**Name:** Gowthaman Balasundar

**Email:** gowthamanbalasundar@gmail.com

**Theory question and answers:**

**1. What is a RESTful API?**

A RESTful API (Representational State Transfer Application Programming Interface) is an architectural style for designing networked applications. It uses standard HTTP methods (GET, POST, PUT, DELETE, etc.) to perform operations on resources, which are identified by unique URIs. RESTful APIs are stateless, meaning each request from a client to a server contains all the information needed to understand the request, and the server does not store any client context between requests. They are popular for building scalable, flexible, and maintainable web services.

**2. Explain the concept of API specification.**

An API specification (also known as API documentation or API contract) is a detailed, machine-readable description of how an API works. It defines the API's endpoints, available operations (HTTP methods), expected input parameters, data formats (e.g., JSON, XML), authentication methods, and possible error responses. Examples of API specification formats include OpenAPI (Swagger) and RAML. Its purpose is to provide clear instructions for developers on how to interact with the API, facilitate communication between frontend and backend teams, enable automated testing, and generate client SDKs.

**3. What is Flask, and why is it popular for building APIs?**

Flask is a lightweight and extensible micro web framework for Python. It's popular for building APIs due to its simplicity, flexibility, and minimal overhead. Unlike more opinionated frameworks, Flask doesn't enforce specific project structures or require particular tools, allowing developers to choose the components they need. This makes it ideal for building small to medium-sized APIs quickly and efficiently, while still being powerful enough for larger applications. Its simplicity and clear documentation contribute to its rapid adoption.

**4. What is routing in Flask?**

Routing in Flask refers to the process of mapping URLs (Uniform Resource Locators) to specific Python functions within your Flask application. When a client makes an HTTP request to a particular URL, Flask's routing mechanism determines which function should be executed to handle that request. This is typically done using the @app.route() decorator, which associates a URL path with a view function.

**5. How do you create a simple Flask application?**

To create a simple Flask application, you typically follow these steps:

 > Install Flask: pip install Flask

  >Create a Python file (e.g., app.py):
   

    from flask import Flask

    app = Flask(__name__)

    @app.route('/')
    def hello_world():
        return 'Hello, World!'

    if __name__ == '__main__':
        app.run(debug=True)

  >Run the application: python app.py

  This will start a development server, and you can access the application in your browser at http://127.0.0.1:5000/.

**6. What are HTTP methods used in RESTful APIs?**

HTTP methods (also known as HTTP verbs) indicate the desired action to be performed on a resource. The most common ones used in RESTful APIs are:

   GET: Retrieves data from the server. Idempotent and safe.

   POST: Submits new data to the server. Not idempotent.

   PUT: Updates existing data or creates new data if it doesn't exist. Idempotent.

   DELETE: Removes data from the server. Idempotent.

   PATCH: Partially updates existing data. Not necessarily idempotent.

   HEAD: Similar to GET, but retrieves only the response headers, not the body.

   OPTIONS: Describes the communication options for the target resource.

**7. What is the purpose of the @app.route() decorator in Flask?**

The @app.route() decorator in Flask is used to associate a URL path with a view function. It tells Flask which function to execute when a request arrives at a specific URL. For example, @app.route('/users') means that when a user accesses /users in their browser, the function decorated with this will be executed. It can also specify HTTP methods to be handled, like @app.route('/users', methods=['POST']).

**8. What is the difference between GET and POST HTTP methods?**

      GET:

      Used to retrieve data.

      Parameters are sent in the URL query string.

      Can be bookmarked and cached.

      Should be idempotent (multiple identical requests have the same effect as a single one) and safe (no side effects on the server).

      Limited by URL length.

      Not suitable for sending sensitive data directly in the URL.

  POST:

      Used to submit new data to the server (e.g., creating a new resource).

      Parameters are sent in the request body.

      Cannot be bookmarked or cached directly.

     Not idempotent (multiple identical requests can have different effects, like creating multiple new resources).

      No URL length limitation for data.

      Suitable for sending sensitive data.

