###**Assignment 7 Restful API & Flask**

### Theory Quesions

**Q1. What is a RESTful API?**

A **RESTful API** (Representational State Transfer API) is a web service that follows REST principles to enable communication between clients and servers over HTTP. It uses standard HTTP methods like:  

- **GET** → Retrieve data  
- **POST** → Create new resources  
- **PUT** → Update existing resources  
- **DELETE** → Remove resources  

**Key Characteristics**:
- **Stateless** → Each request is independent; no session is stored on the server.  
- **Client-Server Architecture** → The frontend (client) and backend (server) are separate.  
- **Uniform Interface** → Consistent resource structure (usually using URLs).  
- **Uses JSON or XML** → JSON is the most common format for data exchange.  




**Q2. Explain the concept of API specification.**

An **API specification** is a detailed, structured document or definition that describes how an API should work. It serves as a blueprint for developers, outlining the API's endpoints, request/response formats, authentication methods, and other technical details.

### Key Elements of an API Specification:
1. **Endpoints & Methods** → Defines available URLs and HTTP methods (GET, POST, etc.).  
2. **Request Parameters** → Specifies required and optional inputs (query params, headers, body data).  
3. **Response Structure** → Details the format and data returned by the API.  
4. **Authentication & Authorization** → Defines security mechanisms (OAuth, API keys, JWT).  
5. **Error Handling** → Lists possible error codes and their meanings.  
6. **Rate Limits & Usage Policies** → Specifies API call limits to prevent abuse.

**Examples of API Specification Formats**:

- **OpenAPI (Swagger)** → Widely used for RESTful APIs, providing a machine-readable format.  
- **RAML (RESTful API Modeling Language)** → Focuses on design-first API development.  
- **GraphQL Schema** → Defines how clients can request data in a GraphQL API.  
- **gRPC Protocol Buffers** → Specifies APIs using binary serialization for high-performance communication.


**Q3. What is Flask, and why is it popular for building APIs?**


Flask is a lightweight and flexible web framework for Python, primarily used to build web applications and APIs. It follows a **micro-framework** approach, meaning it provides the essentials but allows developers to add extensions as needed.

**Why is Flask Popular for Building APIs?**  
1. **Lightweight & Minimalistic** → Provides only the core features, reducing unnecessary overhead.  
2. **Easy to Use** → Simple syntax makes it beginner-friendly.  
3. **Flexible** → Allows customization without enforcing strict patterns.  
4. **Supports RESTful APIs** → Ideal for creating RESTful services with minimal code.  
5. **Rich Ecosystem** → Supports extensions like Flask-RESTful and Flask-SQLAlchemy.  
6. **Built-in Development Server** → Simplifies testing and debugging.  
7. **Integration with Machine Learning & Data Science** → Frequently used to expose ML models as APIs.  

**Example: A Simple Flask API**
```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/hello', methods=['GET'])
def hello():
    return jsonify({"message": "Hello, World!"})

if __name__ == '__main__':
    app.run(debug=True)


**Q4. What is routing in Flask?**

Routing in Flask is the process of mapping **URLs (routes)** to specific functions that handle requests. When a user accesses a particular URL, Flask determines which function (or view) to execute based on the defined routes.

**Basic Example:**
```python
from flask import Flask

app = Flask(__name__)

@app.route('/')  # Root URL
def home():
    return "Welcome to the Home Page!"

@app.route('/about')  # "/about" URL
def about():
    return "This is the About Page."

if __name__ == '__main__':
    app.run(debug=True)
```
- Visiting `http://127.0.0.1:5000/` → Displays **"Welcome to the Home Page!"**  
- Visiting `http://127.0.0.1:5000/about` → Displays **"This is the About Page."**  

**Dynamic Routing**  
Flask allows dynamic URL parameters using `<variable_name>`:  
```python
@app.route('/user/<name>')
def greet_user(name):
    return f"Hello, {name}!"
```
- Accessing `/user/Deepanshu` → **"Hello, Deepanshu!"**  

You can also specify data types:  
```python
@app.route('/square/<int:number>')
def square(number):
    return f"Square of {number} is {number ** 2}"
```
- `/square/5` → **"Square of 5 is 25"**  

**Handling Multiple Methods (GET, POST, etc.)**  
By default, Flask routes only handle `GET` requests. To allow multiple HTTP methods:  
```python
@app.route('/submit', methods=['GET', 'POST'])
def submit():
    return "This route supports GET and POST."
```

**Q5. How do you create a simple Flask application?**

**Steps to Create a Simple Flask Application**  

**1. Install Flask**  
If you haven't already, install Flask using pip:  
```bash
pip install flask
```

 **2. Create a Basic Flask App**  
Create a new Python file (e.g., `app.py`) and add the following code:  

```python
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)
```

**3. Run the Flask Application**  
In the terminal, navigate to the directory where `app.py` is located and run:  
```bash
python app.py
```
By default, Flask runs on **http://127.0.0.1:5000/**. Open this in a browser to see **"Hello, Flask!"**.

**4. Adding a Simple API Endpoint**  
Modify `app.py` to return JSON data:  
```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to my Flask app!"

