# **THEORY QUESTION**

## **1. What is a RESTful API?**

**Answer:**

A RESTful API (Representational State Transfer API) is a type of web API that follows the principles of REST architecture, which is a set of guidelines for building scalable and maintainable web services.

**Key Concepts of a RESTful API:**
1. Resources:

    * Everything is considered a resource (e.g., users, products, posts).

    * Each resource is identified by a URL (Uniform Resource Locator).

      * Example: `https://api.example.com/users/123`

2. HTTP Methods:

RESTful APIs use standard HTTP methods to perform operations on resources:

   * `GET` – Retrieve data (e.g., get a user)

   * `POST` – Create a new resource (e.g., create a new user)

   * `PUT` – Update an existing resource (e.g., update user data)

   * `DELETE` – Remove a resource (e.g., delete a user)

3. Stateless:

  * Each request is independent and contains all the information needed for the server to understand and process it.

  * The server does not store any client context between requests.

4. JSON or XML:

 * Data is typically sent and received in JSON format (though XML or other formats can be used).

5. Use of Standard HTTP Status Codes:

   * Examples:

       * `200 OK` – Success

       * `201 Created` – Resource successfully created

       * `404 Not Found` – Resource not found

       * `500 Internal Server Error` – Server-side problem

## **2. Explain the concept of API specification.**

**Answer**

An API specification is a detailed, formal description of how an API behaves and how developers should interact with it. It outlines what the API does, what data it expects, what it returns, and how to access it.

**Key Elements of an API Specification:**

1. **Endpoints:**

    * URLs that represent resources.

    * Example: `/users`, `/products/{id}`

2. **HTTP Methods:**

    * Specifies which methods are supported for each endpoint (`GET`, `POST`, `PUT`, `DELETE`, etc.)

3. **Request Format:**

    * Describes required headers, query parameters, path parameters, and body payloads.

4. **Response Format:**

    * Defines the structure of the response, including status codes and possible return data.

5. **Authentication & Authorization:**

    * Explains how clients authenticate (e.g., using API keys, OAuth tokens, JWTs).

6. **Error Codes and Messages:**

    * Lists possible errors, HTTP status codes, and how to interpret them.



## **3. What is Flask, and why is it popular for building APIs?**

**Answer**

**Flask** is a lightweight, open-source Python web framework used to build web applications and RESTful APIs.

It is classified as a microframework, meaning it provides the essential tools to get started but leaves decisions like database, form handling, and authentication up to the developer.

**Why Flask Is Popular for Building APIs:**

1. **Simplicity and Minimalism**

    * Flask is easy to learn and use.

    * You can create a working API with just a few lines of code.

2. **Flexible and Unopinionated**

    * You’re free to structure your app however you want.

    * You can choose your own libraries for things like databases or authentication.

3. **Built-in Development Server**

    * Comes with a lightweight server for quick testing during development.

4. **Support for RESTful Routing**

    * Flask makes it easy to define routes that follow REST principles.

5. **Extensive Ecosystem**

    * Supports many extensions (e.g., Flask-RESTful, Flask-JWT, Flask-SQLAlchemy).

    * Makes it easy to add features like authentication, database support, and input validation.

6. **Active Community and Documentation**

    * Well-maintained with lots of tutorials, examples, and third-party tools.

## **4. What is routing in Flask?**

**Answer**

Routing in Flask refers to the mechanism by which URL requests are mapped to specific Python functions (views) that handle those requests. Flask uses decorators, primarily `@app.route()`, to associate a URL path with a view function. When a client makes a request to a particular URL, Flask looks up the corresponding route and executes the associated function to generate a response.

