f"Deleting item {item_id}"


Optional: Using Method-Specific Decorators (with Flask-RESTful or MethodViews)
With MethodView or Flask-RESTful, you can group HTTP methods into a class:




In [None]:
from flask.views import MethodView

class UserAPI(MethodView):
    def get(self):
        return "GET user"

    def post(self):
        return "POST user"

app.add_url_rule('/user', view_func=UserAPI.as_view('user_api'))


Summary:

| HTTP Method | Purpose       | How to Handle in Flask                     |
| ----------- | ------------- | ------------------------------------------ |
| GET         | Retrieve data | `methods=['GET']`                          |
| POST        | Submit data   | `methods=['POST']`                         |
| PUT         | Update data   | `methods=['PUT']`                          |
| DELETE      | Remove data   | `methods=['DELETE']`                       |
| Multiple    | Combo route   | `methods=['GET', 'POST', 'PUT', 'DELETE']` |


# **4)How do you render HTML templates in Flask?**

In Flask, rendering HTML templates is done using the render_template() function, which uses Jinja2, Flask’s built-in templating engine.

✅ Step-by-Step: Rendering HTML Templates
📁 1. Folder Structure
Flask expects HTML templates to be inside a folder named templates:

In [None]:
your_app/
├── app.py
├── templates/
│   ├── index.html
│   └── about.html


 2. Basic Flask App with Template Rendering

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

@app.route('/about')
def about():
    return render_template('about.html')


 3. Example index.html Template

In [None]:
<!-- templates/index.html -->
<!DOCTYPE html>
<html>
<head>
    <title>Home</title>
</head>
<body>
    <h1>Welcome to Flask!</h1>
    <p>This is the home page.</p>
</body>
</html>


4. Passing Data to Templates
You can pass variables into the template context:




In [None]:
@app.route('/user/<name>')
def user(name):
    return render_template('user.html', username=name)


In [None]:
<!-- templates/user.html -->
<h1>Hello, {{ username }}!</h1>


 5. Using Template Inheritance (Optional, Recommended)
base.html:



In [None]:
<!DOCTYPE html>
<html>
<head>
    <title>{% block title %}My App{% endblock %}</title>
</head>
<body>
    <div class="content">
        {% block content %}{% endblock %}
    </div>
</body>
</html>


child template:

In [None]:
{% extends "base.html" %}

{% block title %}Home{% endblock %}
{% block content %}
    <h1>Welcome Home!</h1>
{% endblock %}


Summary:

| Task                       | Flask Code                                   |
| -------------------------- | -------------------------------------------- |
| Render `index.html`        | `render_template('index.html')`              |
| Pass variables to template | `render_template('page.html', name='Alice')` |
| Use template inheritance   | Use `{% extends %}` and `{% block %}`        |


# ** 5)How can you generate URLs for routes in Flask using url_for?**

ANS- In Flask, you use the function url_for() to dynamically generate URLs for your routes. This is very helpful because it avoids hardcoding URLs in your code or templates, making your app more maintainable and flexible.

 How url_for() Works
Takes the name of the view function (not the URL path)

Accepts optional arguments for variable parts of the URL or query parameters

Returns the full URL path based on your route definitions

 Basic Usage
Suppose you have this route:

In [None]:
@app.route('/user/<username>')
def profile(username):
    return f"User: {username}"


You generate its URL like this:




In [None]:
from flask import url_for

url_for('profile', username='alice')
# Output: '/user/alice'


Example in Python Code

In [None]:
@app.route('/go-to-profile')
def go_to_profile():
    return redirect(url_for('profile', username='alice'))


sing url_for in Templates
Inside a Jinja2 template, you can use:

In [None]:
<a href="{{ url_for('profile', username='alice') }}">Alice's Profile</a>


Generating URLs for Static Files
You can also generate URLs for static files:

In [None]:
url_for('static', filename='style.css')


In templates:

