# Restful API & Flask

#1. What is a RESTful API?

-> A RESTful API (Representational State Transfer API) is a web service that follows the principles of REST (Representational State Transfer) architecture. REST is an architectural style that defines a set of constraints and principles for building scalable and efficient web services.

#2. Explain the concept of API specification?

-> An API Specification is a detailed blueprint that defines how an API should work. It provides a structured description of the API’s endpoints, request/response formats, authentication methods, and other essential details.

#3. What is Flask, and why is it popular for building APIs?

-> Flask is a lightweight and flexible Python web framework used for building web applications and APIs. It follows the WSGI (Web Server Gateway Interface) standard and is designed to be simple yet powerful.
Flask is widely used for building APIs because of its simplicity, flexibility, and extensibility.

#4. What is routing in Flask?

-> Routing in Flask refers to the process of mapping URLs (endpoints) to specific functions in your application. This allows users to access different parts of your web app or API by visiting specific URLs. In Flask, routing is handled using the @app.route() decorator, which binds a URL pattern to a specific view function.

#5. How do you create a simple Flask application?

-> Flask is a lightweight Python web framework that helps you create web applications easily. Here’s how to create a basic Flask app in the simplest way possible.

-  Create a Python File : Create a new Python file (e.g., app.py)

```
from flask import Flask  # Import Flask

app = Flask(__name__)  # Create a Flask app

@app.route('/')  # Define a route for the homepage
def home():
    return "Hello, Flask!"  # Response when visiting the homepage

if __name__ == '__main__':
    app.run(debug=True)  # Run the Flask app

```
- Run the Flask Application : Save the file and run it using:


`python app.py`

- Then we will see output like:

 `Running on http://127.0.0.1:5000/`

- Open in Browser

`open browser and go to: http://127.0.0.1:5000/`

- We willsee:
Hello, Flask!



# 6. What are HTTP methods used in RESTful APIs?

-> In a RESTful API, HTTP methods define the type of operation performed on a resource. Here are some methods with there purpose and example.

- GET	- Retrieve data
ex: `GET /users`
- POST	- Create new resource
ex: `POST /users`
- PUT	- Update an existing resource
ex: `PUT /users/1`
- PATCH	- Partially update a resource
ex: `PATCH /users/1`
- DELETE	- Delete a resource
ex: `DELETE /users/1`
- OPTIONS	- Check available methods
ex: `OPTIONS /users`

#7. What is the purpose of the @app.route() decorator in Flask?

-> In Flask, the @app.route() decorator is used to bind a URL path to a Python function that handles requests to that URL. This is fundamental for creating web applications in Flask, allowing you to define what happens when different URLs are accessed by users.

 The @app.route() decorator is essential in Flask for mapping URLs to specific functions, handling dynamic paths, and supporting multiple HTTP methods.

#8. What is the difference between GET and POST HTTP methods?

-> The GET and POST methods are two of the most commonly used HTTP methods for sending requests to a web server. Here are the key differences between them:

- Get Method :

1. Data is appended to the URL and visible in the browser's address bar.
2. Limited by the URL length, which can vary by browser and server. Typically, around 2048 characters.
3. Less secure due to visibility in the URL. Sensitive data can be easily exposed in browser history, server logs, etc.
4. Ideal for simple data retrieval where the data can be bookmarked or shared.
5. Idempotent, meaning multiple identical requests have the same effect as a single request.
6. Only ASCII characters are allowed. Non-ASCII characters must be encoded.

- HTTP Method :

1. Data is included in the request body and not visible in the URL.
2. No inherent limit on data size, allowing for large amounts of data to be sent.
3. More secure for transmitting sensitive data since it's not exposed in the URL.
4. Suited for transactions that result in a change on the server, such as updating data, submitting forms, and uploading files.
5. Non-idempotent, meaning multiple identical requests, may have different outcomes.
6. Can handle binary data in addition to text, making it suitable for file uploads.

#9. How do you handle errors in Flask APIs?