## **5. How do you create a simple Flask application?**

**Answer**

## **6. What are HTTP methods used in RESTful APIs?**

**Answer**


HTTP methods (or verbs) define the type of action to be performed on a resource. The most common ones in RESTful APIs are:

* **GET:** Retrieves data from a resource. (Idempotent and safe)

* **POST:** Submits new data to a resource, often creating a new resource. (Neither idempotent nor safe)

* **PUT:** Updates an existing resource or creates a new one if it doesn't exist. (Idempotent)

* **DELETE:** Removes a resource. (Idempotent)

* **PATCH:** Partially updates an existing resource. (Neither idempotent nor safe)




## **7. What is the purpose of the @app.route() decorator in Flask?**

**Answer:**

The `@app.route()` decorator in Flask is used to bind a URL path to a Python function. When a user navigates to the specified URL in their browser (or a client makes a request to that URL), the decorated function is executed, and its return value is sent back as the response to the client. It's the core mechanism for defining endpoints in a Flask application.

## **8. What is the difference between GET and POST HTTP methods?**

**Answer**

* **GET:** Used to retrieve data from a server. Data is sent as URL parameters (query string). It is idempotent (multiple identical requests have the same effect as a single one) and safe (doesn't change server state). Data is visible in the URL and browser history.

* **POST:** Used to submit data to a server, often for creating a new resource or performing an action that modifies server state. Data is sent in the request body. It is neither idempotent nor safe. Data is not visible in the URL.

## **9. How do you handle errors in Flask APIs?**

**Answer:**

Flask provides mechanisms for error handling:

* `@app.errorhandler()` **decorator:** Used to register a function to handle specific HTTP error codes (e.g., 404 Not Found, 500 Internal Server Error).

* `abort()` **function:** Used within view functions to immediately raise an HTTP error.

* **Custom error classes:** You can define your own exception classes and register error handlers for them.

* **JSON error responses:** For APIs, it's common to return error details in a JSON format.

**Example:**

In [None]:

from flask import Flask, abort, jsonify

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return jsonify({"error": "Resource not found"}), 404

@app.route('/resource/')
def get_resource(id):
    if id == 'invalid':
        abort(404)
    return jsonify({"data": f"Resource {id}"})

## **10. How do you connect Flask to a SQL database?**

**Answer:**

lask itself doesn't have built-in database connectivity. You connect Flask to a SQL database using various Python libraries and Flask extensions:

* **SQLAlchemy:** A powerful Object Relational Mapper (ORM) that provides a high-level API to interact with databases.

* **Flask-SQLAlchemy:** A Flask extension that integrates SQLAlchemy seamlessly with Flask, simplifying configuration and common database operations.

* **Raw drivers:** You can use specific database drivers (e.g., psycopg2 for PostgreSQL, mysql-connector-python for MySQL, sqlite3 for SQLite) directly, though an ORM is usually preferred for complex applications.

## **11. What is the role of Flask-SQLAlchemy?**

**Answer:**

Flask-SQLAlchemy is a Flask extension that provides SQLAlchemy support for Flask applications. Its role is to:

* **Simplify configuration:** Easily configure database connections within your Flask app.

* **Provide a session management system:** Manages database sessions, ensuring proper connection handling and transaction management.

* **Integrate with Flask's context:** Makes database objects available within Flask's application and request contexts.

* **Offer convenient helpers:** Provides helper methods for common ORM operations like querying, adding, and committing data.

## **12. What are Flask blueprints, and how are they useful?**

**Answer:**

Flask Blueprints are a way to organize your Flask application into smaller, reusable components. They act as "blueprints" for parts of your application, allowing you to define routes, static files, and templates relative to the blueprint.

Their usefulness includes:

* **Modularity:** Breaking down a large application into manageable, independent modules.

* **Reusability:** Blueprints can be registered multiple times within the same application or even across different Flask applications.

* **URL Prefixing:** Assigning a common URL prefix to all routes defined within a blueprint.

* **Separation of Concerns:** Better organization for larger projects, making them easier to maintain and scale.