In [None]:
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">


Summary:

| Use Case                  | Example                                 | Output            |
| ------------------------- | --------------------------------------- | ----------------- |
| Route with variable parts | `url_for('profile', username='bob')`    | `/user/bob`       |
| Static file URL           | `url_for('static', filename='img.png')` | `/static/img.png` |


# **6)How do you handle forms in Flask?**

ANS-Handling forms in Flask involves receiving user input through HTTP requests (usually POST), validating that input, and then processing it. Here’s a simple guide on how to do this:

1. Basic Form Handling
a) HTML form example


In [None]:
<!-- templates/form.html -->
<form method="POST" action="/submit">
  <input type="text" name="username" placeholder="Enter username" required>
  <input type="submit" value="Submit">
</form>


b) Flask route to handle the form



In [None]:
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/form')
def form():
    return render_template('form.html')

@app.route('/submit', methods=['POST'])
def submit():
    username = request.form.get('username')
    return f"Hello, {username}!"


The form sends data via POST to /submit.

Flask accesses form data via request.form.

2. Validating Form Data
You can do manual validation:

In [None]:
if not username or len(username) < 3:
    return "Invalid username", 400


3. Using Flask-WTF for More Powerful Forms
For more complex forms, Flask-WTF (Flask extension wrapping WTForms) helps with:

Form rendering

Validation

CSRF protection

Installation

In [None]:
pip install flask-wtf


Example

In [None]:
from flask import Flask, render_template, redirect
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired, Length

app = Flask(__name__)
app.secret_key = 'your-secret-key'  # Required for CSRF protection

class MyForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired(), Length(min=3)])
    submit = SubmitField('Submit')

@app.route('/form', methods=['GET', 'POST'])
def form():
    form = MyForm()
    if form.validate_on_submit():
        username = form.username.data
        return f"Hello, {username}!"
    return render_template('form.html', form=form)


Template example (form.html):



In [None]:
<form method="POST">
    {{ form.hidden_tag() }}  <!-- CSRF token -->
    {{ form.username.label }} {{ form.username(size=20) }}
    {{ form.submit() }}
</form>


Summary:

| Step                       | How to do it                            |
| -------------------------- | --------------------------------------- |
| Get form data              | `request.form.get('fieldname')`         |
| Handle GET and POST routes | `methods=['GET', 'POST']`               |
| Validate input manually    | Check values in route function          |
| Use Flask-WTF for forms    | Define WTForms classes, validate easily |


# **7)How can you validate form data in Flask?**

ANS-Validating form data in Flask can be done in two main ways:

1. Manual Validation
You can manually check the form fields in your route handler using Python code.

Example:




In [None]:
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit():
    username = request.form.get('username')
    email = request.form.get('email')

    # Basic validations
    errors = []
    if not username or len(username) < 3:
        errors.append("Username must be at least 3 characters.")
    if not email or '@' not in email:
        errors.append("Invalid email address.")

    if errors:
        return "<br>".join(errors), 400
    else:
        return f"Welcome, {username}!"


2. Using Flask-WTF (Recommended for Complex Forms)
Flask-WTF integrates WTForms and provides:

Built-in validators

CSRF protection

Cleaner code

Setup:

In [None]:
pip install flask-wtf


Example:

In [None]:
from flask import Flask, render_template
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired, Length, Email

app = Flask(__name__)
app.secret_key = 'secret-key'  # Required for CSRF protection

class RegistrationForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired(), Length(min=3)])
    email = StringField('Email', validators=[DataRequired(), Email()])
    submit = SubmitField('Register')

@app.route('/register', methods=['GET', 'POST'])
def register():
    form = RegistrationForm()
    if form.validate_on_submit():
        return f"Welcome, {form.username.data}!"
    return render_template('register.html', form=form)


Template (register.html):


In [None]:
<form method="POST">
    {{ form.hidden_tag() }}
    {{ form.username.label }} {{ form.username() }}<br>
    {{ form.email.label }} {{ form.email() }}<br>
    {{ form.submit() }}
</form>

{% for field, errors in form.errors.items() %}
    {% for error in errors %}
        <p style="color: red;">{{ error }}</p>
    {% endfor %}
{% endfor %}


Summary:

| Method            | When to Use                    | Pros                           | Cons                  |
| ----------------- | ------------------------------ | ------------------------------ | --------------------- |
| Manual validation | Simple forms, small projects   | Full control, no extra libs    | More boilerplate code |
| Flask-WTF/WTForms | Complex forms, production apps | Built-in validators, CSRF safe | Extra dependency      |


# **8)How do you manage sessions in Flask?**

ANS- anaging sessions in Flask lets you store data specific to a user between requests (like login info, preferences, or a shopping cart). Flask’s built-in session system uses secure cookies by default to keep this data on the client side but signed to prevent tampering.

How to Manage Sessions in Flask
1. Set a Secret Key
Flask signs session cookies with a secret key — this is required.

In [None]:
app = Flask(__name__)
app.secret_key = 'your-very-secret-key'  # Keep this secret in production!


2. Store Data in the Session
Use the session object like a dictionary:

In [None]:
from flask import session

# Set session data
session['username'] = 'alice'

# Access session data
user = session.get('username')

# Remove a session key
session.pop('username', None)


3. Example: Simple Login Session

In [None]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'secret-key'

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    session['username'] = username
    return redirect(url_for('profile'))

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Logged in as {session['username']}"
    return "You are not logged in"

@app.route('/logout')
def logout():
    session.clear()
    return "Logged out"


4. Important Notes
Session data is stored client-side in cookies, signed with your secret key.

Don’t store sensitive info (like passwords) in the session.

The session cookie is limited in size (usually around 4KB).

Use HTTPS in production to protect session cookies.

5. Advanced: Server-Side Sessions
If you want server-side session storage (e.g., in Redis or database), use extensions like:

Flask-Session: https://flask-session.readthedocs.io/en/latest/

Summary:

| Task                      | Code Example               |
| ------------------------- | -------------------------- |
| Set a session value       | `session['key'] = value`   |
| Get a session value       | `session.get('key')`       |
| Remove a key from session | `session.pop('key', None)` |
| Clear entire session      | `session.clear()`          |


# **9)How do you redirect to a different route in Flask?**

ANS- In Flask, you use the redirect() function to send the user to a different route (URL). Typically, you combine it with url_for() to generate the URL for the target route dynamically.

How to Redirect in Flask
Basic usage:

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the homepage!"

@app.route('/go-to-home')
def go_to_home():
    return redirect(url_for('home'))


redirect() sends an HTTP redirect response.

url_for('home') generates the URL for the home function’s route (/).

Redirect to an external URL:

In [None]:
return redirect('https://www.example.com')


Common pattern: Redirect after POST (Post/Redirect/Get)


In [None]:
@app.route('/submit', methods=['POST'])
def submit():
    # process form data
    return redirect(url_for('home'))


This avoids form resubmission on page refresh.

Summary:

| Function     | Purpose                          |
| ------------ | -------------------------------- |
| `redirect()` | Redirect client to a URL         |
| `url_for()`  | Dynamically build URL for routes |


# **10)How do you handle errors in Flask (e.g., 404)?**

ANS- In Flask, you can handle errors like 404 Not Found (or others) by defining custom error handlers. This lets you show friendly error pages or take specific actions when an error occurs.

How to Handle Errors in Flask
1. Basic Error Handler
Use the @app.errorhandler() decorator with the HTTP error code:

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404


The function takes the error object (e) as an argument.

Return a response (usually an HTML template) and the error code.