-> Handling errors in Flask APIs is an important aspect of building robust web applications. Flask provides several ways to catch and handle errors, ensuring that your application can respond gracefully to unexpected situations (like invalid input, server errors, etc.).

- Use abort() to trigger standard HTTP errors (like 404 or 500).

- Create custom error handlers for common HTTP errors (e.g., 404, 500).

- Use try-except blocks to handle specific exceptions in your code.

- Leverage Marshmallow or Flask-WTF for validating incoming data and returning meaningful error messages.

- Custom global hooks (before_request, after_request) to perform checks across requests.

- Define and handle custom exceptions with custom error handlers.

#10. How do you connect Flask to a SQL database?


-> By using Flask-SQLAlchemy, we can seamlessly connect Flask to any SQL database (like SQLite, PostgreSQL, MySQL, etc.) and interact with the database using Python objects, simplifying the process of building and managing our web application’s database layer.

- Install Flask-SQLAlchemy and configure it in your Flask app.

- Define models to represent your database tables.

- Use db.create_all() to create the database tables based on the models.

- Perform CRUD operations using SQLAlchemy’s ORM methods.

- Optionally, use Flask-Migrate for handling database migrations.

# 11. What is the role of Flask-SQLAlchemy?

-> Flask-SQLAlchemy is an extension that provides easy integration of SQLAlchemy with Flask. It helps developers work with relational databases in a more Pythonic and manageable way by offering ORM capabilities, automatic table creation, session management, and support for migrations. Flask-SQLAlchemy abstracts the need for writing raw SQL queries, making database interactions easier, cleaner, and more maintainable.

#12. What are Flask blueprints, and how are they useful?

-> Flask blueprints are a powerful tool for organizing larger applications and are especially useful for projects that need to scale or require modular code.

- Modularize your app: Blueprints allow you to separate different parts of your app (like user management, admin, and API) into independent modules.

- Reusability: You can reuse blueprints across multiple projects or different sections of the same app.

- Organize your code: Blueprints help keep your application organized by logically grouping related views, templates, and static files.

- URL Prefixing: You can define a url_prefix to group all routes in a blueprint under a common URL prefix.

- Blueprints for APIs: They are great for creating and organizing APIs in a clean way.

# 13. What is the purpose of Flask's request object?

-> The Flask request object is a central component that gives you access to all the data associated with an incoming HTTP request. It provides methods to access:

1. Query parameters (request.args)

2. Form data (request.form)

3. JSON data (request.get_json())

4. Request headers (request.headers)

5. Cookies (request.cookies)

6. Files (request.files)

7. The HTTP method (request.method)

It is extremely useful when handling user input, processing form submissions, handling file uploads, or building APIs that receive data in different formats (such as JSON). The request object ensures that Flask can interact with various types of HTTP requests in a seamless and Pythonic way.

#14.  How do you create a RESTful API endpoint using Flask?

-> Creating a RESTful API endpoint using Flask involves setting up a Flask application, defining routes, and returning JSON responses. Here's a step-by-step guide:

1. Install Flask
2. Create a Flask App


```
from flask import Flask, jsonify, request

app = Flask(__name__)

# Sample data (acting as a simple in-memory database)
users = [
    {"id": 1, "name": "Alice", "age": 25},
    {"id": 2, "name": "Bob", "age": 30},
]

# Get all users
@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users)

# Get a single user by ID
@app.route('/users/<int:user_id>', methods=['GET'])
def get_user(user_id):
    user = next((user for user in users if user["id"] == user_id), None)
    if user:
        return jsonify(user)
    return jsonify({"error": "User not found"}), 404

# Create a new user
@app.route('/users', methods=['POST'])
def create_user():
    data = request.get_json()
    new_user = {
        "id": len(users) + 1,
        "name": data["name"],
        "age": data["age"]
    }
    users.append(new_user)
    return jsonify(new_user), 201

# Update an existing user
@app.route('/users/<int:user_id>', methods=['PUT'])
def update_user(user_id):
    data = request.get_json()
    user = next((user for user in users if user["id"] == user_id), None)
    if user:
        user.update(data)
        return jsonify(user)
    return jsonify({"error": "User not found"}), 404

# Delete a user
@app.route('/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
    global users
    users = [user for user in users if user["id"] != user_id]
    return jsonify({"message": "User deleted"}), 200

if __name__ == '__main__':
    app.run(debug=True)

```
3. Run the Flask Application

Save the script as app.py and run:

`python app.py`
The API will be accessible at http://127.0.0.1:5000.