## **13. What is the purpose of Flask's request object?**

**Answer**

Flask's `request` object (imported from `flask`) is a global object that provides access to incoming request data. Its purpose is to encapsulate all information related to the current HTTP request made by the client. It allows you to access:

* **HTTP Method:** `request.method` (e.g., 'GET', 'POST')

* **URL Parameters:** `request.args` (for GET query parameters)

* **Form Data:** `request.form` (for POST form data)

* **JSON Data:** `request.json` (for JSON request bodies)

* **Files:** `request.files` (for uploaded files)

* **Headers:** `request.headers`

* **Cookies:** `request.cookies`

## **14. How do you create a RESTful API endpoint using Flask?**

**Answer:**

You create a RESTful API endpoint in Flask by defining a view function and associating it with a URL path and an HTTP method using the `@app.route()` decorator. You typically return JSON data using `jsonify()`.

Example (for retrieving and creating users):

In [None]:
from flask import Flask, jsonify, request

app = Flask(__name__)

users = {} # In-memory store for demonstration

@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(list(users.values()))

@app.route('/users', methods=['POST'])
def create_user():
    data = request.json
    if not data or 'id' not in data or 'name' not in data:
        return jsonify({"error": "Invalid user data"}), 400
    user_id = data['id']
    if user_id in users:
        return jsonify({"error": "User with this ID already exists"}), 409
    users[user_id] = data
    return jsonify(data), 201


## **15. What is the purpose of Flask's jsonify() function?**

**Answer:**

Flask's `jsonify()` function (imported from flask) is a helper function used to serialize Python dictionaries or lists into JSON format and return them as an HTTP response with the Content-Type header set to `application/json`. It automatically handles the conversion to JSON and sets the appropriate header, making it convenient for building RESTful APIs.

## **16. Explain Flask's url_for() function.**

**Answer:**

`url_for()` is a Flask helper function used for URL building. Instead of hardcoding URLs in your templates or Python code, `url_for()` generates them dynamically based on the name of the view function.

Its purpose is to:

* **Prevent broken links:** If you change a URL rule in your `@app.route()` decorator, `url_for()` will automatically generate the correct new URL, avoiding manual updates.

* **Handle dynamic parts:** It can generate URLs with variable parts (e.g., /users/<id>).

* **Support blueprints:** It works correctly with URLs defined within Flask blueprints.

* **Add query parameters:** You can pass keyword arguments to `url_for()` to add query parameters to the URL.

Example:

In [None]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/user/')
def profile(username):
    pass # This function would render a user profile page

with app.test_request_context():
    print(url_for('profile', username='Alice')) # Output: /user/Alice
    print(url_for('profile', username='Bob', _external=True)) # Output: http://localhost/user/Bob
    print(url_for('static', filename='style.css')) # Output: /static/style.css


/user/?username=Alice
http://localhost/user/?username=Bob
/static/style.css


## **17. How does Flask handle static files (CSS, JavaScript, etc.)?**

**Answer:**

Flask handles `static` files (like CSS, JavaScript, images, and fonts) by serving them from a dedicated directory, typically named `static`, located within your application's root directory.

* By default, Flask looks for `static` files in a folder named `static` inside your application directory.

* You refer to `static` files in your templates using the `url_for()` function with the special endpoint name 'static' and the filename argument.

Example in an HTML template:

Flask then serves these files directly.

## **18. What is an API specification, and how does it help in building a Flask API?**

**Answer:**

(This question is a duplicate of #2, but I'll re-emphasize its relevance to Flask APIs.)

An API specification (e.g., OpenAPI/Swagger) is a formal, machine-readable description of your API's endpoints, operations, parameters, responses, and data models.

How it helps in building a Flask API:

* **Clear Documentation:** Provides interactive and up-to-date documentation for API consumers.

* **Code Generation:** Tools can generate client SDKs, server stubs (for Flask), and test cases directly from the spec.

* **Design-First Approach:** Encourages defining the API's contract before implementation, leading to better-designed APIs.

