

**Answers to Restful API & Flask Questions**
---
---

✅ THEORY QUESTIONS & ANSWERS

1. What is a RESTful API?

  A RESTful API is an interface that allows different software systems to communicate over the internet using HTTP methods by following REST principles.

---
2. Explain the concept of API specification.

  API specification defines the rules and structure for how clients can interact with an API, including endpoints, methods, request formats, and expected responses.

---
3. What is Flask, and why is it popular for building APIs?

  Flask is a lightweight Python web framework used to build web applications and APIs. It's popular due to its simplicity, flexibility, and minimal setup.

---
4.  What is routing in Flask?
   
  Routing in Flask maps URL paths to specific functions, allowing the app to respond differently to different URLs.

---
5. What are HTTP methods used in RESTful APIs?

  Common HTTP methods include GET, POST, PUT, DELETE, and PATCH, used to perform operations like reading, creating, updating, and deleting resources.

---
 6. What are HTTP methods used in RESTful APIs?

 The main HTTP methods are GET (retrieve), POST (create), PUT (update/replace), PATCH (partial update), and DELETE (remove).
---
 7. What is the purpose of the @app.route() decorator in Flask?

 The @app.route() decorator binds a URL pattern to a view function, specifying what code should run when that URL is requested.
---
 8. What is the difference between GET and POST HTTP methods?

 GET requests retrieve data and are idempotent (repeating doesn't change state), while POST requests submit data to create or update resources and are not idempotent.
---
 9. How do you handle errors in Flask APIs?

 Using error handlers like @app.errorhandler() decorator or by raising HTTPException with appropriate status codes.
---
 10. How do you connect Flask to a SQL database

 It provides a high-level ORM (Object Relational Mapper) that allows interaction with the database using Python objects instead of SQL queries.








In [1]:
!pip install Flask Flask-SQLAlchemy


Collecting Flask-SQLAlchemy
  Downloading flask_sqlalchemy-3.1.1-py3-none-any.whl.metadata (3.4 kB)
Downloading flask_sqlalchemy-3.1.1-py3-none-any.whl (25 kB)
Installing collected packages: Flask-SQLAlchemy
Successfully installed Flask-SQLAlchemy-3.1.1


In [3]:
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

# Create Flask app
app = Flask(__name__)

# Database configuration (SQLite in this example)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///mydatabase.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

# Initialize database
db = SQLAlchemy(app)

# Define a table model
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(80), nullable=False)

# Create the database tables
with app.app_context():
    db.create_all()

@app.route('/')
def index():
    return "Database connected successfully!"

# Run the app
if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


---
 11. What is the role of Flask-SQLAlchemy?

 Flask-SQLAlchemy is an extension that adds SQLAlchemy support to Flask, providing ORM capabilities, database session management, and integration with Flask's application context.

 ---

 12. What are Flask blueprints, and how are they useful?

 Blueprints are a way to organize Flask applications into reusable components. They help in modularizing large applications, enabling code organization and separation of concerns.

 ---

 13. What is the purpose of Flask's request object?

 The request object contains all the data sent by the client in an HTTP request, including form data, query parameters, headers, and files.

 ---

 14. How do you create a RESTful API endpoint using Flask?



In [None]:
!pip install flask flask-ngrok

from flask import Flask, request, jsonify
from flask_ngrok import run_with_ngrok

# Create a Flask app
app = Flask(__name__)

# Initialize ngrok (this will expose the app to a public URL)
run_with_ngrok(app)

# Sample data: List of books
books = [
    {"id": 1, "title": "1984", "author": "George Orwell"},
    {"id": 2, "title": "To Kill a Mockingbird", "author": "Harper Lee"}
]

# GET route: Retrieve all books
@app.route('/books', methods=['GET'])
def get_books():
    return jsonify(books)

# POST route: Add a new book
@app.route('/books', methods=['POST'])
def add_book():
    new_book = request.get_json()  # Get the JSON data from the request
    new_book["id"] = len(books) + 1  # Assign an ID for the new book
    books.append(new_book)  # Add the new book to the list
    return jsonify(new_book), 201  # Return the new book with a 201 status code

# Run the app
if __name__ == "__main__":
    app.run()


 ---
 15. What is the purpose of Flask's jsonify() function?

 jsonify() converts Python dictionaries or objects to JSON responses with the correct Content-Type header.

 ---
 16. Explain Flask’s url_for() function.

 url_for() generates URLs for routes based on their view function names, helping avoid hardcoding URLs and making the application more maintainable.

 ---

 17. How does Flask handle static files (CSS, JavaScript, etc.)?

 Flask serves static files from a /static folder by default. Files can be accessed via /static/filename or using url_for('static', filename='style.css').

---

18. What is an API specification, and how does it help in building a Flask API?

 An API specification documents the API's structure and behavior. It helps by providing a clear contract for development, enabling testing, and facilitating client integration.

 ---
19. What are HTTP status codes, and why are they important in a Flask API?

  HTTP status codes indicate request outcomes (200 OK, 404 Not Found, etc.). They're important for proper API communication and error handling.