4. Testing the API

Use Postman, cURL, or Python’s requests module to interact with the API.

```
# Get all users:
curl http://127.0.0.1:5000/users
```

```
# Create a user:
curl -X POST -H "Content-Type: application/json" -d '{"name": "Charlie", "age": 22}' http://127.0.0.1:5000/users
```

#15. What is the purpose of Flask's jsonify() function?

-> Flask's jsonify() function is used to convert Python data structures (like dictionaries and lists) into JSON format, which is the standard format for API responses. It also automatically sets the correct Content-Type header (application/json) in the HTTP response.

#16. Explain Flask’s url_for() function.

-> Flask’s url_for() function is used to generate URLs for routes dynamically instead of hardcoding them. This makes it easier to maintain and modify URLs within a Flask application.

- Generates URLs dynamically
- Avoids hardcoding
- Supports query parameters
- Works with static files

#17. How does Flask handle static files (CSS, JavaScript, etc.)?

-> Flask serves static files (CSS, JavaScript, images) from a special /static directory inside your project. The framework automatically maps requests for these files to the appropriate location. Here are some steps to handle static file:

- Place static files in the /static folder
- Use url_for('static', filename='...') to reference them
- Can serve additional directories with send_from_directory()
- Can change the default static folder
-  Avoid browser caching during development with timestamps

# 18. What is an API specification, and how does it help in building a Flask API?

-> An API Specification is a formal document or standard that defines how an API should behave, including its endpoints, request/response formats, authentication methods, and data structures. It acts as a contract between the API provider and consumers.

#19. What are HTTP status codes, and why are they important in a Flask API?

-> HTTP status codes are three-digit numbers returned by a server to indicate the result of an HTTP request. They help clients (e.g., browsers, mobile apps, or other APIs) understand whether a request was successful, failed, or needs further action.

> Why Are Status Codes Important in a Flask API?

- Clear Communication – Helps clients understand the result of a request.
- Error Handling – Allows clients to handle failures properly (e.g., retry on 503 Service Unavailable).
- RESTful API Standards – Makes APIs more predictable and standardized.
- Debugging & Logging – Helps developers identify issues easily.

#20.  How do you handle POST requests in Flask?

-> A POST request is used to send data to a server to create or update a resource. In Flask, you handle POST requests using the @app.route() decorator with the methods=['POST'] argument.

- Use request.get_json() for JSON data
- Use request.form for form submissions
- Use request.files for file uploads
- Validate input to avoid errors
- Return appropriate HTTP status codes (201 Created, 400 Bad Request)

#21. How would you secure a Flask API?

-> Securing a Flask API is crucial to prevent unauthorized access, data breaches, and attacks such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Below are key strategies to enhance Flask API security.

- Use JWT Authentication for secure access.
- Implement Rate Limiting to prevent abuse.
- Validate and sanitize user input.
- Enable HTTPS for encrypted communication.
- Use CORS restrictions to control access.
- Implement CSRF protection where necessary.
- Hide error messages to prevent information leaks.

#22. What is the significance of the Flask-RESTful extension?

-> Flask-RESTful is an extension for Flask that simplifies the creation of RESTful APIs by providing a structured way to define API resources, request parsing, and response formatting.

Why Use Flask-RESTful?

- Simplifies API Development – Reduces boilerplate code.
- Built-in Request Parsing – Handles query parameters and JSON payloads efficiently.
- Automatic Response Formatting – Returns JSON responses by default.
- Class-Based API Views – Encourages object-oriented programming (OOP).
- Status Code Management – Makes error handling more readable.

