**Restful API & Flask**


1. What is a RESTful API

A RESTful API (Representational State Transfer API) is a web service that follows the principles of REST (Representational State Transfer) architecture. It allows communication between client and server using HTTP methods such as GET, POST, PUT, DELETE to perform operations on resources.

2. Explain the concept of API specification

An API specification is a formal document or standard that describes how a particular API should behave, including its endpoints, request parameters, response formats, authentication methods, and error handling. It acts as a blueprint for developers to understand and interact with an API correctly.

3. What is Flask, and why is it popular for building APIs

Flask is a lightweight and flexible web framework for Python, designed to help developers build web applications and APIs quickly. It is based on the Werkzeug WSGI toolkit and Jinja2 template engine, making it a micro-framework (minimalistic yet powerful).

4. What is routing in Flask

Routing in Flask is the process of mapping URLs (routes) to specific functions that handle requests and return responses. It defines how users interact with the application through URLs.

5. How do you create a simple Flask application

Flask is a lightweight web framework in Python that allows you to build web applications and APIs quickly. Below are the steps to create a basic Flask application.

6. What are HTTP methods used in RESTful APIs
RESTful APIs use HTTP methods to perform CRUD (Create, Read, Update, Delete) operations. Below are the most commonly used HTTP methods in REST APIs:

GET – Retrieve data from a resource.

POST – Create a new resource.

PUT – Update an existing resource (full update).

PATCH – Partially update a resource.

DELETE – Remove a resource.

HEAD – Retrieve headers without the response body.

OPTIONS – Get allowed HTTP methods for a resource.

7. What is the purpose of the @app.route() decorator in Flask

The @app.route() decorator in Flask is used to define URL routes for handling requests in a web application. It maps a specific URL path to a Python function (view function), which executes when the route is accessed.

8. What is the difference between GET and POST HTTP methods

The GET and POST HTTP methods serve different purposes in RESTful APIs. GET is used to retrieve data from a server, and the data is sent as query parameters in the URL, making it visible in the browser's address bar. It is idempotent, meaning the same request will always produce the same response, and it can be cached for efficiency. However, GET is less secure since the data can be logged or bookmarked. On the other hand, POST is used to send data to the server, typically in the request body, making it more secure than GET. It is not idempotent, as multiple identical requests can create different outcomes, such as submitting a form multiple times. POST also allows for larger data payloads compared to GET. In Flask, the @app.route() decorator specifies the route and HTTP method to handle requests. GET is suitable for fetching data, like search results, while POST is ideal for submitting forms or creating new resources in an application.

9. How do you handle errors in Flask APIs

Error handling in Flask APIs ensures that users receive meaningful responses when something goes wrong. Flask provides built-in mechanisms and custom error handling using decorators and exceptions.

10. How do you connect Flask to a SQL database

Flask can be connected to a SQL database using SQLAlchemy, which is a powerful Object Relational Mapper (ORM) that allows interaction with databases using Python code instead of raw SQL queries. Below are the steps to connect Flask to a SQL database.

Install Flask-SQLAlchemy
Set Up Flask and SQLAlchemy
Define a Database Model
Create Database Tables
Insert Data into the Database
Retrieve Data from the Database
Create API Endpoints to Interact with the Database

11. What is the role of Flask-SQLAlchemy

Flask-SQLAlchemy is an extension for Flask that simplifies database integration by providing an easy-to-use interface for working with relational databases using SQLAlchemy, the most popular Object Relational Mapper (ORM) in Python.

12. What are Flask blueprints, and how are they useful

Flask Blueprints provide a way to structure and organize large Flask applications by allowing developers to split the application into smaller, reusable modules. A Blueprint is like a mini-application that can have its own routes, views, templates, and static files while still being part of the main Flask app.

13. What is the purpose of Flask's request object

The request object in Flask is used to access incoming HTTP request data sent by a client (such as a browser or API client) to the Flask application. It provides methods and attributes to retrieve form data, JSON payloads, query parameters, file uploads, and other request-related information.

14. How do you create a RESTful API endpoint using Flask

A RESTful API endpoint in Flask allows clients to interact with a server using HTTP methods such as GET, POST, PUT, and DELETE. Flask is a lightweight web framework that makes it easy to build APIs with minimal code.

15. What is the purpose of Flask's jsonify() function

In Flask, the jsonify() function is used to convert Python data structures (such as dictionaries and lists) into a JSON (JavaScript Object Notation) response. JSON is a widely used format for data exchange between clients and servers in web applications.

16. Explain Flask’s url_for() function

The url_for() function in Flask is used to dynamically generate URLs for routes defined in a Flask application. Instead of hardcoding URLs, url_for() helps in building URLs based on the function name associated with a particular route. This makes applications more maintainable and flexible.