**9. How do you handle errors in Flask APIs?**

Flask provides several ways to handle errors in APIs:

  >@app.errorhandler() decorator: This decorator allows you to register a function to handle specific HTTP error codes (e.g., 404 Not Found, 500 Internal Server Error) or exceptions.
    

    from flask import jsonify

    @app.errorhandler(404)
    def page_not_found(error):
      return jsonify({"error": "Resource not found"}), 404

    @app.errorhandler(500)
    def internal_server_error(error):
     return jsonify({"error": "Internal server error"}), 500

>abort() function: You can use flask.abort() to immediately raise an HTTP error.


    from flask import abort

    @app.route('/items/<int:item_id>')
    def get_item(item_id):
        if item_id not in items_db: # Assume items_db is your data source
            abort(404)
        return jsonify(items_db[item_id])

>Custom Exceptions: Define your own custom exceptions and handle them with @app.errorhandler().

**10. How do you connect Flask to a SQL database?**

To connect Flask to a SQL database, you typically use a Python database connector library specific to your database (e.g., psycopg2 for PostgreSQL, mysql-connector-python for MySQL, sqlite3 for SQLite). However, for Flask applications, it's highly recommended to use an Object-Relational Mapper (ORM) like Flask-SQLAlchemy. Flask-SQLAlchemy simplifies database interactions by providing a higher-level API, allowing you to work with Python objects instead of raw SQL queries.

**11. What is the role of Flask-SQLAlchemy?**

Flask-SQLAlchemy is a Flask extension that provides SQLAlchemy integration for Flask applications. Its role is to:

  Simplify Database Operations: It wraps SQLAlchemy, making it easier to define database models, perform queries, and manage sessions within a Flask context.

  Handle Database Connections: It manages database connections and disconnections, ensuring proper resource handling.

  Integrate with Flask's Application Context: It ties database sessions to Flask's request context, making it convenient to use throughout your application.

  Provide a Declarative Base: It offers a declarative way to define database models as Python classes, mapping them to database tables.

**12. What are Flask blueprints, and how are they useful?**

Flask blueprints are a way to organize your Flask application into modular components. They allow you to define a set of views, templates, static files, and other resources that can be registered with a main Flask application.

How they are useful:

  Modularity: Break down large applications into smaller, manageable parts (e.g., an auth blueprint, a users blueprint, an products blueprint).

  Reusability: Blueprints can be registered with multiple Flask applications, promoting code reuse.

  Scalability: Easier to manage and scale larger applications by distributing responsibilities among different blueprints.

  Separation of Concerns: Helps in maintaining a clear separation between different functionalities of your application.

  Prefixing URLs: You can register a blueprint with a URL prefix, so all routes within that blueprint automatically get that prefix.

**13. What is the purpose of Flask's request object?**

The Flask request object (imported from flask) is a global object that represents the incoming HTTP request. Its purpose is to provide access to all the data and information associated with the current request made by the client. It allows you to access:

  Form data:  request.form

  Query parameters: request.args

  JSON data in the request body: request.json

  HTTP headers: request.headers

  Request method: request.method

  Cookies: request.cookies

  Files uploaded: request.files

  The URL path: request.path

**14. How do you create a RESTful API endpoint using Flask?**

To create a RESTful API endpoint using Flask, you typically define a view function and associate it with a URL path and specific HTTP methods using the @app.route() decorator. You'll often use request.json for incoming JSON data and jsonify() for sending JSON responses.

Example for a GET and POST endpoint for users:

    from flask import Flask, request, jsonify

    app = Flask(__name__)

    users = {
         1: {"name": "Alice", "email": "alice@example.com"},
         2: {"name": "Bob", "email": "bob@example.com"}
    }
    next_user_id = 3

    @app.route('/users', methods=['GET'])
    def get_users():
      return jsonify(users)

    @app.route('/users', methods=['POST'])
    def create_user():
      global next_user_id
      new_user = request.json
      if not new_user or 'name' not in new_user or 'email' not in new_user:
         return jsonify({"error": "Missing name or email"}), 400
      users[next_user_id] = new_user
      new_user_id = next_user_id
      next_user_id += 1
      return jsonify({"message": "User created", "id": new_user_id, "user": new_user}), 201

    if __name__ == '__main_':
       app.run(debug=True)

**15. What is the purpose of Flask's jsonify() function?**

Flask's jsonify() function is used to convert Python dictionaries or lists into a JSON-formatted HTTP response. It sets the Content-Type header of the response to application/json and automatically serializes the data into a JSON string. This is crucial for building RESTful APIs, as JSON is the standard data interchange format.

**16. Explain Flask’s url_for() function.**

Flask's url_for() function is used to dynamically build URLs for a given function. Instead of hardcoding URLs in your templates or Python code, url_for() generates them based on the name of the view function and any arguments it takes.