#23. What is the role of Flask’s session object?

-> Flask’s session object is used to store user-specific data across multiple requests. It enables state management by keeping track of information such as user authentication, preferences, and session tokens.

How Flask’s session Works :

- session stores user-specific data across requests.
- Requires app.secret_key to prevent tampering.
- Supports custom expiration and server-side storage.
- Use Flask-Session for better security.

# Practical Questions

1. How do you create a basic Flask application?

In [None]:
pip install pyngrok


Collecting pyngrok
  Downloading pyngrok-7.2.3-py3-none-any.whl.metadata (8.7 kB)
Downloading pyngrok-7.2.3-py3-none-any.whl (23 kB)
Installing collected packages: pyngrok
Successfully installed pyngrok-7.2.3


In [None]:
from flask import Flask
from pyngrok import ngrok

In [None]:
port_no = 4000

In [None]:
app = Flask(__name__)
ngrok.set_auth_token("type Auth code")
public_url =  ngrok.connect(port_no).public_url

@app.route("/")
def home():
    return f"Hey there. I am using Flask"

print(f"To acces the Gloable link please click {public_url}")

app.run(port=port_no)

#2. How do you serve static files like images or CSS in Flask?

In [None]:
from flask import send_from_directory
import os

# Change the endpoint name to avoid conflict
@app.route('/sample_data/<path:filename>')
def serve_static(filename):
    return send_from_directory('/sample_data', filename)

#3. How do you define different routes with different HTTP methods in Flask?

In [None]:
from flask import Flask, request
from pyngrok import ngrok

app = Flask(__name__)
ngrok.set_auth_token("Type your auth code")
public_url =  ngrok.connect(port_no).public_url

@app.route('/hello', methods=['GET'])
def hello():
    return "Hello, World!"

@app.route('/hello', methods=['POST'])
def hello_post():
    data = request.json
    return f"Received: {data}"

@app.route('/hello', methods=['PUT'])
def hello_put():
    data = request.json
    return f"Updated: {data}"

@app.route('/hello', methods=['DELETE'])
def hello_delete():
    return "Deleted"

if __name__ == '__main__':
    app.run()


#4. How do you render HTML templates in Flask?

In [None]:
from flask import Flask, render_template
from flask_ngrok import run_with_ngrok
run_with_ngrok(app)

app = Flask(__name__)  # Initialize Flask app

# Home Page Route
@app.route('/')
def home():
    return render_template('index.html')

# User Page with Dynamic Name
@app.route('/index.html')
def user(name):
    return render_template('index.html', username=name)

# Users List Page
@app.route('/index.html')
def users():
    user_list = ["Alice", "Bob", "Charlie", "David"]
    return render_template('index.html', users=user_list)

if __name__ == '__main__':
    app.run(debug=True)


#5. How can you generate URLs for routes in Flask using url_for?

In [None]:
from flask import Flask, url_for, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return f"Home Page - Visit the <a href='{url_for('about')}'>About Page</a>"

@app.route('/about')
def about():
    return "This is the About Page."

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# Generating URLs with Query Parameters

@app.route('/posts')
def posts():
    page = request.args.get('page', 1)  # Get 'page' from URL, default to 1
    return f"Displaying posts on page {page}"


In [None]:
# Generating URLs for Static Files

url_for('static', filename='css/style.css')


#6.  How do you handle forms in Flask?

In [None]:
# Create a Flask App (app.py)

from flask import Flask, render_template, request

app = Flask(__name__)

@app.route("/", methods=["GET", "POST"])
def index():
    if request.method == "POST":
        name = request.form["name"]  # Get form data
        return f"Hello, {name}!"
    return render_template("form.html")  # Render the form

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
# Create an HTML Form (templates/form.html)

<!DOCTYPE html>
<html>
<head>
    <title>Flask Form</title>
</head>
<body>
    <h1>Enter Your Name</h1>
    <form method="POST">
        <input type="text" name="name" placeholder="Your Name" required>
        <button type="submit">Submit</button>
    </form>
</body>
</html>


In [None]:
python app.py

#7. How can you validate form data in Flask?

In [None]:
# Form Validation with Flask-WTF

from flask_wtf import FlaskForm
from wtforms import StringField, EmailField, SubmitField
from wtforms.validators import DataRequired, Email, Length

class MyForm(FlaskForm):
    name = StringField("Name", validators=[DataRequired(), Length(min=2, max=20)])
    email = EmailField("Email", validators=[DataRequired(), Email()])
    submit = SubmitField("Submit")


In [None]:
# Update app.py

from flask import Flask, render_template
from forms import MyForm  # Import the form class

app = Flask(__name__)
app.config["SECRET_KEY"] = "your_secret_key"  # Required for CSRF protection

@app.route("/", methods=["GET", "POST"])
def index():
    form = MyForm()
    if form.validate_on_submit():
        return f"Hello, {form.name.data}! Your email is {form.email.data}."
    return render_template("form_wtf.html", form=form)

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
# Create an HTML Form (templates/form_wtf.html)

<!DOCTYPE html>
<html>
<head>
    <title>Flask WTF Form</title>
</head>
<body>
    <h1>Flask-WTF Form Validation</h1>
    <form method="POST">
        {{ form.hidden_tag() }}  <!-- CSRF Token -->

        <p>{{ form.name.label }} {{ form.name() }}</p>
        {% if form.name.errors %}
            <ul>
                {% for error in form.name.errors %}
                    <li style="color: red;">{{ error }}</li>
                {% endfor %}
            </ul>
        {% endif %}

        <p>{{ form.email.label }} {{ form.email() }}</p>
        {% if form.email.errors %}
            <ul>
                {% for error in form.email.errors %}
                    <li style="color: red;">{{ error }}</li>
                {% endfor %}
            </ul>
        {% endif %}

        <p>{{ form.submit() }}</p>
    </form>
</body>
</html>


# 8. How do you manage sessions in Flask?

In [None]:
# Import session and Set a Secret Key

from flask import Flask, session, redirect, url_for, request, render_template

app = Flask(__name__)
app.config["SECRET_KEY"] = "your_secret_key"  # Required to sign session cookies

@app.route("/")
def index():
    return render_template("index.html")

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
# Storing and Retrieving Session Data

@app.route("/login", methods=["POST", "GET"])
def login():
    if request.method == "POST":
        username = request.form["username"]
        session["user"] = username  # Store username in session
        return redirect(url_for("dashboard"))
    return render_template("login.html")

@app.route("/dashboard")
def dashboard():
    if "user" in session:
        return f"Welcome, {session['user']}! <a href='/logout'>Logout</a>"
    return redirect(url_for("login"))

@app.route("/logout")
def logout():
    session.pop("user", None)  # Remove user from session
    return redirect(url_for("login"))


In [None]:
# Create Login Form (templates/login.html)

<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
</head>
<body>
    <h2>Login</h2>
    <form method="POST">
        <input type="text" name="username" placeholder="Enter Username" required>
        <button type="submit">Login</button>
    </form>
</body>
</html>


#9.  How do you redirect to a different route in Flask?

In [None]:
# Basic Redirection Using redirect() and url_for()

from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route("/")
def home():
    return "Welcome to the Home Page! <a href='/dashboard'>Go to Dashboard</a>"

@app.route("/dashboard")
def dashboard():
    return "This is the Dashboard Page!"

@app.route("/redirect-to-dashboard")
def redirect_to_dashboard():
    return redirect(url_for("dashboard"))  # Redirect to dashboard

if __name__ == "__main__":
    app.run(debug=True)



#10.  How do you handle errors in Flask (e.g., 404)?

In [None]:
# Handling 404 Errors

from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def not_found(error):
    return render_template("404.html"), 404  # Return custom 404 page


In [None]:
# templates/404.html

<!DOCTYPE html>
<html>
<head>
    <title>Page Not Found</title>
</head>
<body>
    <h1>404 - Page Not Found</h1>
    <p>Oops! The page you are looking for does not exist.</p>
    <a href="/">Go Back Home</a>
</body>
</html>


#11. How do you structure a Flask app using Blueprints?

In [None]:
# A Flask project with Blueprints typically follows this structure:

flask_app/
│── app.py             # Main Flask application
│── config.py          # Configuration settings (optional)
│── routes/
│   │── __init__.py    # Initializes the blueprint
│   │── users.py       # User-related routes
│   │── products.py    # Product-related routes
│── templates/         # HTML templates (if needed)
│── static/            # CSS, JS, images (if needed)
│── venv/              # Virtual environment (optional)
│── requirements.txt   # Dependencies (optional)


In [None]:
# Create the Flask App (app.py)

from flask import Flask
from routes.users import users_bp  # Import the user Blueprint
from routes.products import products_bp  # Import the product Blueprint

app = Flask(__name__)

# Register Blueprints
app.register_blueprint(users_bp, url_prefix='/users')
app.register_blueprint(products_bp, url_prefix='/products')

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
#Create a Blueprint for Users (routes/users.py)

from flask import Blueprint, jsonify

users_bp = Blueprint('users', __name__)  # Create a Blueprint

@users_bp.route('/', methods=['GET'])
def get_users():
    users = [{"id": 1, "name": "Alice"}, {"id": 2, "name": "Bob"}]
    return jsonify(users)

@users_bp.route('/<int:user_id>', methods=['GET'])
def get_user(user_id):
    return jsonify({"id": user_id, "name": f"User {user_id}"})


In [None]:
# Create a Blueprint for Products (routes/products.py)

from flask import Blueprint, jsonify

products_bp = Blueprint('products', __name__)  # Create a Blueprint

@products_bp.route('/', methods=['GET'])
def get_products():
    products = [{"id": 1, "name": "Laptop"}, {"id": 2, "name": "Phone"}]
    return jsonify(products)


In [None]:
# Initialize Blueprints (routes/__init__.py) and run the app

from .users import users_bp
from .products import products_bp


python app.py


#12. How do you define a custom Jinja filter in Flask?

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

# Define a custom Jinja filter
def reverse_string(value):
    """Reverses a string."""
    return value[::-1]

# Register the custom filter in Flask
app.jinja_env.filters['reverse'] = reverse_string

@app.route('/')
def index():
    return render_template('index.html', name="Flask")

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
#Use the Custom Filter in a Template (templates/index.html)

<!DOCTYPE html>
<html>
<head>
    <title>Custom Jinja Filter</title>
</head>
<body>
    <h1>Original: {{ name }}</h1>
    <h1>Reversed: {{ name | reverse }}</h1>
</body>
</html>


#13. How can you redirect with query parameters in Flask?

In [None]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page!"

@app.route('/redirect-example')
def redirect_example():
    # Redirect to '/destination' with query parameters
    return redirect(url_for('destination', name='Alice', age=25))

@app.route('/destination')
def destination():
    # Get query parameters from the URL
    name = request.args.get('name')
    age = request.args.get('age')
    return f"Redirected! Name: {name}, Age: {age}"

if __name__ == '__main__':
    app.run(debug=True)


#14. How do you return JSON responses in Flask?

In [1]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/json')
def json_response():
    data = {"message": "Hello, Flask!", "status": "success"}
    return jsonify(data)  # Converts dictionary to JSON

if __name__ == '__main__':
    app.run(debug=True)


#15. How do you capture URL parameters in Flask?

In [None]:
# Capture a Single Parameter

from flask import Flask

app = Flask(__name__)

@app.route('/user/<name>')  # Capture 'name' from URL
def greet_user(name):
    return f"Hello, {name}!"

if __name__ == '__main__':
    app.run(debug=True)
