## **Restful API & Flask**

### **Theory Question**

#### 1. **What is a RESTful API?**
A RESTful API (Representational State Transfer API) is an architectural style for designing networked applications. It follows six principles: 
1. **Statelessness** – Each request contains all necessary information, with no session stored on the server.
2. **Client-Server Architecture** – The frontend and backend remain separate.
3. **Cacheability** – Responses should be cacheable when needed.
4. **Uniform Interface** – A consistent structure for resources (like `/users`, `/orders`).
5. **Layered System** – The API can be structured with multiple layers (e.g., authentication, data).
6. **Code on Demand (optional)** – Servers can send executable code.

It uses HTTP methods such as **GET, POST, PUT, DELETE** to interact with resources, often returning JSON or XML responses.

#### 2. **Explain the concept of API specification.**
An API specification defines the structure and behavior of an API, ensuring consistency in implementation. It typically includes:
- **Endpoints and URL structure** (e.g., `/api/users`)
- **HTTP Methods** (GET, POST, PUT, DELETE)
- **Request and Response Formats** (JSON, XML)
- **Authentication Mechanisms** (JWT, OAuth)
- **Error Handling** (standard error codes)

Popular API specifications include **OpenAPI (Swagger)** and **RAML**, which help developers understand and test APIs efficiently.

#### 3. **What is Flask, and why is it popular for building APIs?**
Flask is a **lightweight, micro web framework** for Python. It is widely used for building web applications and APIs due to:
- **Simplicity & Minimalism** – Easy to set up with just a few lines of code.
- **Flexibility** – Developers can choose how to structure the application.
- **Built-in Development Server** – Comes with debugging tools.
- **Extensibility** – Supports third-party extensions like Flask-SQLAlchemy and Flask-RESTful.

Example of a simple Flask app:
```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to Flask API!"

if __name__ == '__main__':
    app.run(debug=True)
```

#### 4. **What is routing in Flask?**
Routing in Flask refers to the process of **mapping URLs to specific functions** that handle requests.

Example:
```python
@app.route('/hello')
def hello():
    return "Hello, Flask!"
```
When a user accesses `/hello`, Flask executes the `hello()` function and returns a response.

#### 5. **How do you create a simple Flask application?**
A basic Flask app includes:
1. Importing Flask
2. Creating an instance of `Flask`
3. Defining routes
4. Running the application

Example:
```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def index():
    return "Welcome to Flask!"

if __name__ == '__main__':
    app.run(debug=True)
```

#### 6. **What are HTTP methods used in RESTful APIs?**
Common HTTP methods:
- **GET** – Retrieve data (e.g., fetch user info)
- **POST** – Create new data (e.g., add a new user)
- **PUT** – Update an existing resource (e.g., update profile)
- **DELETE** – Remove a resource (e.g., delete an account)
- **PATCH** – Partially update a resource (e.g., change username)

#### 7. **What is the purpose of the `@app.route()` decorator in Flask?**
The `@app.route()` decorator maps a **URL endpoint to a function**, making it accessible as a web route.

Example:
```python
@app.route('/about')
def about():
    return "About Page"
```
When a user visits `/about`, Flask runs the `about()` function.


#### 8. **What is the difference between GET and POST HTTP methods?**
| **Method** | **Purpose** | **Example** |
|------------|------------|-------------|
| **GET** | Retrieves data without modifying the server | Fetching a user profile |
| **POST** | Sends data to the server to create a resource | Creating a new user |

Example:
```python
@app.route('/user', methods=['POST'])
def create_user():
    return "User created", 201
```

#### 9. **How do you handle errors in Flask APIs?**
Error handling ensures the API responds with meaningful messages when something goes wrong.

Example:
```python
from flask import jsonify

@app.errorhandler(404)
def not_found(error):
    return jsonify({"error": "Resource not found"}), 404
```
If a user requests a nonexistent URL, they receive a `404 Not Found` response.

#### 10. **How do you connect Flask to a SQL database?**
Flask uses **Flask-SQLAlchemy** to interact with databases.

Example:
```python
from flask_sqlalchemy import SQLAlchemy

app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///database.db'
db = SQLAlchemy(app)
```
This establishes a connection with an SQLite database.

#### 11. **What is the role of Flask-SQLAlchemy?**
Flask-SQLAlchemy is an Object-Relational Mapper (ORM) for Flask that allows developers to use Python objects instead of raw SQL queries.

Example:
```python
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(50), nullable=False)
```

#### 12. **What are Flask blueprints, and how are they useful?**
Blueprints help in structuring large Flask applications into **modular components**.

Example:
```python
from flask import Blueprint

user_bp = Blueprint('user_bp', __name__)

@user_bp.route('/profile')
def profile():
    return "User Profile Page"
```
Blueprints help keep routes organized.