@app.route('/api/data')
def get_data():
    return jsonify({"message": "Hello, this is a Flask API", "status": "success"})

if __name__ == '__main__':
    app.run(debug=True)
```

**Q6. What are HTTP methods used in RESTful APIs?**

**HTTP Methods Used in RESTful APIs**  
In RESTful APIs, HTTP methods define actions that clients can perform on resources. The most commonly used methods are:

1. **GET** → Retrieve data from the server.  
   - Example: `GET /users` → Fetch all users.  
   - Example: `GET /users/1` → Fetch user with ID 1.  

2. **POST** → Create a new resource.  
   - Example: `POST /users` (with user data in request body) → Adds a new user.  

3. **PUT** → Update an existing resource (replaces entire resource).  
   - Example: `PUT /users/1` (with updated data) → Updates user with ID 1.  

4. **PATCH** → Partially update a resource.  
   - Example: `PATCH /users/1` (with specific fields) → Updates certain attributes of user 1.  

5. **DELETE** → Remove a resource.  
   - Example: `DELETE /users/1` → Deletes user with ID 1.  

**Less Common Methods:**
- **OPTIONS** → Returns allowed methods for a resource.  
- **HEAD** → Same as GET, but without the response body (used for metadata).  


**Q7.  What is the purpose of the @app.route() decorator in Flask?**

The `@app.route()` decorator in Flask is used to define **URL routes** for a web application. It maps a specific **URL path** to a **function** that handles requests to that path.  

 **Key Functions of `@app.route()`**  
1. **Defines Routes** → Specifies which URLs should trigger specific functions.  
2. **Handles HTTP Methods** → By default, supports `GET` but can be extended to `POST`, `PUT`, etc.  
3. **Supports Dynamic URLs** → Allows variable placeholders in URLs.  
4. **Simplifies API Development** → Makes defining API endpoints easy.

**Basic Example:**  
```python
from flask import Flask

app = Flask(__name__)

@app.route('/')  # Root URL
def home():
    return "Welcome to Flask!"

@app.route('/about')  # Another route
def about():
    return "This is the About page."

if __name__ == '__main__':
    app.run(debug=True)
```
- Visiting `/` → Displays **"Welcome to Flask!"**  
- Visiting `/about` → Displays **"This is the About page."**  

**Dynamic Routes:**  
```python
@app.route('/user/<name>')  
def greet(name):
    return f"Hello, {name}!"
```
- Visiting `/user/Deepanshu` → **"Hello, Deepanshu!"**  

**Handling Multiple HTTP Methods:**  
```python
@app.route('/submit', methods=['GET', 'POST'])
def submit():
    return "This endpoint supports both GET and POST requests."
```

**Q8. What is the difference between GET and POST HTTP methods?**

**Q9. How do you handle errors in Flask APIs?**
  
In Flask, handling errors properly ensures a better user experience and debugging process. Flask provides built-in error handling, but you can also customize responses for specific error cases.

---

**1. Using Flask’s Built-in Error Handlers**
Flask automatically returns standard HTTP error responses:  
- `404 Not Found` → If a route does not exist.  
- `405 Method Not Allowed` → If the request method is not supported for the route.  
- `500 Internal Server Error` → If an unexpected server error occurs.  

---

**2. Custom Error Handlers**  
You can define custom error responses using Flask’s `@app.errorhandler()` decorator.

**Example: Custom 404 Error Page**
```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.errorhandler(404)
def not_found(error):
    return jsonify({"error": "Resource not found"}), 404

if __name__ == '__main__':
    app.run(debug=True)
```
- If a user accesses an invalid URL, they receive:  
  ```json
  {"error": "Resource not found"}
  ```

---

**3. Handling Specific Errors Like 400 (Bad Request)**
```python
@app.errorhandler(400)
def bad_request(error):
    return jsonify({"error": "Bad Request"}), 400
```
Use this when input validation fails.

---

**4. Handling Exceptions in API Endpoints**
You can use **try-except** blocks inside routes to catch errors.

**Example: Handling Division by Zero**
```python
@app.route('/divide/<int:num1>/<int:num2>')
def divide(num1, num2):
    try:
        result = num1 / num2
        return jsonify({"result": result})
    except ZeroDivisionError:
        return jsonify({"error": "Cannot divide by zero"}), 400
```
- `/divide/10/2` → `{ "result": 5.0 }`  
- `/divide/10/0` → `{ "error": "Cannot divide by zero" }`  

---

**5. Handling Validation Errors in Request Data**
For APIs accepting JSON input, you can validate the request body.

**Example: Handling Missing JSON Data**
```python
from flask import request

@app.route('/submit', methods=['POST'])
def submit():
    if not request.json or 'name' not in request.json:
        return jsonify({"error": "Missing 'name' field"}), 400
    return jsonify({"message": f"Hello, {request.json['name']}!"})
```
- Sending `{ "name": "Deepanshu" }` → **Valid response**  
- Sending `{}` or no JSON → `{ "error": "Missing 'name' field" }`  



**Q10. How do you connect Flask to a SQL database?**

**Connecting Flask to a SQL Database**  
To connect Flask to a SQL database, you typically use **Flask-SQLAlchemy**, which provides an easy-to-use ORM (Object Relational Mapper) for handling database operations.

---

**1. Install Flask-SQLAlchemy**  
Run the following command to install the necessary package:  
```bash
pip install flask-sqlalchemy
```

---
**2. Set Up Flask with SQLAlchemy**
Create a **Flask app (`app.py`)** and configure the database connection.

**Example: Connecting to SQLite**
```python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)

