**Theory Questions**

1. What is a RESTful API?  
Ans.  
A RESTful API (Representational State Transfer API) is a type of web service that follows the principles of REST architecture, which is a set of guidelines for building scalable and easy-to-use web services.

2.  Explain the concept of API specification.  
Ans.  
Key Concepts of RESTful API:  
 1. Client-Server Architecture:  
 *   The client (e.g., browser or app) and the server (e.g., API backend) are separate entities.
 *   The client sends HTTP requests, and the server returns responses (usually in JSON or XML format).
 2. Stateless:
 *   Each request from the client to the server must contain all the information needed to understand and process the request.
 *   The server does not store any client context between requests.
 3. Resources:  
 *   Everything in a RESTful API is considered a resource (e.g., users, products, orders).
 *   Resources are identified by URLs (Uniform Resource Locators).  
Example:  
GET /users – Get all users  
GET /users/1 – Get user with ID 1  
POST /users – Create a new user  
PUT /users/1 – Update user with ID 1  
DELETE /users/1 – Delete user with ID 1  
 4. HTTP Methods:  
 *   GET – Retrieve data
 *   POST – Create a new resource
 *   PUT or PATCH – Update a resource
 *   DELETE – Remove a resource
 5. Use of Standard HTTP Status Codes:  
 *   200 OK – Successful request
 *   201 Created – Resource created successfully
 *   400 Bad Request – Invalid request from the client
 *   401 Unauthorized – Authentication needed
 *   404 Not Found – Resource not found
 *   500 Internal Server Error – Problem on the server
 6. JSON/XML Format:  
 *   Most RESTful APIs use JSON as the format for request and response bodies.


3. What is Flask, and why is it popular for building APIs?  
Ans.  
Flask is a lightweight, open-source web framework written in Python, used for building web applications and APIs.  
 *   Microframework: Flask is called a micro framework because it provides the core tools to build a web app or API but doesn't include built-in tools like database abstraction layers or form validation—you can add only what you need.
 *   WSGI-compliant: It uses Werkzeug (a WSGI toolkit) and Jinja2 (a templating engine).   
  1. Reason:  
 *   Simple and Lightweight
 *   Flexible
 *   Extensible
 *   Pythonic
 *   Quick Development
 *   Testing Friendly  
  2. Explanation:  
 *   You can create a working REST API in just a few lines of code. Perfect for beginners or quick prototypes.
 *   You have full control over architecture and third-party tools. It doesn’t force a specific project structure.
 *   You can easily add features with extensions like Flask-RESTful, Flask-JWT, SQLAlchemy, etc.
 *   If you know Python, Flask feels natural and intuitive.
 *   Great for rapid prototyping and MVPs (Minimum Viable Products).
 *   Has built-in support for unit testing.   

Simple Flask Example:  
"""
from flask import Flask, jsonify, request  
app = Flask(__name__)  
@app.route('/hello', methods=['GET'])  
def hello():  
    return jsonify({"message": "Hello, World!"})  
@app.route('/add', methods=['POST'])  
def add():  
    data = request.json  
    result = data['a'] + data['b']  
return jsonify({"result": result})  
if __name__ == '__main__':  
    app.run(debug=True)
"""










4.  What is routing in Flask?  
Ans.  
Routing in Flask refers to the process of associating a URL (or route) with a specific function (called a view function) that runs when a client accesses that URL.

5. How do you create a simple Flask application?    
Ans.  
from flask import Flask, jsonify, request  
app = Flask(name)  
@app.route('/hello', methods=['GET'])  
def hello():  
    return jsonify({"message": "Hello, World!"})
@app.route('/add', methods=['POST'])  
def add():  
    data = request.json  
    result = data['a'] + data['b']  
    return jsonify({"result": result})  
if name == 'main':  
    app.run(debug=True)

6. What are HTTP methods used in RESTful APIs?   
Ans.  
In RESTful APIs, HTTP methods define the type of action you want to perform on a resource (like users, products, orders, etc.).  

 Example of HTTP methods are:  
 GET  :  Retrieve data  :  Used to fetch data from the server (read-only).  
 POST : Create new resource : Sends data to the server to create something new.  
 PUT  : Update entire resource : Replaces an existing resource with new data.  
 DELETE  : Remove resource : Deletes a specified resource.
 PATCH  : Update part of resource : Updates part of an existing resource.

