# Restful API & Flask

Q1. What is a RESTful API?

 - A RESTful API (Representational State Transfer API) is a web service that follows the principles of REST (Representational State Transfer) architecture. It allows different software applications to communicate over the internet using HTTP methods.

Q2. Explain the concept of API specification.

 - An API specification is a detailed document that defines how an API should behave, including its endpoints, request and response formats, authentication methods, and data models. It serves as a contract between the API provider and consumers, ensuring consistent and predictable interactions.

Q3. What is Flask, and why is it popular for building APIs?

 - