# **Restful API & Flask Assignment**


# **Q1. What is a RESTful API**

A **RESTful API** (Representational State Transfer) is a web service that enables communication between systems using standard HTTP methods like **GET, POST, PUT, and DELETE** for CRUD operations. It follows a **stateless** architecture, meaning each request contains all necessary information. RESTful APIs use **URIs** to access resources and typically return data in **JSON or XML** format. They are scalable, flexible, and widely used in web and mobile applications.

# **Q2. Explain the concept of API specification**

An **API specification** is a detailed document that defines how an API should work. It outlines **endpoints, request/response formats, methods (GET, POST, etc.), authentication, and error handling**. Specifications ensure consistency, making it easier for developers to integrate and use the API. Common formats include **OpenAPI (Swagger), RAML, and GraphQL schemas**. A well-defined API specification improves maintainability, scalability, and interoperability between different systems.

# **Q3.What is Flask, and why is it popular for building APIs**

**Flask** is a lightweight Python web framework used to build APIs and web applications. It’s popular due to its **simplicity, flexibility, and minimalism**, allowing developers to create APIs quickly. Flask supports **extensions** for databases, authentication, and more, making it highly customizable. It follows a **micro-framework** approach, meaning it has no built-in database layer, giving developers full control. Its ease of use and scalability make it a top choice for API development.

# **Q4. What is routing in Flask**

**Routing in Flask** maps URLs to specific functions, allowing web applications to handle different requests. Using the `@app.route()` decorator, developers define routes that trigger functions when accessed. Flask supports **dynamic routing** with URL parameters and methods like **GET, POST, PUT, and DELETE**. Routing enables organized API endpoints and efficient request handling, making Flask ideal for building web applications and RESTful APIs with clear, structured paths.

# **Q5.  How do you create a simple Flask application**

To create a simple Flask application, install Flask (pip install flask) and write:

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)


# **Q6. What are HTTP methods used in RESTful APIs**

RESTful APIs use **HTTP methods** for communication:  

- **GET** – Retrieves data from a server.  
- **POST** – Creates a new resource.  
- **PUT** – Updates or replaces an existing resource.  
- **PATCH** – Partially updates a resource.  
- **DELETE** – Removes a resource.  

These methods follow **CRUD (Create, Read, Update, Delete)** operations, ensuring a structured, stateless, and efficient way to interact with web services.

# **Q7. What is the purpose of the @app.route() decorator in Flask**

The `@app.route()` decorator in Flask defines URL routes, mapping them to specific functions that execute when accessed. It enables handling different HTTP methods like **GET, POST, PUT, and DELETE**, allowing the creation of RESTful APIs. The decorator simplifies request handling by associating URLs with Python functions, making Flask applications more organized, readable, and efficient in processing web requests. It’s essential for defining API endpoints and serving web pages.

# **Q8. What is the difference between GET and POST HTTP methods**

### **Difference Between GET and POST HTTP Methods**  

- **GET Method:**  
  - Used to **retrieve** data from the server.  
  - Parameters are sent in the **URL (query string)**.  
  - **Cacheable** and can be bookmarked.  
  - **Less secure** as data is visible in the URL.  
  - Example: Fetching user details.  

- **POST Method:**  
  - Used to **send** data to the server.  
  - Parameters are sent in the **request body**.  
  - **Not cacheable** and cannot be bookmarked.  
  - **More secure** for sensitive data.  
  - Example: Submitting a form.  

# **Q9. How do you handle errors in Flask APIs4**

In **Flask APIs**, error handling is managed using **error handlers, try-except blocks, and HTTP status codes**. Flask’s `@app.errorhandler()` decorator catches specific errors like `404 Not Found` or `500 Internal Server Error`, returning custom JSON responses. Using `abort()` allows manual error raising with status codes. Proper error handling improves API reliability, providing clear messages and ensuring smooth user experiences in applications.

# **Q10. How do you connect Flask to a SQL database**

To connect **Flask** to a **SQL database**, use **Flask-SQLAlchemy**:  

1. Install: `pip install flask-sqlalchemy`  
2. Configure in Flask:  

```python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///database.db'
db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(100))

db.create_all()
```

This sets up and connects Flask to a **SQLite** database.

# **Q11.  What is the role of Flask-SQLAlchemy**

Flask-SQLAlchemy is a Flask extension that integrates SQLAlchemy into Flask applications, simplifying database interactions. It manages database connections and sessions per request, allowing developers to define models using a declarative syntax by subclassing `db.Model`. This integration provides an intuitive interface for executing database operations, reducing boilerplate code and aligning with SQLAlchemy's features.

# **Q12. What are Flask blueprints, and how are they useful**

Flask Blueprints are a feature in Flask that allows developers to organize their application into modular components. Each Blueprint can encapsulate routes, templates, static files, and other functionalities, enabling a more maintainable and scalable codebase. By registering Blueprints with the main application, developers can structure their projects more effectively, facilitating code reuse and collaborative development.

# **Q13. What is the purpose of Flask's request object**

Flask's `request` object encapsulates all incoming HTTP request data, providing access to information such as method, headers, form data, and URL parameters. It enables developers to handle client data efficiently within view functions, facilitating tasks like form processing and query parameter retrieval. The `request` object is context-specific, ensuring data isolation between requests. citeturn0search1

# **Q14. How do you create a RESTful API endpoint using Flask**

Creating a RESTful API endpoint in Flask involves setting up routes that correspond to specific HTTP methods, enabling interaction with resources in a stateless manner. Here's a theoretical overview of the process:

Initialize the Flask Application:

Import the Flask class and create an instance of it. This instance will be the WSGI application.




In [None]:
from flask import Flask
app = Flask(__name__)


Define Routes and View Functions:

Use the @app.route decorator to bind URL paths to Python functions. Each function handles requests to its associated path.

Specify the HTTP methods (e.g., GET, POST, PUT, DELETE) that the route supports.

In [None]:
@app.route('/api/resource', methods=['GET'])
def get_resource():
    # Logic to retrieve and return resource data
    pass


Handle Request Data:

Utilize the request object from Flask to access incoming data such as query parameters, form data, and JSON payloads.

In [None]:
from flask import request

@app.route('/api/resource', methods=['POST'])
def create_resource():
    data = request.get_json()
    # Logic to create a new resource using 'data'
    pass


Return Responses:

Use Flask's jsonify function to serialize Python dictionaries into JSON responses.

Set appropriate HTTP status codes to indicate the result of the request.

In [None]:
from flask import jsonify

@app.route('/api/resource', methods=['GET'])
def get_resource():
    resource_data = {'key': 'value'}
    return jsonify(resource_data), 200


Run the Application:

Invoke the run method to start the Flask development server.

In [None]:
if __name__ == '__main__':
    app.run(debug=True)


For more advanced API functionalities, consider using Flask extensions like Flask-RESTful, which provide tools for building REST APIs more efficiently.


By following these steps, you can create RESTful API endpoints in Flask that handle various HTTP methods, process incoming data, and return appropriate responses, facilitating effective client-server communication.

# **Q15. What is the purpose of Flask's jsonify() function**

Flask's `jsonify()` function converts Python data structures, such as dictionaries or lists, into JSON-formatted responses. It creates a `Response` object with the `application/json` MIME type, ensuring the client interprets the data correctly. Using `jsonify()` simplifies returning JSON in Flask routes by automatically serializing data and setting appropriate headers, resulting in cleaner and more readable code while ensuring consistency and compatibility with web standards.

# **Q16.  Explain Flask’s url_for() function**

Flask's `url_for()` function dynamically constructs URLs by accepting the endpoint name (typically the view function's name) and variable arguments corresponding to the URL's parameters. This dynamic URL generation ensures that if routes are modified, the application remains consistent without requiring manual updates to hardcoded URLs.

# **Q17. How does Flask handle static files (CSS, JavaScript, etc.)**

Flask serves static files (like CSS and JavaScript) from a directory named static within the application's root. It automatically creates a /static/<path:filename> route to serve files from this folder. In templates, the url_for('static', filename='style.css') function generates the correct URL to these assets. This approach ensures organized and efficient management of static resources in Flask applicatio

# **Q18.  What is an API specification, and how does it help in building a Flask API**

An API specification is a formal document detailing the structure, behavior, and interactions of an API, including endpoints, request/response formats, and data models.
SECTION-1
 In Flask API development, such specifications serve as blueprints, guiding consistent implementation and ensuring clear communication among developers. They facilitate automated documentation, client library generation, and streamline testing processes, enhancing development efficiency and reducing errors.


# **Q19. What are HTTP status codes, and why are they important in a Flask API**

HTTP status codes are standardized three-digit numbers that indicate the outcome of an HTTP request. They are categorized into five classes: informational (100–199), successful (200–299), redirection (300–399), client errors (400–499), and server errors (500–599). In a Flask API, utilizing appropriate status codes is crucial as they inform clients about the result of their requests, aiding in debugging and enhancing communication between the client and server.


 # **Q20. How do you handle POST requests in Flask**


n Flask, to handle POST requests, define a route with the methods=['POST'] parameter. Within the corresponding view function, access the incoming data using request.form for form data or request.json for JSON payloads. Here's an example:

In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit_data():
    data = request.json  # Access JSON data
    # Process the data
    return 'Data received', 200


# **Q21. How would you secure a Flask API**

Securing a Flask API involves implementing multiple layers of protection to safeguard against various threats:

1. **Authentication and Authorization:** Implement robust authentication mechanisms, such as token-based systems (e.g., JWT), to verify user identities. Ensure proper authorization to restrict access based on user roles and permissions. citeturn0search5

2. **Input Validation and Sanitization:** Thoroughly validate and sanitize all user inputs to prevent injection attacks, such as SQL injection and cross-site scripting (XSS). citeturn0search1

3. **CSRF Protection:** Utilize CSRF tokens to protect against cross-site request forgery attacks, ensuring that requests originate from trusted sources. citeturn0search7

4. **Secure HTTP Headers:** Configure HTTP headers appropriately to enhance security, such as setting Content Security Policy (CSP) headers to mitigate XSS attacks. citeturn0search7

5. **HTTPS Enforcement:** Serve the API over HTTPS to encrypt data in transit, protecting against eavesdropping and man-in-the-middle attacks. citeturn0search9

6. **Regular Updates:** Keep Flask and its dependencies up to date to patch known vulnerabilities promptly. citeturn0search9

By integrating these security measures, you can significantly enhance the resilience of your Flask API against potential threats.

# **Q22. What is the significance of the Flask-RESTful extension**

Flask-RESTful is an extension for Flask that facilitates the rapid development of RESTful APIs by providing tools to define resources and handle standard HTTP methods like GET, POST, PUT, and DELETE. It offers request parsing, input validation, and custom error handling, streamlining API development and promoting adherence to RESTful principles

# **Q23. What is the role of Flask’s session object?**

Flask's `session` object enables the storage of user-specific data across multiple requests, facilitating features like user authentication and preferences. By default, Flask uses client-side sessions, storing session data in cookies that are cryptographically signed to prevent tampering. This ensures data integrity and security, as the server can detect any unauthorized modifications. To utilize sessions, developers must set a secret key in their Flask application, which is used for signing the session cookies. citeturn0search6

# **PRACTICAL QUESTIONS**

**bold text**# **Q1. How do you create a basic Flask application**

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return 'Hello, Flask!'

if __name__ == '__main__':
    app.run(debug=True)

#**Q2.How do you serve static files like images or CSS in Flask only code**

In [None]:

from flask import Flask, send_from_directory

app = Flask(__name__)

@app.route('/static/<path:filename>')
def serve_static(filename):
    return send_from_directory('static', filename)

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


#**Q3.How do you define different routes with different HTTP methods in Flask**

In [None]:
from flask import Flask, request

app = Flask(__name__)

# Route handling GET requests
@app.route('/get', methods=['GET'])
def get_example():
    return "This is a GET request"

# Route handling POST requests
@app.route('/post', methods=['POST'])
def post_example():
    data = request.json
    return {"message": "Received POST request", "data": data}

# Route handling both GET and POST requests
@app.route('/both', methods=['GET', 'POST'])
def both_example():
    if request.method == 'GET':
        return "This is a GET request"
    elif request.method == 'POST':
        return "This is a POST request"

# Route handling PUT requests
@app.route('/put', methods=['PUT'])
def put_example():
    return "This is a PUT request"

# Route handling DELETE requests
@app.route('/delete', methods=['DELETE'])
def delete_example():
    return "This is a DELETE request"

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


#**Q4.How do you render HTML templates in Flask?**

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')# html file is rendered

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


#**Q5.How can you generate URLs for routes in Flask using url_for?**

In [None]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Homepage!"

@app.route('/about')
def about():
    return "About Us Page!"

# Generating URLs
with app.test_request_context():
    print(url_for('home'))
    print(url_for('about'))

#**Q6.How do you handle forms in Flask**

In [None]:
# Create an HTML Form
# <form action="/submit" method="POST">
#     <label for="name">Name:</label>
#     <input type="text" id="name" name="name" required>
#     <button type="submit">Submit</button>
# </form>

# Define a Route to Handle the Form Data
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/form')
def form():
    return render_template('form.html')

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form['name']
    return f"Hello, {name}!"

#**Q7.How can you validate form data in Flask?**

In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form.get('name')
    email = request.form.get('email')


    if not name or not email:
        return jsonify({"error": "Name and email are required"}), 400
    if "@" not in email:
        return jsonify({"error": "Invalid email

    return jsonify({"message": f"Welcome, {name}!"})

#**Q8.How do you manage sessions in Flask?**

In [None]:
from flask import Flask, session, request, jsonify

app = Flask(__name__)


app.secret_key = 'your_secret_key'


@app.route('/set_session', methods=['POST'])
def set_session():
    username = request.json.get('username')
    if not username:
        return jsonify({"error": "Username is required"}), 400
    session['username'] = username
    return jsonify({"message": f"SessionSession cleared successfully!"}), 200

if __name__ == '__main__':
    app.run(debug=True)

#**Q9.How do you redirect to a different route in Flask?**

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)


@app.route('/')
def home():
    return "Welcome to the Home Page!"


@app.route('/about')
def about():
    return "This is the About Page!"


@app.route('/redirect-home')
def redirect_home():
    return redirect(url_for('home'))


@app.route('/redirect-about')
def redirect_about():
    return redirect(url_for('about'))


@app.route('/profile/<username>')
def profile(username):
    return f"Welcome to {username}'s Profile!"

@app.route('/redirect-to-profile')
def redirect_to_profile():
    return redirect(url_for('profile', username='Anuj'))

if __name__ == '__main__':
    app.run(debug=True)

#**Q10 How do you handle errors in Flask (e.g, 404)?**

In [None]:
from flask import Flask, render_template, jsonify

app = Flask(__name__)


@app.route('/')
def home():
    return "Welcome to the Home Page!"


@app.route('/sample')
def sample():
    return "This is the Sample Page!"


@app.errorhandler(404)
def not_found_error(e):
    return jsonify({"error": "Page not found"}), 404


@app.errorhandler(500)
def internal_server_error(e):
    return jsonify({"error": "Internal Server Error occurred"}), 500

if __name__ == '__main__':
    app.run(debug=True)

#**Q11.How do you structure a Flask app using Blueprints?**

In [None]:
from flask import Blueprint, render_template


user_bp = Blueprint('user_bp', __name__, template_folder='../templates')


@user_bp.route('/<username>')
def user_profile(username):
    return render_template('user.html', username=username)

#**Q12.How do you define a custom Jinja filter in Flask?**

In [None]:
from flask import Flask, render_template

app = Flask(__name__)


@app.template_filter('reverse')
def reverse_string(value):
    """Reverses the given string."""
    return value[::-1]


@app.route('/')
def home():

    return render_template('example.html', message="Flask Filters")

if __name__ == '__main__':
    app.run(debug=True)

#**Q13.How can you redirect with query parameters in Flask?**

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page!"

@app.route('/redirect')
def redirect_with_params():

    return redirect(url_for('home', q='Flask', page=1))

@app.route('/home')
def home_with_params():

    return "Welcome with parameters!"

#**Q14.How do you return JSON responses in Flask?**

In [None]:
from flask import Flask, jsonify, request

app = Flask(__name__)


@app.route('/simple-json', methods=['GET'])
def simple_json():
    return jsonify({
        "message": "Hello, this is a JSON response!",
        "status": "success"
    })


@app.route('/greet', methods=['POST'])
def greet_user():
    data = request.json
    name = data.get('name', 'Guest')
    return jsonify({
        "message": f"Hello, {name}!",
        "status": "success"
    }), 200


@app.route('/error', methods=['GET'])
def error():
    return jsonify({
        "error": "Something went wrong",
        "code": 500
    }), 500

if __name__ == '__main__':
    app.run(debug=True)

#**Q15.How do you capture URL parameters in Flask?**

In [None]:
from flask import Flask

app = Flask(__name__)

# Route with a dynamic URL parameter
@app.route('/user/<username>')
def user_profile(username):

    return f"Hello, {username}! Welcome to your profile."


@app.route('/product/<category>/<int:product_id>')
def product_details(category, product_id):

    return f"Category: {category}, Product ID: {product_id}"

if __name__ == '__main__':
    app.run(debug=True)