# Configure the database (SQLite in this case)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///database.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

db = SQLAlchemy(app)

# Define a database model
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(100), nullable=False)
    email = db.Column(db.String(100), unique=True, nullable=False)

# Create the database tables
with app.app_context():
    db.create_all()

@app.route('/')
def home():
    return "Flask is connected to the database!"

if __name__ == '__main__':
    app.run(debug=True)
```

---

**3. Using a MySQL or PostgreSQL Database**
Change the `SQLALCHEMY_DATABASE_URI` value:

- **MySQL:**  
  ```python
  app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://username:password@localhost/dbname'
  ```
  Install dependencies:  
  ```bash
  pip install pymysql
  ```

- **PostgreSQL:**  
  ```python
  app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://username:password@localhost/dbname'
  ```
  Install dependencies:  
  ```bash
  pip install psycopg2
  ```

---

**4. Performing Database Operations**
### **Adding Data**
```python
@app.route('/add_user')
def add_user():
    user = User(name="John Doe", email="john@example.com")
    db.session.add(user)
    db.session.commit()
    return "User added!"
```

**Retrieving Data**
```python
@app.route('/users')
def get_users():
    users = User.query.all()
    return { "users": [{ "id": u.id, "name": u.name, "email": u.email } for u in users] }
```

---


**Q11. What is the role of Flask-SQLAlchemy?**

Flask-SQLAlchemy is an extension for Flask that integrates **SQLAlchemy**, a powerful Python ORM (Object-Relational Mapper). It simplifies database operations in Flask applications by providing a high-level abstraction over SQL databases.  

**Roles of Flask-SQLAlchemy**  
1. **Database Connection Management** – Handles connections to relational databases like SQLite, MySQL, and PostgreSQL.  
2. **ORM Functionality** – Maps Python classes (models) to database tables, allowing you to work with databases using Python objects.  
3. **Query Simplification** – Provides an easy way to run queries using SQLAlchemy’s ORM and session management.  
4. **Schema Definition** – Helps define database schema using Python classes instead of writing raw SQL.  
5. **Migration Support** – Works well with Flask-Migrate to manage database migrations and schema changes.  
6. **Session Handling** – Manages transactions, commits, and rollbacks automatically.  




**Q12. What are Flask blueprints, and how are they useful?**

### **Flask Blueprints**  
Flask **Blueprints** are a way to organize a Flask application into modular components. They allow you to structure your app into smaller, reusable modules instead of keeping everything in a single file.  

### **Why Are Blueprints Useful?**  
1. **Modular Structure** – Helps break a large app into smaller, manageable parts.  
2. **Code Reusability** – You can reuse the same blueprint in multiple projects.  
3. **Separation of Concerns** – Keeps routes, views, and logic separate for better maintainability.  
4. **Easier Collaboration** – Different teams or developers can work on different blueprints.  
5. **Scalability** – Helps scale Flask applications as they grow in complexity.  

### **Example Usage of Flask Blueprints**  
```python
from flask import Flask, Blueprint

# Create a blueprint
auth_bp = Blueprint('auth', __name__)

@auth_bp.route('/login')
def login():
    return "Login Page"

@auth_bp.route('/signup')
def signup():
    return "Signup Page"

# Initialize Flask app and register blueprint
app = Flask(__name__)
app.register_blueprint(auth_bp, url_prefix='/auth')

if __name__ == '__main__':
    app.run(debug=True)
```
### **How It Works:**  
- Defines an **`auth`** blueprint with `/login` and `/signup` routes.  
- Registers the blueprint with `url_prefix='/auth'`, so the endpoints become `/auth/login` and `/auth/signup`.  
- This keeps the authentication-related routes separate from the rest of the app.  


**Q13. What is the purpose of Flask's request object?**

**Flask `request` Object**  
Flask’s `request` object is used to **handle incoming HTTP requests** in a Flask application. It provides access to request data such as form inputs, JSON payloads, query parameters, headers, and cookies.  

**Key Uses of `request` Object**  
1. **Access Form Data** – Retrieve data submitted via **POST** requests.  
   ```python
   from flask import request
   
   @app.route('/submit', methods=['POST'])
   def submit():
       name = request.form['name']  # Get form input
       return f"Hello, {name}!"
   ```

2. **Retrieve Query Parameters** – Get URL parameters from **GET** requests.  
   ```python
   @app.route('/search')
   def search():
       query = request.args.get('q')  # ?q=value
       return f"Searching for {query}"
   ```

3. **Access JSON Data** – Handle API requests with JSON payloads.  
   ```python
   @app.route('/api/data', methods=['POST'])
   def api_data():
       data = request.get_json()
       return {"received": data}
   ```

4. **Handle File Uploads** – Receive and save uploaded files.  
   ```python
   @app.route('/upload', methods=['POST'])
   def upload():
       file = request.files['file']
       file.save(f"./uploads/{file.filename}")
       return "File uploaded successfully"
   ```

5. **Check HTTP Method** – Determine the type of request (GET, POST, etc.).  
   ```python
   @app.route('/check', methods=['GET', 'POST'])
   def check():
       if request.method == 'POST':
           return "Received a POST request"
       return "Received a GET request"
   ```

6. **Read Request Headers** – Access HTTP headers.  
   ```python
   @app.route('/headers')
   def headers():
       user_agent = request.headers.get('User-Agent')
       return f"Your browser: {user_agent}"
   ```



**Q14. How do you create a RESTful API endpoint using Flask?**

**Creating a RESTful API Endpoint in Flask**  
To build a RESTful API in Flask, you need to use the `Flask` framework along with `request` for handling requests and `jsonify` for returning JSON responses.  

---

**Steps to Create a REST API Endpoint**  

1. **Install Flask (if not already installed)**  
   ```sh
   pip install flask
   ```

2. **Create a Flask App with a REST API Endpoint**  
   ```python
   from flask import Flask, request, jsonify

   app = Flask(__name__)

   # Sample data (acting as a database)
   users = [
       {"id": 1, "name": "Alice"},
       {"id": 2, "name": "Bob"}
   ]

   # GET: Fetch all users
   @app.route('/users', methods=['GET'])
   def get_users():
       return jsonify(users)

   # GET: Fetch a single user by ID
   @app.route('/users/<int:user_id>', methods=['GET'])
   def get_user(user_id):
       user = next((u for u in users if u["id"] == user_id), None)
       return jsonify(user) if user else (jsonify({"error": "User not found"}), 404)

   # POST: Add a new user
   @app.route('/users', methods=['POST'])
   def add_user():
       data = request.get_json()
       new_user = {"id": len(users) + 1, "name": data["name"]}
       users.append(new_user)
       return jsonify(new_user), 201

   # PUT: Update a user by ID
   @app.route('/users/<int:user_id>', methods=['PUT'])
   def update_user(user_id):
       user = next((u for u in users if u["id"] == user_id), None)
       if not user:
           return jsonify({"error": "User not found"}), 404
       
       data = request.get_json()
       user["name"] = data["name"]
       return jsonify(user)

   # DELETE: Remove a user by ID
   @app.route('/users/<int:user_id>', methods=['DELETE'])
   def delete_user(user_id):
       global users
       users = [u for u in users if u["id"] != user_id]
       return jsonify({"message": "User deleted"}), 200

   if __name__ == '__main__':
       app.run(debug=True)
   ```


**Q15. What is the purpose of Flask's jsonify() function?**


Flask’s `jsonify()` function is used to **convert Python dictionaries, lists, or other serializable data into a JSON response**. It automatically sets the appropriate `Content-Type` header to `"application/json"` and ensures the response is properly formatted.

---

**Why Use `jsonify()`?**  
1. **Automatic JSON Formatting** – Converts Python data structures (like dicts and lists) into valid JSON.  
2. **Sets Correct Headers** – Ensures the response is recognized as JSON (`Content-Type: application/json`).  
3. **Handles Unicode Properly** – Ensures text encoding is correct.  
4. **Better Than `json.dumps()`** – Works directly with Flask responses and handles status codes efficiently.  

---

**Example Usage of `jsonify()`**  

**Basic Example**  
```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/data')
def get_data():
    data = {"message": "Hello, World!", "status": "success"}
    return jsonify(data)  # Returns JSON response

if __name__ == '__main__':
    app.run(debug=True)
```
**Response:**  
```json
{
    "message": "Hello, World!",
    "status": "success"
}
```

---

**Returning Multiple Data Types**  
```python
@app.route('/numbers')
def get_numbers():
    return jsonify(numbers=[1, 2, 3, 4, 5])
```
**Response:**  
```json
{
    "numbers": [1, 2, 3, 4, 5]
}
```

---

**Using `jsonify()` with Status Codes**  
```python
@app.route('/error')
def error():
    return jsonify({"error": "Not Found"}), 404  # Custom status code
```
**Response:** *(with HTTP 404 status code)*  
```json
{
    "error": "Not Found"
}
```




**Q16. Explain Flask’s url_for() function.**

**Flask `url_for()` Function**  

Flask’s `url_for()` function is used to **dynamically generate URLs** for routes defined in a Flask application. Instead of hardcoding URLs, `url_for()` constructs them based on the function name, ensuring flexibility and maintainability.

---

**Why Use `url_for()`?**  
1. **Avoids Hardcoding URLs** – Makes it easier to change routes without updating multiple links.  
2. **Handles URL Changes** – If you rename a route, Flask automatically updates the URL.  
3. **Supports Query Parameters** – Easily pass arguments to construct dynamic URLs.  
4. **Works with Blueprints** – Generates URLs for routes inside blueprints.  
5. **Handles URL Prefixes** – Supports `url_prefix` in blueprints and app configurations.  

---

**Example Usage of `url_for()`**  

**Generating a Simple URL**  
```python
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/home')
def home():
    return "Welcome to Home Page!"

with app.test_request_context():
    print(url_for('home'))  # Output: /home
```

---

**Adding Query Parameters**  
```python
@app.route('/user/<username>')
def user_profile(username):
    return f"Profile of {username}"

with app.test_request_context():
    print(url_for('user_profile', username='Alice'))  
    # Output: /user/Alice
```

---

**Using `url_for()` in Templates**  
Inside an HTML template:  
```html
<a href="{{ url_for('home') }}">Home</a>
<a href="{{ url_for('user_profile', username='Bob') }}">Bob's Profile</a>
```

---

**Generating URLs with HTTP Methods**  
```python
@app.route('/login', methods=['GET', 'POST'])
def login():
    return "Login Page"

with app.test_request_context():
    print(url_for('login', _external=True))  
    # Output: http://127.0.0.1:5000/login
```
- `_external=True` generates an **absolute URL** instead of a relative one.



**Q17. How does Flask handle static files (CSS, JavaScript, etc.)?**



Flask serves static files (CSS, JavaScript, images, etc.) using the **`static` folder** in the project directory. By default, Flask automatically maps `/static/` URLs to files inside this folder.

---

**Folder Structure for Static Files**  
```
/my_flask_app
│── app.py
│── /static
│   ├── style.css
│   ├── script.js
│   ├── logo.png
│── /templates
│   ├── index.html
```

---

**Accessing Static Files in Flask**  

**1. Using `url_for()` in HTML Templates**  
The best way to reference static files is by using `url_for('static', filename='path/to/file')`.  

Example **`index.html`**:  
```html
<!DOCTYPE html>
<html lang="en">
<head>
    <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
    <script src="{{ url_for('static', filename='script.js') }}"></script>
</head>
<body>
    <img src="{{ url_for('static', filename='logo.png') }}" alt="Logo">
</body>
</html>
```

---

**2. Manually Accessing Static Files in the Browser**  
If `style.css` is inside the `static` folder, it can be accessed directly in the browser:  
```
http://127.0.0.1:5000/static/style.css
```

---

**3. Custom Static Folder (Optional)**  
By default, Flask looks for a folder named `static`. To change this, specify a custom static folder:  
```python
app = Flask(__name__, static_folder='assets')
```
Now, static files should be placed in an `assets/` folder instead of `static/`.


**Q18. What is an API specification, and how does it help in building a Flask API?**


An **API specification** is a formal document that defines how an API should behave, including **endpoints, request/response formats, authentication, and error handling**. It serves as a blueprint for developers to understand how to interact with the API.  

Popular formats for API specifications include:  
- **OpenAPI (Swagger)**  
- **RAML (RESTful API Modeling Language)**  
- **GraphQL Schema**  

---

**How an API Specification Helps in Building a Flask API**  

1. **Clear Documentation** – Defines endpoints, methods (GET, POST, etc.), parameters, and response formats, making the API easier to use.  
2. **Consistency** – Ensures all developers follow the same structure when implementing API logic.  
3. **Interoperability** – Allows front-end and third-party developers to integrate without confusion.  
4. **Code Generation** – Tools like **Swagger Codegen** can generate Flask boilerplate code from the specification.  
5. **Validation** – Ensures incoming requests match the expected structure before processing.  
6. **Testing & Mocking** – Helps simulate API responses before actual development is complete.  

---

**Example: Using OpenAPI (Swagger) with Flask**  

1️ **Install Flask-RESTx** (for Swagger integration)  
```sh
pip install flask-restx
```

2️ **Define API Specification in Flask**  
```python
from flask import Flask
from flask_restx import Api, Resource

app = Flask(__name__)
api = Api(app, doc='/docs')  # Swagger UI at /docs

@api.route('/users/<int:id>')
class UserResource(Resource):
    def get(self, id):
        """Fetch a user by ID"""
        return {"id": id, "name": "Alice"}

if __name__ == '__main__':
    app.run(debug=True)
```
**Access Swagger UI**  
Run the Flask app and visit:  
```
http://127.0.0.1:5000/docs
```
This automatically generates an API specification and interactive documentation.


**Q19. What are HTTP status codes, and why are they important in a Flask API?**

**What Are HTTP Status Codes?**  
HTTP status codes are **three-digit numbers** returned by a server in response to an API request. They indicate the success, failure, or specific conditions of the request.  

**Why Are HTTP Status Codes Important in a Flask API?**  
1. **Communicates Request Outcomes** – Helps clients (frontend, mobile apps, or other APIs) understand what happened.  
2. **Error Handling** – Differentiates between client-side (4xx) and server-side (5xx) errors.  
3. **Improves Debugging** – Makes it easier to identify and fix issues in API interactions.  
4. **Enhances User Experience** – Provides meaningful responses instead of generic error messages.  



**Q20. How do you handle POST requests in Flask?**


In Flask, POST requests are typically used to send data to the server, such as when creating or updating resources. Flask provides an easy way to handle POST requests by defining routes that accept the `POST` method.

**Steps to Handle POST Requests**  

1. **Define a Route with the `POST` Method**  
   Use the `methods=['POST']` argument to specify that the route should handle POST requests.

2. **Access Data from the Request**  
   Use `request.form` for form data or `request.get_json()` for JSON payloads.

3. **Return a Response**  
   You can return a response, usually in JSON format, and include an appropriate HTTP status code.

---

**Example 1: Handling POST Request with Form Data**  
When data is sent via a form, it is accessed via `request.form`.