Purpose and Benefits:

  URL Reversal: It allows you to change URL rules without having to update all the links in your application.

  Maintainability: Makes your code more robust and easier to maintain.

  Flexibility: Automatically handles URL prefixes for blueprints and allows for dynamic URL generation.

Example:


    from flask import Flask, url_for, render_template

    app = Flask(__name__)

    @app.route('/')
    def index():
       return 'Welcome to the homepage!'

    @app.route('/user/<username>')
    def profile(username):
      return f'User Profile: {username}'

    @app.route('/login')
     def login():
       return 'Login Page'

    with app.test_request_context():
       print(url_for('index'))          # Output: /
       print(url_for('profile', username='Alice')) # Output: /user/Alice
       print(url_for('login', next='/')) # Output: /login?next=/

**17. How does Flask handle static files (CSS, JavaScript, etc.)?**

Flask automatically handles static files (like CSS stylesheets, JavaScript files, images, etc.) by serving them from a dedicated directory named static by default.

  You place your static files within a folder named static at the root of your Flask application.

  In your HTML templates, you use the url_for() function with the special endpoint name 'static' to generate the URL for your static files.

Example:

Folder Structure:

    my_flask_app/
    ├── app.py
    └── static/
    ├── css/
    │   └── style.css
    └── js/
        └── script.js

>app.py: (No special code needed for static files, Flask handles it)

>templates/index.html (if you were rendering HTML):


    <!DOCTYPE html>
    <html>
    <head>
      <link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">
    </head>
    <body>
      <h1>My Flask App</h1>
      <script src="{{ url_for('static', filename='js/script.js') }}"></script>
    </body>
    </html>

**18. What is an API specification, and how does it help in building a Flask API?**


An API specification (like OpenAPI/Swagger) is a machine-readable, standardized description of your API's endpoints, operations, data models, authentication, and error responses.

How it helps in building a Flask API:

   Clear Contract: Provides a clear and unambiguous contract between the API producer (your Flask API) and API consumers.

  Documentation Generation: Tools can automatically generate interactive documentation (like Swagger UI) from the specification, making it easy for developers to understand and use your Flask API.

  Code Generation: Can generate client SDKs in various programming languages, reducing the effort for consumers.

  Validation: Can be used to validate incoming requests and outgoing responses against the defined schema, ensuring data consistency and correctness in your Flask API.

  Testing: Facilitates automated testing by providing a clear definition of expected inputs and outputs.

  Design First Approach: Encourages designing your API before coding, leading to better-structured and more consistent APIs.

  Collaboration: Improves collaboration between frontend and backend developers by providing a single source of truth for the API.

**19. What are HTTP status codes, and why are they important in a Flask API?**

HTTP status codes are three-digit numbers returned by a server in response to an HTTP request. They indicate the outcome of the request and provide standardized information about whether the request was successful, redirected, encountered an error, etc.

Why they are important in a Flask API:

  Communication: They provide clear and concise feedback to the client about the status of their request.

  Error Handling: Allow clients to programmatically handle different types of responses (e.g., retry on 5xx, show error message on 4xx).

  Standardization: Using standard codes ensures that clients and other systems can understand the API's responses universally.

  Debugging: Essential for debugging, as they quickly tell developers what went wrong (or right) with an API call.

  Caching: Some status codes (e.g., 200 OK, 304 Not Modified) influence caching behavior.

Common HTTP Status Codes in APIs:

    2xx (Success):

        200 OK: Request succeeded.

        201 Created: New resource successfully created (e.g., after a POST request).

        204 No Content: Request succeeded, but no content to return (e.g., successful DELETE).

    3xx (Redirection):

        301 Moved Permanently: Resource has been permanently moved.

    4xx (Client Error):

        400 Bad Request: Server cannot understand the request due to invalid syntax.

        401 Unauthorized: Authentication required or failed.

        403 Forbidden: Client does not have access rights to the content.

        404 Not Found: Resource not found.

        405 Method Not Allowed: HTTP method used is not allowed for the resource.

        409 Conflict: Request conflicts with the current state of the resource.

    5xx (Server Error):

        500 Internal Server Error: Generic server-side error.

        503 Service Unavailable: Server is not ready to handle the request.

**20. How do you handle POST requests in Flask?**

Handling POST requests in Flask involves:

 > Specifying methods=['POST'] in the @app.route() decorator: This tells Flask that the decorated function should only respond to POST requests for that URL.