7. What is the purpose of the @app.route() decorator in Flask?  
Ans.  
The @app.route() decorator in Flask is used to bind a URL (route) to a specific function—called a view function—so that when a user visits that URL, Flask knows which function to run.  
Purpose of @app.route():  
 *   It registers a route with the Flask application.
 *   It connects a URL path (like /, /about, /user/<name>) to a Python function.
 *   It tells Flask: “When someone accesses this URL, run this function and return the response.”



8.  What is the difference between GET and POST HTTP methods?  
Ans.  
The GET and POST HTTP methods are both used to send requests to a server, but they serve different purposes and behave very differently.  
 Feature ---------------- **GET** ----------------------------------------------**POST**  
 Purpose --------------- Retrieve data (read-only) ------------- Submit data to the server  
 Data Location ------ Sent in the URL (query string)-------Sent in the request body  
 Visibility --------------- Visible in browser address bar ---- Hidden from the user  
 Use Case ------------- Searching, reading info (e.g., articles, users) -------- Form submissions, data uploads  
 Caching ---------------- Yes, often cached by browsers ------ No, typically not cached  
 Bookmarkable ------ Yes (because it's in the URL) --------- No  
 Security ----------------- Less secure (data exposed in URL) ----- More secure (data in body)  
 Idempotent ------------ Yes – same request = same result -------- No – repeated requests can cause side effects (like multiple entries)

9. How do you handle errors in Flask APIs?  
Ans.  
Handling errors properly in Flask APIs is important for giving clear feedback to users and developers, and for maintaining app stability.  
Common Ways to Handle Errors in Flask:  
Method ------------------------------------------------------ Use For  
abort(status_code) ----------------------------------- Quick exit with error code  
@app.errorhandler() ---------------------------------- Custom error responses  
try/except blocks --------------------------------------- Catch and handle exceptions  
Input validation ----------------------------------------- Prevent bad requests early

10. How do you connect Flask to a SQL database?  
Ans.  
To connect Flask to a SQL database, you can use libraries like:  
 *   SQLAlchemy (most popular ORM)
 *   Flask-SQLAlchemy (simplifies using SQLAlchemy in Flask)  
Steps to connect Flask to a SQL database:  
Step ------------------------------------------- Tool/Command  
Install dependencies ------------------ pip install Flask Flask-SQLAlchemy  
Configure DB URI ------------------------ app.config['SQLALCHEMY_DATABASE_URI']  
Define models ----------------------------- Use db.Model subclasses  
Create tables ------------------------------- db.create_all()  
CRUD operations ------------------------- Use db.session and .query()  

Supported Databases via SQLAlchemy:  
*   SQLite (sqlite:///)
*   PostgreSQL (postgresql://)
*   MySQL/MariaDB (mysql+pymysql://)
*   Oracle, MSSQL (less common in Flask projects)






11.  What is the role of Flask-SQLAlchemy?  
Ans.  
*   Flask-SQLAlchemy is an extension for Flask that integrates SQLAlchemy—a
powerful SQL toolkit and Object Relational Mapper (ORM)—into Flask applications.
*   Flask-SQLAlchemy helps Flask apps connect to and interact with SQL databases using Python objects instead of raw SQL queries.



12.  What are Flask blueprints, and how are they useful?  
Ans.  
*   Flask Blueprints are a way to organize a large Flask application into smaller, modular components.
Think of them like mini-apps within your main app.
*   Blueprints allow you to split your app into manageable pieces, which is essential for scalability, reusability, and team collaboration.  


13. What is the purpose of Flask's request object?  
Ans.  
The request object in Flask is used to access data sent from the client (browser, app, Postman, etc.) to the server.  
In short: request holds all incoming request data like form inputs, JSON payloads, URL parameters, headers, cookies, etc.

14. How do you create a RESTful API endpoint using Flask?  
Ans.  
Creating a RESTful API in Flask involves:
 *   Setting up Flask
 *   Defining routes using @app.route()
 *   Using HTTP methods like GET, POST, PUT, DELETE
 *   Returning JSON responses  
To test endpoints with:
 *   Postman
 *   Curl
 *   JavaScript Fetch or Axios





15. What is the purpose of Flask's jsonify() function?  
Ans.  
Flask’s jsonify() function is used to convert Python data (like dicts or lists) into a proper JSON response that can be returned to the client (browser, API consumer, etc.).  
In Simple Terms:  
jsonify() = Python data → JSON + correct HTTP response + correct headers  

 Purpose of using Flask's Jsonify() functions are:
 *   Clean and Readable
 *   Sets proper HTTP headers
 *   Automatically serializes Python dicts/lists into JSON
 *   Handles Unicode, dates, and numbers correctly
 *   Used in REST APIs for communication between client and server



16. Explain Flask’s url_for() function?  
Ans.  
*   Flask’s url_for() function is used to dynamically generate URLs for view functions (routes) by referencing the function name, instead of hardcoding the URL paths.
*   It ensures your URLs stay correct even if you change route paths later, making your app more maintainable and flexible.  
Benefits of url_for() are:  
 *   Dynamic: URLs update automatically when route changes
 *   Clean: Avoids hardcoding paths
 *   Reusable: Works with parameters and query strings
 *   Template-friendly: Perfect for use in HTML templates ({{ url_for(...) }})  
 Other uses of url_for():
 *   Link to a static file : Example : url_for('static', filename='style.css') → /static/style.css
 *   Use in templates : Example : {{ url_for('home') }} inside Jinja templates
 *   Pass query params : Example : url_for('search', q='flask') → /search?q=flask









17. How does Flask handle static files (CSS, JavaScript, etc.)?  
Ans.  
Flask provides a straightforward mechanism for handling static files such as CSS stylesheets, JavaScript files, images, and other assets that do not change dynamically.  
 1.   Static Folder Convention:
 *   By default, Flask expects static files to reside in a folder named static located in the root directory of your Flask application.
 *   Within this static folder, it is common practice to organize files into subdirectories like css, js, and images for better structure.
 2.   Referencing Static Files in Templates:
 *   To link to static files within your Jinja2 templates (HTML files), you use the url_for() function with the special static endpoint.
 *   The filename argument specifies the path to the static file relative to the static folder.


18. What is an API specification, and how does it help in building a Flask API?  
Ans.  
A REST API (Representational State Transfer API) is a way for applications to communicate over the web using standard HTTP methods. It allows clients (such as web or mobile apps) to interact with a server by sending requests and receiving responses, typically in JSON format.  
It helps in building a Flask API by these important points:  
 *   Clear Communication: Teams (front-end, back-end, QA) know how to use the API
 *   Auto-Documentation: Tools like Swagger UI can auto-generate docs
 *   Validation: You can validate incoming requests using the spec
 *   Testing: QA teams can test against defined behaviors
 *   Mocking: Clients can simulate API responses without backend
 *   Code Generation: Auto-generate Flask boilerplate or client SDKs



19. What are HTTP status codes, and why are they important in a Flask API?  
Ans.  
HTTP status codes are three-digit codes that indicate the outcome of an API request. They are included in the API's response to the API client, and they include important information that helps the client know how to proceed. HTTP status codes help communicate the result of an API request clearly to clients (like browsers, mobile apps, or front-end developers).  
They are important in a Flask API by the given points:  
 *   Makes your API predictable
 *   Helps clients handle success or failure appropriately
 *   Essential for debugging and testing
 *   Used in error handling, validations, and responses



20. How do you handle POST requests in Flask?   
Ans.  
Handling POST requests in Flask involves defining a route that accepts the POST method and then accessing the data sent in the request body.  
Here's how to do it:  
 *   Import request: You need the request object from Flask to access incoming request data.
 *   Define a route with methods=['POST'] (or ['GET', 'POST']): Specify that your route function should handle POST requests using the methods argument in the @app.route() decorator.
 *   If you want the same route to handle both GET (e.g., to display a form) and POST (to process the form submission), you would specify both:
 *   Access POST data using request.form or request.json:  
For HTML form data (key-value pairs from <_form_> submissions): Use request.form.get('field_name') to retrieve individual fields.
 *   For JSON data (e.g., from API requests): Use request.json to access the parsed JSON data as a Python dictionary.
 *   Process the data and return a response: After retrieving the data, you can perform necessary operations (e.g., save to a database, perform calculations) and then return an appropriate response, such as a redirect, a rendered template, or JSON data.