17.  How does Flask handle static files (CSS, JavaScript, etc.)

Flask provides a built-in mechanism for serving static files such as CSS, JavaScript, and images. By default, Flask looks for static files inside a folder named static in the root directory of the project.

18. What is an API specification, and how does it help in building a Flask API

An API specification is a structured document that defines how an API should behave, detailing its endpoints, request methods, request/response formats, authentication, and error handling. It serves as a contract between the API provider and consumers, ensuring consistency and predictability in API interactions.

Common formats for API specifications include:

OpenAPI (Swagger) – Most widely used, machine-readable format.

RAML (RESTful API Modeling Language) – YAML-based API documentation.

GraphQL Schema – Defines query types and structures for GraphQL APIs.

19. What are HTTP status codes, and why are they important in a Flask API

HTTP status codes are three-digit numeric responses sent by the server to indicate the outcome of an HTTP request. They provide crucial information about whether a request was successful, failed, or requires further action. These codes help developers and API consumers understand the state of an interaction between a client (such as a web browser or mobile app) and a server.

HTTP status codes are grouped into five categories:

1xx (Informational) – Request received, continuing process.

2xx (Success) – Request successfully processed.

3xx (Redirection) – Further action needed to complete the request.

4xx (Client Errors) – Issues caused by the request (e.g., invalid input).

5xx (Server Errors) – Issues on the server side.

20. How do you handle POST requests in Flask

In Flask, a POST request is used to send data from the client (e.g., a web page or an API consumer) to the server. It is commonly used for actions like submitting form data, creating new records in a database, or updating resources.

21. How would you secure a Flask API

Securing a Flask API is crucial to protect data, prevent unauthorized access, and ensure the integrity of the application. Below are several best practices to secure a Flask API effectively:

Use HTTPS – Encrypts communication between client and server.

Implement Authentication & Authorization – Use API keys, JWT, or OAuth2.

Input Validation & Sanitization – Prevent SQL injection and XSS attacks.

Rate Limiting – Prevent abuse with Flask-Limiter.

Secure API Endpoints with CORS – Restrict access to specific domains.

Protect Against CSRF (Cross-Site Request Forgery) – Use CSRF tokens.

Hide Sensitive Information – Store secrets in environment variables.

Secure API Headers – Use Flask-Talisman for security headers.

Use Logging for Security Monitoring – Track unauthorized access.

Deploy Securely – Use Gunicorn, NGINX, and Docker for safe deployment.

22. What is the significance of the Flask-RESTful extension

Flask-RESTful is an extension for Flask that simplifies the creation of RESTful APIs by providing tools and conventions for building API endpoints efficiently. It enhances Flask by offering features such as request parsing, resource-based routing, automatic data serialization, and support for standard HTTP methods (GET, POST, PUT, DELETE). The extension also integrates with Flask’s existing request handling system, making it easier to manage API responses, error handling, and input validation. By using Flask-RESTful, developers can write cleaner, more maintainable, and scalable API code with minimal boilerplate.

23. What is the role of Flask’s session object

Flask’s session object is used to store user-specific data across multiple requests. It allows you to persist information such as authentication details, user preferences, or temporary data between requests without requiring the user to log in repeatedly.

Unlike cookies, which store data on the client side, Flask’s session uses secure, signed cookies to prevent tampering. The data is stored on the client but cryptographically signed using a secret key (app.secret_key), ensuring that it cannot be modified without detection.

**Practical Questions**

In [None]:
#1. M How do you create a basic Flask application
from flask import Flask

# Initialize Flask app
app = Flask(__name__)

# Define a route and corresponding function
@app.route("/")
def home():
    return "Hello, Flask!"

# Run the application
if __name__ == "__main__":
    app.run(debug=True)



 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
#2.  How do you serve static files like images or CSS in Flask

from flask import Flask, send_from_directory

app = Flask(__name__)

@app.route('/static/<path:filename>')
def serve_static(filename):
    return send_from_directory('static', filename)

if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
#3. How do you define different routes with different HTTP methods in Flask

!pip install flask




In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
#4. How do you render HTML templates in Flask

from flask import Flask, render_template

app = Flask(__name__)

@app.route("/")
def home():
    return render_template("index.html")  # Renders 'index.html' from templates folder

if __name__ == "__main__":
    app.run(debug=True)




In [None]:
#5. How can you generate URLs for routes in Flask using url_for

from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page!"