 > Accessing data from request.json or request.form:

        For JSON payloads (common in APIs), use request.json to get a Python dictionary of the data.

        For form data (e.g., from HTML forms), use request.form.

  >Processing the data: Perform operations like saving to a database, performing calculations, etc.

  >Returning an appropriate response: Typically a JSON response with a 201 Created status code for successful creation, or a 400 Bad Request for invalid input.

Example:


    from flask import Flask, request, jsonify

    app = Flask(__name__)

    products = {}
    next_product_id = 1

    @app.route('/products', methods=['POST'])
    def add_product():
        global next_product_id
        data = request.json
        if not data or 'name' not in data or 'price' not in data:
           return jsonify({"error": "Name and price are required"}), 400

    product_id = next_product_id
    products[product_id] = {
        "name": data['name'],
        "price": data['price']
    }
    next_product_id += 1
    return jsonify({"message": "Product added successfully", "id": product_id}), 201

    if __name__ == '__main__':
      app.run(debug=True)

**21. How would you secure a Flask API?**

Securing a Flask API involves multiple layers:

  Authentication:

      Token-based (JWT is common): Clients send a token (e.g., in the Authorization header) with each request. The API validates the token to authenticate the user.

      OAuth 2.0: For authorizing third-party applications to access user data.

      API Keys: Simple for machine-to-machine communication, but less secure for user authentication.

  Authorization:

       Role-Based Access Control (RBAC): Assign roles to users (e.g., admin, editor, viewer) and define permissions for each role.

      Permission-Based Access Control: Directly assign specific permissions to users.

  HTTPS/SSL/TLS: Encrypt all communication between the client and API to prevent eavesdropping and tampering.

  Input Validation:

      Validate all incoming data to prevent injection attacks (SQL injection, XSS) and ensure data integrity.

     Use libraries like Marshmallow or Pydantic for schema validation.

   Rate Limiting: Prevent abuse and denial-of-service (DoS) attacks by limiting the number of requests a client can make within a certain timeframe. Use extensions like Flask-Limiter.

   CORS (Cross-Origin Resource Sharing): Properly configure CORS headers to control which origins are allowed to make requests to your API, preventing unwanted cross-site requests. Use Flask-CORS.

   Error Handling: Implement robust error handling to avoid revealing sensitive information in error messages.

  Logging and Monitoring: Log API requests and responses, and monitor for suspicious activity.

  Security Headers: Set appropriate HTTP security headers (e.g., X-Content-Type-Options, X-Frame-Options, Content-Security-Policy).

  Password Hashing: Store user passwords securely using strong hashing algorithms (e.g., bcrypt) – never plain text.

  Session Management (if applicable): If using sessions, ensure secure session IDs, proper expiration, and protection against session fixation.

  Dependency Security: Keep Flask and all its extensions updated to patch known vulnerabilities.

**22. What is the significance of the Flask-RESTful extension?**

Flask-RESTful is an extension for Flask that provides tools and conventions for building RESTful APIs more easily and with less boilerplate code.

Significance:

  Resource Abstraction: It introduces the concept of "Resources," which are classes that map HTTP methods (GET, POST, PUT, DELETE) to class methods, making API endpoint definition cleaner and more organized.

  Request Parsing: Simplifies parsing and validating incoming request data with reqparse, reducing manual data extraction and validation.

   Output Formatting: Provides helpers for consistent JSON output and content negotiation.

   Error Handling: Offers more structured error handling for common API errors.

  URI Routing: Integrates seamlessly with Flask's routing but with a more resource-oriented approach.

  Boilerplate Reduction: Reduces the amount of repetitive code needed for defining API endpoints, especially when dealing with multiple HTTP methods for the same resource.

It helps in building more consistent, maintainable, and scalable RESTful APIs in Flask, especially for larger projects where more structure is desired.

**23. What is the role of Flask’s session object?**

Flask's session object is a dictionary-like object that allows you to store data specific to a user's session between requests. It's designed to maintain state for a particular client across multiple HTTP requests, which are inherently stateless.

Key roles and characteristics:

  Maintaining User State: Stores temporary user-specific data, such as login status, user preferences, shopping cart contents, or flash messages.

  Cryptographically Signed: The session data is stored on the client-side (in a cookie) but is cryptographically signed by the server's secret key. This prevents tampering but doesn't encrypt the data itself, meaning clients can see the data, but not modify it without detection.