2. Example 404 Template (templates/404.html)

In [None]:
<!DOCTYPE html>
<html>
<head><title>Page Not Found</title></head>
<body>
  <h1>404 - Page Not Found</h1>
  <p>Sorry, the page you are looking for does not exist.</p>
  <a href="{{ url_for('home') }}">Go Home</a>
</body>
</html>


3. Handling Other Errors
You can handle other HTTP errors similarly:

In [None]:
@app.errorhandler(500)
def internal_error(e):
    return "An internal error occurred.", 500


Or handle all exceptions:

In [None]:
@app.errorhandler(Exception)
def handle_exception(e):
    return "Something went wrong.", 500


4. Using abort() to Raise Errors Manually
You can raise HTTP errors in your routes with abort():

In [None]:
from flask import abort

@app.route('/secret')
def secret():
    abort(403)  # Forbidden


Summary:

| Task                     | How to do it                                  |
| ------------------------ | --------------------------------------------- |
| Handle 404 error         | `@app.errorhandler(404)` + return custom page |
| Handle other HTTP errors | `@app.errorhandler(500)` etc.                 |
| Raise an error manually  | `from flask import abort; abort(404)`         |


# **11)How do you structure a Flask app using Blueprints?**

ANS- Using Blueprints in Flask helps you organize your application into modular, reusable components — especially useful as your app grows larger.

What is a Blueprint?
A Blueprint is like a mini Flask app that contains its own routes, templates, static files, and can be registered on the main app.

How to Structure a Flask App with Blueprints
1. Basic Folder Structure

In [None]:
your_app/
│
├── app.py               # Main application
├── /blueprints/
│   ├── __init__.py      # Makes blueprints a package
│   ├── users.py         # Users blueprint
│   └── products.py      # Products blueprint
├── /templates/
│   ├── users/
│   └── products/
└── /static/


2. Create a Blueprint (e.g., users.py)

In [None]:
from flask import Blueprint, render_template

users_bp = Blueprint('users', __name__, url_prefix='/users')

@users_bp.route('/')
def users_home():
    return "Users Home"

@users_bp.route('/profile/<username>')
def profile(username):
    return render_template('users/profile.html', username=username)


Blueprint('users', __name__, url_prefix='/users'):

'users' is the blueprint’s name.

url_prefix prepends /users to all routes in this blueprint.

3. Register Blueprints in main app (app.py)

In [None]:
from flask import Flask
from blueprints.users import users_bp

app = Flask(__name__)
app.register_blueprint(users_bp)

if __name__ == "__main__":
    app.run(debug=True)


4. Accessing Blueprint Routes
/users/ → triggers users_home()

/users/profile/alice → renders profile page for user "alice"

5. Blueprint Templates
Organize templates by blueprint to avoid conflicts:

In [None]:
templates/
    users/
        profile.html
    products/
        item.html


In your blueprint routes, render with relative paths like:



In [None]:
return render_template('users/profile.html', username=username)


Benefits of Blueprints
Modularize your app by features or components

Easier to maintain and scale

Reuse blueprints across different apps

Separate static files per blueprint (optional)

Summary:

| Step                | What to do                         |
| ------------------- | ---------------------------------- |
| Create a Blueprint  | `Blueprint('name', __name__)`      |
| Define routes in it | Use `@blueprint.route()`           |
| Register with app   | `app.register_blueprint()`         |
| Use `url_prefix`    | To namespace routes                |
| Organize templates  | `templates/blueprint_name/` folder |


# **12)How do you define a custom Jinja filter in Flask?**

ANS- Defining a custom Jinja filter in Flask lets you extend the template engine with your own functions to transform data in templates.

How to Define a Custom Jinja Filter in Flask
1. Create the filter function
Write a Python function that takes a value (and optionally other args) and returns the transformed value.

In [None]:
def reverse_string(s):
    return s[::-1]


2. Register the filter with Flask
Use app.template_filter() decorator or app.add_template_filter() method.

In [None]:
from flask import Flask

app = Flask(__name__)

@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]


Alternatively:

In [None]:
def reverse_string(s):
    return s[::-1]

app.add_template_filter(reverse_string, 'reverse')


3. Use the filter in Jinja templates

In [None]:
{{ "hello" | reverse }}


Output:

In [None]:
olleh


Full minimal example:

In [None]:
from flask import Flask, render_template_string

app = Flask(__name__)

@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]