#### 13. **What is the purpose of Flask's `request` object?**
The `request` object provides access to incoming request data, such as:
- URL parameters
- JSON payloads
- Form data
- Headers

Example:
```python
from flask import request

@app.route('/login', methods=['POST'])
def login():
    username = request.json.get('username')
    return f"Logged in as {username}"
```

#### 14. **How do you create a RESTful API endpoint using Flask?**
```python
@app.route('/api/data', methods=['GET'])
def get_data():
    return jsonify({"message": "Hello, API!"})
```
This endpoint returns JSON data when accessed.

#### 15. **What is the purpose of Flask's `jsonify()` function?**
`jsonify()` converts Python dictionaries into properly formatted JSON responses.

Example:
```python
jsonify({"message": "Success"})
```

#### 16. **Explain Flask’s `url_for()` function.**
Flask’s `url_for()` function dynamically generates URLs for routes based on the function name instead of hardcoding URLs. This helps in maintaining flexibility and avoiding broken links when URLs change.

Example:
```python
url_for('profile')
```

#### 17. **How does Flask handle static files (CSS, JavaScript, etc.)?**
Flask serves static files (like CSS, JavaScript, images) from a default directory named `static/` in the project root. These files can be accessed using the url_for() function.
Example:
```html
<link rel="stylesheet" href="{{ url_for('static', filename='styles.css') }}">
```

#### 18. **What is an API specification, and how does it help in building a Flask API?**
An API specification is a structured document that defines how a RESTful API should behave. It outlines endpoints, request/response formats, authentication methods, error handling, and other key aspects.

Popular API specification formats include:
- OpenAPI (Swagger)
- RAML (RESTful API Modeling Language)
- API Blueprint

API Specification Helps in Flask API Development
1. Clear Documentation
    - Acts as a reference for developers and consumers of the API.
    - Helps frontend and backend teams collaborate effectively.
2. Standardization & Consistency
    - Ensures all endpoints follow a uniform structure.
    - Helps enforce naming conventions and response formats.
3. Automatic Code Generation
    - Tools like Swagger Codegen can generate Flask route handlers from an OpenAPI spec.
4. Testing & Validation
    - Helps in API testing by validating requests and responses against the spec.
    - Ensures proper error handling and response consistency.
5. Easier Client Integration
    - Third-party developers can integrate with your API using the documented spec.
    - Reduces confusion about expected request formats and responses.

#### 19. **What are HTTP status codes, and why are they important in a Flask API?**
HTTP status codes indicate request outcomes:
- **200 OK** – Success
- **201 Created** – Resource added
- **400 Bad Request** – Invalid input
- **404 Not Found** – Resource not found
- **500 Internal Server Error** – Server failure

#### 20. **How do you handle POST requests in Flask?**
In Flask, `POST` requests are used to send data to the server, usually to create or update a resource. You can handle POST requests using the @app.route() decorator with the methods=['POST'] parameter.
```python
@app.route('/data', methods=['POST'])
def receive_data():
    data = request.json
    return jsonify({"received": data}), 201
```

#### 21. **How would you secure a Flask API?**
To secure a Flask API, implement authentication (JWT, API keys), enforce HTTPS, validate user inputs to prevent SQL injection and XSS, and enable CSRF protection using Flask-WTF. Use CORS to restrict API access to trusted domains and implement rate limiting with Flask-Limiter to prevent abuse. Store sensitive data like API keys in environment variables instead of hardcoding them. Monitor logs for suspicious activities and use tools like Sentry for error tracking. Restrict access based on user roles (RBAC) and ensure only authorized users access protected routes. By applying these security measures, you can protect your Flask API from common vulnerabilities.

#### 22. **What is the significance of Flask-RESTful?**
Flask-RESTful is an extension for Flask that simplifies the creation of RESTful APIs by providing built-in support for request parsing, input validation, resource-based routing, and automatic response formatting. It structures APIs around **resources** (Python classes) instead of manually defining routes, making code more modular and maintainable. It also integrates with Flask's request and response cycle, handling JSON serialization with `marshal` and `fields`. Additionally, it supports authentication, error handling, and method-based HTTP operations (`GET`, `POST`, `PUT`, `DELETE`). By using Flask-RESTful, developers can build clean, scalable, and efficient REST APIs with minimal boilerplate code. 🚀

#### 23. **What is the role of Flask’s `session` object?**
Flask’s `session` object is used to store user-specific data across multiple requests, allowing state management in a stateless HTTP environment. It works like a dictionary and keeps data such as user authentication status, preferences, or temporary information. Flask sessions are **signed with a secret key** (`SECRET_KEY`) to ensure data integrity and prevent tampering. By default, Flask stores session data in cookies, but for better security and scalability, it can be configured to use server-side storage like Redis or databases. The `session` object enables user tracking and personalized experiences in Flask applications while maintaining security through encryption and expiration controls. 🚀

### **Practical Question**

There is seperate file for each question.s