* **Consistency:** Ensures all developers adhere to the same API contract.

* **Testing:** Facilitates automated testing and validation of API responses.

* **Mock Servers:** Enables creation of mock servers for frontend development without waiting for backend implementation.

## **19. What are HTTP status codes, and why are they important in a Flask API?**

**Answer:**

HTTP status codes are three-digit numbers returned by a server in response to an HTTP request, indicating the status of the request. They are categorized into five classes:

* **1xx (Informational):** Request received, continuing process.

* **2xx (Success):** The action was successfully received, understood, and accepted. (e.g., `200 OK`, `201 Created`, `204 No Content`)

* **3xx (Redirection):** Further action needs to be taken to complete the request. (e.g., `301 Moved Permanently`)

* **4xx (Client Error):** The request contains bad syntax or cannot be fulfilled. (e.g., `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`)

* **5xx (Server Error):** The server failed to fulfill an apparently valid request. (e.g., `500 Internal Server Error`, `503 Service Unavailable`)

**Importance in a Flask API:**

* **Communication:** They provide immediate feedback to the client about the outcome of their request.

* **Error Handling:** Crucial for signaling success, errors, or specific conditions (e.g., resource not found, invalid input).

* **API Usability:** A well-designed API uses appropriate status codes to make it easier for clients to integrate and debug.

* **Automated Processing:** Allows client-side code and proxies to programmatically understand the response.

## **20. How do you handle POST requests in Flask?**

**Answer**

To handle POST requests in Flask, you specify `methods=['POST']` in the `@app.route()` decorator. The data sent in the POST `request` body can then be accessed using the request object.

* **Form Data (Content-Type:** `application/x-www-form-urlencoded` **or** `multipart/form-data`): Access using `request.form`.

* **JSON Data (Content-Type:** `application/json`): Access using `request.json` (which automatically parses the JSON).

Example (creating a new item):

In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

items = []

@app.route('/items', methods=['POST'])
def add_item():
    if request.is_json:
        data = request.json
        item_name = data.get('name')
        if item_name:
            items.append(item_name)
            return jsonify({"message": f"Item '{item_name}' added"}), 201
        return jsonify({"error": "Name is required"}), 400
    return jsonify({"error": "Request must be JSON"}), 400

# Example usage with curl:
# curl -X POST -H "Content-Type: application/json" -d '{"name": "New Item"}' http://127.0.0.1:5000/items

## **21. How would you secure a Flask API?**

**Answer:**

Securing a Flask API involves multiple layers:

* **Authentication:** Verify the identity of the client.

    * **Token-based (JWT):** Common for APIs. Clients send a token in headers. Use extensions like Flask-JWT-Extended.

    * **OAuth2:** For third-party access.

    * **API Keys:** Simpler, but less secure than tokens.

* **Authorization:** Determine what an authenticated client is allowed to do.

   * **Role-Based Access Control (RBAC):** Assign roles to users with specific permissions.

   * **Permission-Based Access Control:** Fine-grained control over specific actions.

* **Input Validation:** Sanitize and validate all incoming data (request.json, request.form) to prevent injection attacks (SQL injection, XSS). Use libraries like Marshmallow or Pydantic.

* **HTTPS/SSL/TLS:** Encrypt all communication between client and server to prevent eavesdropping and tampering.

* **Rate Limiting:** Prevent abuse and DoS attacks by limiting the number of requests a client can make within a time frame (Flask-Limiter).

* **CORS (Cross-Origin Resource Sharing):** Properly configure CORS headers to control which origins can access your API (Flask-CORS).

* **Error Handling:** Avoid leaking sensitive information in error messages.

* **Secret Management:** Keep sensitive keys (e.g., database credentials, JWT secrets) out of your code and use environment variables or secret management services.

* **Dependency Updates:** Regularly update Flask and all extensions to patch security vulnerabilities.