@app.route('/')
def home():
    return render_template_string('Reversed: {{ "Flask" | reverse }}')

if __name__ == '__main__':
    app.run(debug=True)


Summary:

| Step                    | Code Snippet                         |                 |
| ----------------------- | ------------------------------------ | --------------- |
| Define filter function  | `def my_filter(value): ...`          |                 |
| Register with decorator | `@app.template_filter('filtername')` |                 |
| Use in template         | \`{{ some\_var                       | filtername }}\` |


# **13)How can you redirect with query parameters in Flask?**

ANS- To redirect with query parameters in Flask, you typically use url_for() to build the URL and pass the query parameters as keyword arguments. Then, pass that URL to redirect().

How to Redirect with Query Parameters
Example:
Suppose you have a route /search that accepts a query parameter q:

In [None]:
@app.route('/search')
def search():
    query = request.args.get('q')
    return f"Search results for: {query}"


Redirect with query parameter:

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/go-search')
def go_search():
    return redirect(url_for('search', q='flask'))


url_for('search', q='flask') generates /search?q=flask

redirect() sends the user to that URL

Full example:

In [None]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/search')
def search():
    query = request.args.get('q')
    return f"Search results for: {query}"

@app.route('/go-search')
def go_search():
    # Redirect with a query param q=flask
    return redirect(url_for('search', q='flask'))

if __name__ == '__main__':
    app.run(debug=True)


Summary:

| Task                           | Code                                        |
| ------------------------------ | ------------------------------------------- |
| Redirect with query parameters | `redirect(url_for('route', param='value'))` |


# **14)How do you return JSON responses in Flask?**

ANS- In Flask, you return JSON responses using the jsonify() function, which converts Python dictionaries (or other JSON-serializable objects) into proper JSON responses with the correct MIME type (application/json).

How to Return JSON Responses
1. Using jsonify()

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        'name': 'Alice',
        'age': 30,
        'city': 'New York'
    }
    return jsonify(data)


jsonify() automatically sets the Content-Type header to application/json.

It converts Python dicts, lists, etc. into JSON.

2. Returning JSON with custom status code

In [None]:
return jsonify({'error': 'Not found'}), 404


3. Manual JSON response (not recommended)
You can return JSON manually, but you need to set headers yourself:



In [None]:
from flask import Response
import json

@app.route('/api/manual')
def manual_json():
    data = {'message': 'Hello'}
    return Response(json.dumps(data), mimetype='application/json')


Summary:

| Task                    | Code Example                            |
| ----------------------- | --------------------------------------- |
| Return JSON response    | `return jsonify({'key': 'value'})`      |
| Return JSON with status | `return jsonify({'error': 'msg'}), 400` |


# **15)How do you capture URL parameters in Flask?**

ANS- In Flask, you capture URL parameters (also called route parameters) by defining placeholders in your route URLs with angle brackets < >. These parameters are then passed as arguments to your view functions.

How to Capture URL Parameters
1. Basic URL parameter


In [None]:
@app.route('/user/<username>')
def show_user(username):
    return f"User: {username}"


Visiting /user/alice will pass "alice" as the username argument.

2. Typed URL parameters
You can specify types to enforce parameter format:

In [None]:
@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"


Flask will convert the parameter to an integer.

If it’s not an integer, Flask returns a 404.

3. Multiple parameters

In [None]:
@app.route('/order/<int:order_id>/item/<item_name>')
def show_item(order_id, item_name):
    return f"Order {order_id}, Item {item_name}"


4. Optional parameters
Flask does not support optional parameters in the URL directly, but you can define multiple routes or use query parameters for optional data.

Summary:

| URL Rule                      | Parameter Type   | Passed To Function       |
| ----------------------------- | ---------------- | ------------------------ |
| `/user/<username>`            | String (default) | `username` (str)         |
| `/post/<int:post_id>`         | Integer          | `post_id` (int)          |
| `/order/<int:id>/item/<name>` | Multiple         | `id` (int), `name` (str) |