@app.route('/profile/<username>')
def profile(username):
    return f"Profile page of {username}"

with app.test_request_context():
    print(url_for('home'))  # Output: '/'
    print(url_for('profile', username='John'))  # Output: '/profile/John'


/
/profile/John


In [3]:
# 6.How do you handle forms in Flask

from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route("/submit", methods=["POST"])
def submit():
    data = request.json  # Get JSON data from AJAX request
    username = data["username"]
    return jsonify({"message": f"Hello, {username}!"})

if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [6]:
#7. M How can you validate form data in Flask

!pip install flask flask-ngrok

# Import required modules
from flask import Flask, request, render_template_string
from flask_ngrok import run_with_ngrok

# Initialize Flask app
app = Flask(__name__)
run_with_ngrok(app)  # Required to expose Flask in Colab

# Define a basic form handling route
@app.route("/", methods=["GET", "POST"])
def form():
    if request.method == "POST":
        name = request.form.get("name")
        return f"<h2>Hello, {name}! Form submitted successfully.</h2>"

    # Using render_template_string to avoid using external HTML files
    return render_template_string("""
        <form method="post">
            <label>Name:</label>
            <input type="text" name="name" required>
            <input type="submit" value="Submit">
        </form>
    """)

# Run Flask App
app.run()

 * Serving Flask app '__main__'
 * Debug mode: off


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
Exception in thread Thread-9:
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/dist-packages/urllib3/connection.py", line 198, in _new_conn
    sock = connection.create_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/urllib3/util/connection.py", line 85, in create_connection
    raise err
  File "/usr/local/lib/python3.11/dist-packages/urllib3/util/connection.py", line 73, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/dist-packages/urllib3/connectionpool.py", line 787, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/urllib3/connectionpool.py", line 493, in _make_reques

In [7]:
#8. How do you manage sessions in Flask

!pip install flask flask-ngrok




In [9]:
from flask import Flask, session, request, redirect, url_for
from flask_ngrok import run_with_ngrok
from flask_session import Session

app = Flask(__name__)
run_with_ngrok(app)  # Allows Flask to run on Colab

# Configure session to use the filesystem (persistent storage)
app.config["SESSION_TYPE"] = "filesystem"
app.secret_key = "your_secret_key"  # Required for session security

# Initialize session storage
Session(app)

@app.route("/")
def home():
    username = session.get("username", "Guest")
    return f"Welcome, {username}!"

@app.route("/login", methods=["POST"])
def login():
    session["username"] = request.form.get("username", "User")
    return redirect(url_for("home"))

@app.route("/logout")
def logout():
    session.pop("username", None)  # Remove session data
    return redirect(url_for("home"))

# Run Flask App
app.run()


ModuleNotFoundError: No module named 'flask_session'

In [None]:
#9. How do you redirect to a different route in Flask
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route("/")
def home():
    return "Welcome to the Home Page!"

@app.route("/dashboard")
def dashboard():
    return "Welcome to the Dashboard!"

@app.route("/go-to-dashboard")
def go_to_dashboard():
    return redirect(url_for("dashboard"))  # Redirects to /dashboard

if __name__ == "__main__":
    app.run(debug=True)



In [None]:
#10. How do you handle errors in Flask (e.g., 404)

from flask import abort

@app.route("/admin")
def admin():
    abort(403)  # Trigger a 403 Forbidden error

@app.errorhandler(403)
def forbidden(error):
    return "Access Denied! You don't have permission to view this page.", 403


In [None]:
#11. How do you structure a Flask app using Blueprints

from flask import Flask

def create_app():
    app = Flask(__name__)

    # Import Blueprints
    from app.routes.home import home_bp
    from app.routes.auth import auth_bp

    # Register Blueprints
    app.register_blueprint(home_bp)
    app.register_blueprint(auth_bp, url_prefix="/auth")  # Prefix for auth routes

    return app


In [None]:
#12. How do you define a custom Jinja filter in Flask

from flask import Flask, render_template

app = Flask(__name__)

# Custom Jinja Filter
def capitalize_words(value):
    return " ".join(word.capitalize() for word in value.split())

# Register Filter
app.jinja_env.filters["capitalize_words"] = capitalize_words

@app.route("/")
def home():
    text = "hello world from flask"
    return render_template("index.html", message=text)

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
#13. How can you redirect with query parameters in Flask

from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route("/")
def home():
    return "Welcome to the Home Page!"

@app.route("/redirect-example")
def redirect_example():
    return redirect(url_for("target", name="John", age=30))  # Passing query params

@app.route("/target")
def target():
    name = request.args.get("name", "Guest")
    age = request.args.get("age", "Unknown")
    return f"Hello {name}, your age is {age}!"

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
#14. How do you return JSON responses in Flask

from flask import Flask, jsonify

app = Flask(__name__)

@app.route("/json")
def json_response():
    data = {"message": "Hello, Flask!", "status": "success"}
    return jsonify(data)

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
#15. from flask import Flask

app = Flask(__name__)

@app.route("/user/<name>")  # Captures 'name' from the URL
def greet_user(name):
    return f"Hello, {name}!"

if __name__ == "__main__":
    app.run(debug=True)