  Security: Requires a SECRET_KEY configured in your Flask application for signing the session cookie.

  Ephemeral: Session data typically has an expiration time and is designed for temporary storage, not for permanent data persistence.

  Avoid Sensitive Data: Due to its client-side storage, it's generally not recommended to store highly sensitive information directly in the session (like passwords or sensitive PII) without proper encryption. Instead, store identifiers (like user IDs) and retrieve sensitive data from a secure server-side database.

Example:


    from flask import Flask, session, redirect, url_for, escape, request

    app = Flask(__name__)
    app.secret_key = b'_5#y2L"F4Q8z\n\xec]/' # CHANGE THIS IN PRODUCTION

    @app.route('/login', methods=['GET', 'POST'])
    def login():
          if request.method == 'POST':
            if request.form['username'] == 'admin': # Simple check for example
              session['username'] = request.form['username']
              return redirect(url_for('profile'))
         return '''
        <form method="post">
            <p><input type=text name=username>
            <p><input type=submit value=Login>
        </form>
        '''

    @app.route('/profile')
    def profile():
        if 'username' in session:
           return f'Logged in as {escape(session["username"])}'
        return 'You are not logged in'

    @app.route('/logout')
    def logout():
      session.pop('username', None)
      return redirect(url_for('profile'))

    if __name__ == '__main__':
    app.run(debug=True)


    

**practical question and answers:**



In [None]:

#Q1 How do you create a basic Flask application?
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
#Q2 How do you serve static files like images or CSS in Flask?
# righting the code within hastag because the answer cannot be seen in github
#<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
#<img src="{{ url_for('static', filename='logo.png') }}">

In [None]:
#Q3 How do you define different routes with different HTTP methods in Flask?

@app.route('/submit', methods=['GET', 'POST'])
def submit():
    if request.method == 'POST':
        return "Form submitted!"
    return "Submit Form"

In [None]:
#Q4 How do you render HTML templates in Flask?

    Store HTML files in a folder called templates/.

    Use render_template().

from flask import render_template

@app.route('/')
def home():
    return render_template('index.html')

In [None]:
#Q5 How can you generate URLs for routes in Flask using url_for?

from flask import url_for

@app.route('/about')
def about():
    return "About Page"

@app.route('/')
def home():
    return redirect(url_for('about'))

In [None]:
#Q6 How do you handle forms in Flask?

from flask import request

@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form['name']
        return f"Hello {name}"
    return render_template('form.html')



In [None]:
#Q7 How can you validate form data in Flask?

@app.route('/form', methods=['GET', 'POST'])
def form():
    form = MyForm()
    if form.validate_on_submit():
        return f"Hello {form.name.data}"
    return render_template('form.html', form=form)

In [None]:
#Q8 How do you manage sessions in Flask?

from flask import session

app.secret_key = 'your_secret_key'

@app.route('/login')
def login():
    session['user'] = 'John'
    return 'Logged in!'

@app.route('/profile')
def profile():
    user = session.get('user', 'Guest')
    return f'Hello, {user}!'

In [None]:
#Q9 How do you redirect to a different route in Flask?

from flask import redirect, url_for

@app.route('/')
def home():
    return redirect(url_for('login'))

@app.route('/login')
def login():
    return "Login Page"

In [None]:
#Q10 How do you handle errors in Flask (e.g., 404)?

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

In [None]:
#Q11 How do you structure a Flask app using Blueprints?

#Create a blueprint file (e.g., auth.py)

from flask import Blueprint

auth = Blueprint('auth', __name__)

@auth.route('/login')
def login():
    return "Login from blueprint"

#Register blueprint in main app

from auth import auth

app = Flask(__name__)
app.register_blueprint(auth, url_prefix='/auth')

In [None]:
#Q12 How do you define a custom Jinja filter in Flask?

@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

In [None]:
#Q13 How can you redirect with query parameters in Flask?

from flask import redirect, url_for

@app.route('/go')
def go():
    return redirect(url_for('show', name='Gowtham'))

@app.route('/show')
def show():
    name = request.args.get('name', 'Guest')
    return f"Hello, {name}"

In [None]:
#Q14 How do you return JSON responses in Flask?

from flask import jsonify

@app.route('/data')
def data():
    return jsonify({'name': 'John', 'age': 30})

In [None]:
#Q15 How do you capture URL parameters in Flask?

@app.route('/user/<username>')
def user_profile(username):
    return f"User: {username}"