```python
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit_form():
    name = request.form.get('name')  # Access form field
    email = request.form.get('email')
    
    if not name or not email:
        return jsonify({"error": "Name and email are required"}), 400  # 400 Bad Request
    
    return jsonify({"message": f"Received: {name}, {email}"}), 201  # 201 Created

if __name__ == '__main__':
    app.run(debug=True)
```

**Explanation**:
- **POST** request is sent to `/submit` with `name` and `email` in the form data.
- If any of the fields are missing, the server responds with a `400` status code.
- Otherwise, a success message is returned with a `201` status code.

---

**Example 2: Handling POST Request with JSON Data**  
If the request sends data in JSON format, use `request.get_json()` to retrieve it.

```python
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/api/user', methods=['POST'])
def create_user():
    data = request.get_json()  # Parse JSON data
    if not data or 'name' not in data or 'email' not in data:
        return jsonify({"error": "Name and email are required"}), 400  # 400 Bad Request

    # Simulate saving user data
    return jsonify({"message": f"User {data['name']} with email {data['email']} created"}), 201  # 201 Created

if __name__ == '__main__':
    app.run(debug=True)
```

**Explanation**:
- **POST** request is sent to `/api/user` with a JSON payload like:
  ```json
  { "name": "Alice", "email": "alice@example.com" }
  ```
- If required data is missing, it returns a `400` error.
- If the data is valid, it returns a success message with a `201` status code.

---

**Example 3: Handling POST Request with File Upload**  
You can also handle file uploads using `request.files`.

```python
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/upload', methods=['POST'])
def upload_file():
    file = request.files.get('file')  # Access uploaded file
    if not file:
        return jsonify({"error": "No file provided"}), 400  # 400 Bad Request

    file.save(f"./uploads/{file.filename}")  # Save the file
    return jsonify({"message": f"File {file.filename} uploaded successfully!"}), 201  # 201 Created

if __name__ == '__main__':
    app.run(debug=True)
```


**Q21. How would you secure a Flask API?**

Securing a Flask API is crucial to ensure that only authorized users can access sensitive resources, and that the API is protected from common security threats. Here are several best practices and techniques to secure your Flask API:

1. **Use HTTPS (SSL/TLS)**
   - Always use HTTPS to encrypt data in transit between clients and your API. This ensures that data such as login credentials, personal information, and tokens are not transmitted in plaintext.

   **How to enable HTTPS**:
   - Use a reverse proxy like **Nginx** or **Apache** in front of your Flask app to handle SSL.
   - Alternatively, you can run Flask with SSL certificates directly in development (not recommended for production):
     ```python
     app.run(ssl_context=('cert.pem', 'key.pem'))
     ```

2. **Authentication and Authorization**
   - **Authentication** verifies the identity of the user (e.g., using API keys, JWT tokens, or OAuth).
   - **Authorization** ensures that authenticated users have access to certain resources or actions.

   **Common Authentication Methods**:
   - **API Key Authentication**: Assign a unique API key to each user.
     - Check for the key in request headers (`Authorization` or `x-api-key`).
   - **JSON Web Tokens (JWT)**: Used for stateless authentication. A user logs in, receives a token, and sends it with every subsequent request.
     - Use a library like **PyJWT** to encode and decode JWTs.
   - **OAuth2**: Used for delegated access, like logging in with Google or Facebook.

   **Example: JWT Authentication**:
   ```python
   import jwt
   from flask import Flask, request, jsonify
   from functools import wraps

   app = Flask(__name__)
   app.config['SECRET_KEY'] = 'your_secret_key'

   def token_required(f):
       @wraps(f)
       def decorated_function(*args, **kwargs):
           token = request.headers.get('Authorization')
           if not token:
               return jsonify({'message': 'Token is missing!'}), 403
           try:
               data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"])
           except Exception as e:
               return jsonify({'message': 'Token is invalid!'}), 403
           return f(*args, **kwargs)
       return decorated_function

   @app.route('/protected', methods=['GET'])
   @token_required
   def protected_route():
       return jsonify({"message": "You have access to this resource"})

   if __name__ == '__main__':
       app.run(debug=True)
   ```

3. **Rate Limiting**
   - Protect your API from **DDoS** (Distributed Denial of Service) attacks or abuse by limiting the number of requests a user or IP can make in a given period.

   **How to implement rate limiting**:
   - Use a library like **Flask-Limiter** to set request limits.
   - Example:
     ```bash
     pip install Flask-Limiter
     ```

     ```python
     from flask_limiter import Limiter
     from flask import Flask, jsonify

     app = Flask(__name__)
     limiter = Limiter(app, key_func=lambda: request.remote_addr)

     @app.route('/api', methods=['GET'])
     @limiter.limit("5 per minute")  # 5 requests per minute per IP
     def api():
         return jsonify({"message": "Welcome to the API!"})

     if __name__ == '__main__':
         app.run(debug=True)
     ```


**Q22. What is the significance of the Flask-RESTful extension?**

Flask-RESTful is an extension for Flask that simplifies the creation of REST APIs. It provides tools to help you build clean, efficient, and maintainable APIs by handling common tasks such as request parsing, response formatting, and URL routing, while adhering to REST principles.

---

**Key Features and Significance of Flask-RESTful:**

1. **Simplified Routing and View Classes**
   - Flask-RESTful allows you to define API resources using **resource classes** that extend `Resource`. This approach simplifies routing and structuring of your API compared to defining individual view functions for each endpoint.
   
   **Example:**
   ```python
   from flask import Flask
   from flask_restful import Api, Resource