21.  How would you secure a Flask API?  
Ans.  
Securing a Flask API involves implementing various measures across different layers of your application.  
 1.   Authentication and Authorization:
 *   Token-based Authentication (e.g., JWT): This is a common and recommended method for APIs. Upon successful login, the server issues a JSON Web Token (JWT) to the client. The client then includes this token in the Authorization header of subsequent API requests. The Flask API uses libraries like Flask-JWT-Extended to validate the token and extract user information and permissions.
 *   Role and Permission Management: Implement a system to define user roles (e.g., admin, user) and assign specific permissions to each role. This allows you to control access to different API endpoints based on the user's authorization level.
 2.   Data Security:
 *   HTTPS/TLS: Always use HTTPS to encrypt data in transit between the client and your Flask API, preventing eavesdropping and man-in-the-middle attacks.
 *   Secure Password Storage: Never store passwords in plain text. Use strong cryptographic hashing algorithms like Argon2, bcrypt, or scrypt to hash and salt passwords before storing them in the database.
 *   Encryption of Sensitive Data: Encrypt sensitive data at rest (e.g., in databases) and in transit (via HTTPS) to protect against data breaches.
 3.   Input Validation and Error Handling:
 *   Input Validation: Validate all incoming data from API requests to prevent injection attacks (SQL injection, XSS) and ensure data integrity. Use libraries like Flask-WTF or implement custom validation logic.
 *   Proper Error Handling: Implement robust error handling to prevent sensitive information from being exposed in error messages. Provide generic error responses to clients and log detailed errors on the server side for debugging.
 4.   Session Management:
 *   Secure Session Management: If using sessions (e.g., for web-based clients), ensure secure session management practices, including using strong session keys, setting appropriate cookie flags (Secure, HttpOnly, SameSite), and regenerating session IDs after authentication.
 5.   Other Security Measures:
 *   Secret Key Management: Securely manage your Flask SECRET_KEY by storing it in environment variables or a secure configuration management system, rather than directly in your code.
 *   Rate Limiting: Implement rate limiting to prevent brute-force attacks and denial-of-service (DoS) attacks by limiting the number of requests a client can make within a specific timeframe.
 *   CORS (Cross-Origin Resource Sharing): Carefully configure CORS headers to control which origins are allowed to access your API, preventing unauthorized cross-origin requests.
 *   Security Headers: Implement security-related HTTP headers like Content-Security-Policy, X-Content-Type-Options, and X-Frame-Options to mitigate common web vulnerabilities.
 *   Regular Security Audits and Penetration Testing: Regularly conduct security audits and penetration tests to identify and address potential vulnerabilities in your Flask API.


22. What is the significance of the Flask-RESTful extension?  
Ans.  
Flask-RESTful is a Flask extension that simplifies the development of REST APIs. It provides a structured way to handle resources and HTTP methods, making it easier to build and organize APIs using Python and Flask. Essentially, it streamlines the process of creating web services that adhere to REST architectural principles.   
The significance of the Flask-RESTful extensions are given below:  
 1.   Structure and Organization:
 *   Resource-based approach: Flask-RESTful introduces the concept of "resources" as classes, with each class method representing an HTTP method (GET, POST, PUT, DELETE). This creates a clear structure for your API endpoints, making it more organized and maintainable.
 *   Separation of concerns: By separating resource definitions from route handling, it promotes modularity and cleaner code.
 *   Object-oriented development: Leveraging classes for resources aligns with object-oriented programming principles, enhancing code reusability and scalability.
 2.   Simplified API Development:
 *   Automatic request parsing and response formatting: Flask-RESTful handles common tasks like parsing request data (JSON, XML, etc.) and formatting responses, reducing boilerplate code.
 *   Built-in features: It offers built-in support for input validation, error handling, and rate limiting, which are crucial for building robust and secure APIs.
 *   Integration with Flask: It seamlessly integrates with other Flask extensions, allowing you to build complex and feature-rich APIs.
 3.   Adherence to RESTful Principles:
 *   RESTful architecture: Flask-RESTful is designed to support the REST architectural style, promoting statelessness, uniform interfaces, and resource-based interactions.
 *   Clear API design: Its resource-based approach and support for standard HTTP methods contribute to a well-defined and predictable API design.
 4.   Efficiency and Scalability:
 *   Reduced boilerplate: By handling common tasks automatically, Flask-RESTful reduces the amount of repetitive code, allowing developers to focus on core business logic.
 *   Easy to scale: The structured and modular nature of the code makes it easier to scale the API as needed.





23. What is the role of Flask’s session object?  
Ans.  
In Flask, the session object provides a way to store user-specific data across multiple requests, similar to how cookies work but with added security features. It acts like a dictionary where you can store and retrieve data associated with a particular user's session. Flask uses cryptographically signed cookies to store session data on the user's browser, making it difficult for unauthorized users to tamper with the data.