20. How do you handle POST requests in Flask?
  
   🔢 Example: Handling a POST request that sends JSON data







In [4]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit():
    data = request.get_json()  # Get JSON data from request
    name = data.get('name')
    age = data.get('age')
    return jsonify({"message": f"Received data for {name}, age {age}."})

if __name__ == '__main__':
    app.run(debug=True)

    #📬 How to Send a POST Request

{
  "name": "Alice",
  "age": 25
}


#✅ Output (JSON response from Flask):

{
  "message": "Received data for Alice, age 25."
}




 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


{'message': 'Received data for Alice, age 25.'}

21.How would you secure a Flask API?
  
 To secure a Flask API, you can use the following best practices:

1. **Authentication & Authorization:**

   * Use **token-based authentication** like JWT (JSON Web Tokens).
   * Verify users before giving access to sensitive routes.

2. **Input Validation:**

   * Always validate and sanitize user inputs to prevent **SQL injection** and **XSS attacks**.

3. **HTTPS:**

   * Deploy your API with **SSL/TLS** enabled to encrypt data in transit.

4. **Rate Limiting:**

   * Limit the number of requests a user can make to prevent abuse (e.g., using Flask-Limiter).

5. **Use Environment Variables:**

   * Store secrets (e.g., API keys, database passwords) securely using environment variables.

6. **Cross-Origin Resource Sharing (CORS):**

   * Use `Flask-CORS` to control which domains are allowed to access your API.

7. **Use Secure Headers:**

   * Add HTTP security headers (like `Content-Security-Policy`, `X-Frame-Options`) using libraries like `Flask-Talisman`.

8. **Keep Dependencies Updated:**

   * Regularly update Flask and third-party libraries to avoid known vulnerabilities.

---

22. What is the significance of the Flask-RESTful extension?

    Flask-RESTful helps organize your API code in a cleaner, more scalable way—perfect for building structured REST APIs.


---
23. What is the role of Flask’s session object?

 Flask’s session object helps keep track of user-specific information between page loads in a secure way.




**✅ PRACTICAL QUESTIONS & OUTPUTS**
---

1. How do you create a basic Flask application?

In [5]:
!pip install Flask




In [7]:
from flask import Flask

# Create the Flask app
app = Flask(__name__)

# Define a route
@app.route('/')
def home():
    return "Hello, Flask! This is a basic app."

# Run the app
if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


2. How do you serve static files like images or CSS in Flask?

  Static files inside a static folder and reference them in HTML:

In [None]:
<link rel="stylesheet" href="{{ url_for('static', filename='styles.css') }}">
<img src="{{ url_for('static', filename='images/logo.png') }}" alt="Logo">


3.  How do you define different routes with different HTTP methods in Flask?



In [None]:
@app.route('/data', methods=['GET', 'POST'])
def handle_data():
    if request.method == 'POST':
        return "Received POST request"
    return "Received GET request"


4. How do you render HTML templates in Flask?




In [None]:
from flask import render_template

@app.route('/home')
def home():
    return render_template('home.html')


5. How can you generate URLs for routes in Flask using url_for?





In [None]:
from flask import url_for

@app.route('/profile')
def profile():
    return f"Profile page URL: {url_for('profile')}"


6.  How do you handle forms in Flask?

In [None]:
@app.route('/submit', methods=['POST'])
def submit():
    name = request.form['name']
    return f"Hello, {name}!"


7. How can you validate form data in Flask?

In [None]:
!pip install flask-wtf


In [None]:
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired

class MyForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired()])
    submit = SubmitField('Submit')


8.  How do you manage sessions in Flask?

In [None]:
from flask import Flask, session

app = Flask(__name__)
app.secret_key = 'supersecretkey'

@app.route('/login')
def login():
    session['user'] = 'Amit'
    return "Logged in!"

@app.route('/logout')
def logout():
    session.pop('user', None)
    return "Logged out!"

if __name__ == '__main__':
    app.run(debug=True)


9.  How do you redirect to a different route in Flask?

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/go-home')
def go_home():
    return redirect(url_for('home'))

@app.route('/home')
def home():
    return "Welcome Home!"

if __name__ == '__main__':
    app.run(debug=True)


10.  How do you handle errors in Flask (e.g., 404)?

In [None]:
from flask import Flask

app = Flask(__name__)

@app.errorhandler(404)
def not_found(e):
    return "Page not found!", 404

if __name__ == '__main__':
    app.run(debug=True)


11. How do you structure a Flask app using Blueprints?

In [None]:
#blueprint (api.py):

from flask import Blueprint

api = Blueprint('api', __name__)

@api.route('/data')
def data():
    return "API Data"

#Register it in app.py

from flask import Flask
from api import api

app = Flask(__name__)
app.register_blueprint(api, url_prefix='/api')

if __name__ == '__main__':
    app.run(debug=True)


12. How do you define a custom Jinja filter in Flask?

In [None]:
@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]


13.  How can you redirect with query parameters in Flask?

In [None]:
return redirect(url_for('profile', user='Amit'))


14. How do you return JSON responses in Flask?

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/json')
def json_example():
    return jsonify({"message": "Hello, JSON!"})

if __name__ == '__main__':
    app.run(debug=True)


15.  How do you capture URL parameters in Flask?

In [None]:
@app.route('/user/<username>')
def profile(username):
    return f"Hello, {username}!"