* **Logging and Monitoring:** Implement robust logging to detect and respond to suspicious activity.

## **22. What is the significance of the Flask-RESTful extension?**

**Answer:**

Flask-RESTful is an extension for Flask that provides a fast way to build REST APIs. Its significance lies in:

* **Resource Abstraction:** Provides a `Resource` class to define API endpoints as classes, making it easier to organize and handle different HTTP methods for a single resource.

* **Request Parsing:** Includes `reqparse` for easily parsing and validating request arguments.

* **Error Handling:** Offers standardized error handling for common API errors.

* **Content Negotiation:** Handles content negotiation (JSON, XML) automatically.

* **Marshalling:** Simplifies the process of serializing Python objects to API output formats.

* **URL Routing:** Integrates seamlessly with Flask's routing but provides a more structured approach for APIs.

It reduces boilerplate code and provides a more opinionated structure for API development compared to plain Flask.

## **23. What is the role of Flask's session object?**

**Answer:**

Flask's `session` object is a dictionary-like object (imported from `flask`) that allows you to store data specific to a user's session between requests. The data stored in the session is typically encrypted and signed, then stored in a cookie on the client's browser.

Its role is to:

* **Maintain State:** Provides a way to maintain state across multiple requests from the same user, as HTTP is stateless.

* **Store User-Specific Data:** Store small amounts of user-specific data that don't need to be persisted in a database (e.g., logged-in user ID, flash messages, shopping cart contents).

* **Security:** The session data is cryptographically signed to prevent tampering, and encrypted (though not strictly required for signing to prevent tampering, encryption provides confidentiality). You **must** set a `SECRET_KEY` for sessions to work securely.

Example:

In [None]:
from flask import Flask, session, redirect, url_for

app = Flask(__name__)
app.secret_key = 'your_secret_key_here' # MUST BE A STRONG, RANDOM KEY!

@app.route('/login')
def login():
    session['username'] = 'JohnDoe'
    return 'User logged in'

@app.route('/dashboard')
def dashboard():
    if 'username' in session:
        return f'Welcome, {session["username"]}!'
    return redirect(url_for('login'))

@app.route('/logout')
def logout():
    session.pop('username', None)
    return 'User logged out'

# **PRACTICAL QUESTIONS**

## **1. How do you create a basic Flask application?**

**Answer:**

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


## **2. How do you serve static files like images or CSS in Flask?**

**Answer:**

In Flask, you serve static files (like images, CSS, JS) using the `static` folder.

**How it works (short answer):**

Place your static files in a folder named `static` in your Flask project directory.

Flask automatically serves files from this folder at the `/static/` URL.

**Example:**
**Project structure:**

In [None]:
my_app/
│
├── app.py
└── static/
    ├── style.css
    └── logo.png


In `app.py:`

In [None]:
from flask import Flask
app = Flask(__name__)

In HTML (e.g., `templates/index.html`):

#### **Summary:**
* Use the `/static/` route.

* Use `url_for('static', filename='yourfile')` to reference them.

* No extra setup needed unless you want a custom static folder.

## **3. How do you define different routes with different HTTP methods in Flask?**

**Answer:**

In Flask, you can define different routes with different HTTP methods (such as GET, POST, PUT, DELETE, etc.) by using the `@app.route()` decorator and specifying the `methods` argument. Here's how you can do it:

**1. Single Route, Multiple Methods**

If you want a single route (/example) to handle multiple HTTP methods, specify them in the methods list:

In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/example', methods=['GET', 'POST'])
def example():
    if request.method == 'GET':
        return 'GET request received'
    elif request.method == 'POST':
        return 'POST request received'


**2. Different Functions for Different Methods**

You can also define different functions for the same route path but different HTTP methods using `@app.route()` separately:

In [None]:
@app.route('/item', methods=['GET'])
def get_item():
    return 'Getting item'

@app.route('/item', methods=['POST'])
def create_item():
    return 'Creating item'

However, this pattern is less common and can be less clear than handling multiple methods in a single function.

**3. Using Flask's MethodView (Class-Based Views**)

For more complex scenarios, especially with many HTTP methods, use class-based views:

In [None]:
from flask.views import MethodView

class ItemAPI(MethodView):
    def get(self):
        return 'GET item'

    def post(self):
        return 'POST item'

app.add_url_rule('/item', view_func=ItemAPI.as_view('item_api'))


## **4. How do you render HTML templates in Flask?**

**Answer**

In Flask, you render HTML templates using the render_template() function. Flask uses Jinja2 as its template engine, allowing you to create dynamic HTML by embedding Python-like expressions in .html files.

**Basic Steps to Render HTML Templates**

**1. Create a templates/ directory**

Flask looks for templates in a folder named templates by default.


In [None]:
Hello, {{ name }}



from flask import render_template

@app.route('/hello/')
def hello(name):
    return render_template('index.html', name=name)

**2. Create an HTML template (index.html)**

In [None]:
<!-- templates/index.html -->
<!DOCTYPE html>
<html>
<head>
    <title>Hello</title>
</head>
<body>
    <h1>Hello, {{ name }}!</h1>
</body>
</html>

**3. Render the template in your Flask app**

In [None]:
# app.py
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html', name='Alice')


## **5. How can you generate URLs for routes in Flask using url_for?**

**Answer:**

In [None]:
from flask import url_for

@app.route('/about')
def about():
    return "About Page"

@app.route('/link')
def link():
    return redirect(url_for('about'))

## **6. How do you handle forms in Flask?**

In [None]:
@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form['name']
        return f'Hello {name}'
    return '''

            Name:


    '''


## **7. How can you validate form data in Flask?**

**Answer:**

**Manual Validation**

You can manually validate form data from request.form:

In [None]:
from flask import request

@app.route('/login', methods=['POST'])
def login():
    username = request.form.get('username')
    password = request.form.get('password')

    if not username or not password:
        return 'Missing fields', 400

    # Add custom validation logic
    if len(username) < 4:
        return 'Username too short', 400

    return 'Login successful'

## **8. How do you manage sessions in Flask?**

**Answer:**

In [None]:
from flask import session

app.secret_key = 'secret'

@app.route('/login')
def login():
    session['user'] = 'admin'
    return 'Logged in'

@app.route('/logout')
def logout():
    session.pop('user', None)
    return 'Logged out'


## **9. How do you redirect to a different route in Flask?**

**Answer:**

In [None]:
from flask import redirect

@app.route('/go')
def go():
    return redirect('/newpage')


## **10. How do you handle errors in Flask (e.g., 404)?**

**Answer**

In [None]:
@app.errorhandler(404)
def page_not_found(e):
    return "Page not found!", 404


## **11. How do you structure a Flask app using Blueprints?**

**Answer:**

In [None]:
# app/main/routes.py
from flask import Blueprint

main = Blueprint('main', __name__)

@main.route('/')
def index():
    return "Main Blueprint"

In [None]:
# app/__init__.py
from flask import Flask
from app.main.routes import main

def create_app():
    app = Flask(__name__)
    app.register_blueprint(main)
    return app


## **12. How do you define a custom Jinja filter in Flask?**

**Answer:**

In [None]:
@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

# In HTML: {{ "Flask" | reverse }}

## **13. How can you redirect with query parameters in Flask?**

**Answer:**

In [None]:
@app.route('/go')
def go():
    return redirect(url_for('hello', name='Alice'))

## **14. How do you return JSON responses in Flask?**

**Answer:**

In [None]:

from flask import jsonify

@app.route('/json')
def json_data():
    return jsonify({"name": "Flask", "type": "API"})

## **15. How do you capture URL parameters in Flask?**

**Answer:**

In [None]:
@app.route('/user/')
def profile(username):
    return f"User: {username}"