   app = Flask(__name__)
   api = Api(app)

   class HelloWorld(Resource):
       def get(self):
           return {'message': 'Hello, World!'}

   api.add_resource(HelloWorld, '/')

   if __name__ == '__main__':
       app.run(debug=True)
   ```

   In this example, `HelloWorld` is a resource that handles the `GET` method. The route is automatically mapped to the `/` endpoint.

2. **Request Parsing with `reqparse`**
   - Flask-RESTful provides the `reqparse` module to handle and validate incoming request data (from JSON, form data, or query parameters). This feature helps in parsing and validating request data, reducing manual validation logic.

   **Example of `reqparse`:**
   ```python
   from flask_restful import reqparse

   parser = reqparse.RequestParser()
   parser.add_argument('name', type=str, required=True, help="Name is required")
   parser.add_argument('age', type=int)

   class UserResource(Resource):
       def post(self):
           args = parser.parse_args()
           return {'name': args['name'], 'age': args['age']}
   ```

3. **Automatic JSON Response Handling**
   - Flask-RESTful automatically converts Python dictionaries into JSON responses, saving time and reducing the need to manually handle serialization.
   
   **Example:**
   ```python
   class UserResource(Resource):
       def get(self):
           return {'id': 1, 'name': 'Alice'}
   ```
   Flask-RESTful will automatically convert the returned dictionary into a JSON response with the correct content type (`application/json`).

4. **HTTP Method Handling**
   - Instead of checking for HTTP methods manually (`request.method`), Flask-RESTful allows you to define methods like `get()`, `post()`, `put()`, and `delete()` in your resource classes.
   
   **Example:**
   ```python
   class UserResource(Resource):
       def get(self):
           return {'message': 'Fetching user details'}

       def post(self):
           return {'message': 'Creating user'}, 201
   ```



**Q23. What is the significance of the Flask-RESTful extension?**

The **Flask-RESTful** extension is a powerful tool for building REST APIs with Flask, providing a higher-level abstraction to simplify the process of creating RESTful web services. It builds on Flask’s core functionality by offering several key features that streamline API development. Here's a detailed look at its significance:

**1. Simplified Resource Handling**
   Flask-RESTful allows you to define **resources** as Python classes that handle specific HTTP methods (e.g., `GET`, `POST`, `PUT`, `DELETE`) by implementing corresponding methods inside the class. This makes the API design cleaner, more organized, and easier to maintain compared to defining individual route functions in Flask.

   **Example:**
   ```python
   from flask import Flask
   from flask_restful import Api, Resource

   app = Flask(__name__)
   api = Api(app)

   class HelloWorld(Resource):
       def get(self):
           return {'message': 'Hello, World!'}

   api.add_resource(HelloWorld, '/')

   if __name__ == '__main__':
       app.run(debug=True)
   ```
   This example shows how Flask-RESTful handles the routing of the `GET` request for the `/` endpoint within a `HelloWorld` resource class.

**2. Automatic Request Parsing**
   Flask-RESTful simplifies request parsing with tools like `reqparse`. It helps manage and validate incoming data from different sources such as form data, JSON, and query parameters, reducing boilerplate code.

   **Example:**
   ```python
   from flask_restful import reqparse

   parser = reqparse.RequestParser()
   parser.add_argument('name', type=str, required=True, help="Name cannot be blank")
   parser.add_argument('age', type=int, required=True, help="Age cannot be blank")

   class UserResource(Resource):
       def post(self):
           args = parser.parse_args()
           return {'message': f"User {args['name']} created with age {args['age']}"}, 201
   ```

   Here, `reqparse` automatically validates that `name` and `age` are present in the request and parses them accordingly.

**3. Easy Response Formatting**
   Flask-RESTful automatically serializes Python objects (such as dictionaries) into JSON responses, which is the default format for most APIs. You don't need to manually use `jsonify` or other serialization methods.

   **Example:**
   ```python
   class UserResource(Resource):
       def get(self):
           return {'id': 1, 'name': 'Alice'}
   ```
   The above class returns a JSON response with `id` and `name` fields when accessed via the `GET` method.

**4. Built-in Support for HTTP Methods**
   In Flask, you typically have to manually check for the HTTP method using `request.method`. Flask-RESTful makes it easier to handle different HTTP methods by allowing you to define methods like `get()`, `post()`, `put()`, and `delete()` directly in your resource classes.

   **Example:**
   ```python
   class UserResource(Resource):
       def get(self):
           return {'message': 'Getting user data'}

       def post(self):
           return {'message': 'Creating user'}
   ```



###**Practical**

In [11]:
#Q1.How do you create a basic Flask application?

from flask import Flask

# Create a Flask application instance
app = Flask(Instagram)

# Define a route for the root URL
@app.route('/')
def home():
    return 'Hello, World!'

# Run the application
if Instagram == '__main__':
    app.run(debug=True)


In [10]:
#Q2.How do you serve static files like images or CSS in Flask?

from flask import Flask, send_from_directory

app = Flask(__name__)

@app.route('/uploads/<filename>')
def uploaded_file(filename):
    return send_from_directory('uploads', filename)

if __name__ == '__main__':
    app.run(debug=True)



In [9]:
#Q3.How do you define different routes with different HTTP methods in Flask?

from flask import Flask, request

app = Flask(__name__)

# Handle GET request
@app.route('/example', methods=['GET'])
def get_example():
    return "GET method: Here is some data."

# Handle POST request
@app.route('/example', methods=['POST'])
def post_example():
    data = request.json  # Assuming the data is sent as JSON
    return f"POST method: Received data: {data}"

# Handle PUT request
@app.route('/example', methods=['PUT'])
def put_example():
    data = request.json
    return f"PUT method: Updated data: {data}"

# Handle DELETE request
@app.route('/example', methods=['DELETE'])
def delete_example():
    return "DELETE method: Resource deleted."

if __name__ == '__main__':
    app.run(debug=True)


In [8]:
#Q4.How do you render HTML templates in Flask?

from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    title = "Flask Template Example"
    message = "This is a simple Flask template rendering example."
    return render_template('index.html', title=title, message=message)

if __name__ == '__main__':
    app.run(debug=True)



In [None]:
#Q5.How can you generate URLs for routes in Flask using url_for

from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Home Page"

@app.route('/about')
def about():
    return "About Page"

if __name__ == '__main__':
    with app.test_request_context():
        print(url_for('home'))   # Generates: '/'
        print(url_for('about'))  # Generates: '/about'
    app.run(debug=True)


In [None]:
#Q6.How do you handle forms in Flask?

from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def handle_form():
    if request.method == 'POST':
        # Get data from form
        username = request.form['username']
        return f"Hello, {username}!"
    return render_template('form.html')

if __name__ == '__main__':
    app.run(debug=True)


In [15]:
#Q7.How can you validate form data in Flask?

from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def handle_form():
    if request.method == 'POST':
        # Manually getting the data from the form
        username = request.form.get('username')

        # Simple validation: check if the username is empty
        if not username:
            error_message = "Username is required."
            return render_template('form.html', error=error_message)

        # If validation passes, do something with the data
        return f"Hello, {username}!"

    return render_template('form.html')

if __name__ == '__main__':
    app.run(debug=True)




In [None]:
#Q8.How do you manage sessions in Flask?

from flask import Flask, session, redirect, url_for, render_template
from datetime import timedelta

app = Flask(__name__)
app.config['SECRET_KEY'] = 'your_secret_key_here'
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(minutes=30)

@app.route('/set_session')
def set_session():
    session['username'] = 'JohnDoe'  # Store data in session
    session.permanent = True  # Make the session permanent (this will trigger expiration)
    return redirect(url_for('get_session'))

@app.route('/get_session')
def get_session():
    username = session.get('username', 'Guest')  # Retrieve data from session
    return f"Hello, {username}!"

@app.route('/clear_session')
def clear_session():
    session.clear()  # Clears all session data
    return redirect(url_for('get_session'))

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
#Q9.How do you redirect to a different route in Flask?

from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page"

@app.route('/redirect_here')
def redirect_here():
    return redirect(url_for('home'))  # Redirects to the 'home' route

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
#Q10.How do you handle errors in Flask (e.g., 404)?

from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page!"

# Custom 404 error handler
@app.errorhandler(404)
def page_not_found(error):
    return render_template('404.html'), 404  # Render a custom 404 template

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
#Q11.How do you structure a Flask app using Blueprints?
# app/__init__.py

from flask import Flask
from .main import main_bp  # Import the main blueprint
from .auth import auth_bp  # Import the auth blueprint

def create_app(config_filename=None):
    app = Flask(__name__)

    # Load configuration
    if config_filename:
        app.config.from_pyfile(config_filename)

    # Register blueprints
    app.register_blueprint(main_bp)
    app.register_blueprint(auth_bp, url_prefix='/auth')  # Prefix for the auth blueprint

    return app


In [17]:
#Q12.How do you define a custom Jinja filter in Flask?

# app/__init__.py
from flask import Flask
from .utils import reverse_string  # Import the custom filter

def create_app(config_filename=None):
    app = Flask(__name__)

    # Register the custom filter
    app.jinja_env.filters['reverse'] = reverse_string

    return app


In [None]:
#Q13.How can you redirect with query parameters in Flask?

from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page! <a href='/redirect_with_params'>Go to redirect</a>"

@app.route('/redirect_with_params')
def redirect_with_params():
    # Generate a URL with query parameters
    return redirect(url_for('target', param1='value1', param2='value2'))

@app.route('/target')
def target():
    param1 = request.args.get('param1')  # Retrieve query parameter 'param1'
    param2 = request.args.get('param2')  # Retrieve query parameter 'param2'
    return f"Received parameters: param1={param1}, param2={param2}"

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
#Q14.How do you return JSON responses in Flask?

from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/json_response')
def json_response():
    data = {'message': 'Hello, JSON response!'}
    return jsonify(data)

In [None]:
#Q15.How do you capture URL parameters in Flask?

from flask import Flask

app = Flask(__name__)

@app.route('/hello/<username>')
def hello(username):
    return f"Hello, {username}!"

if __name__ == '__main__':
    app.run(debug=True)



 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat
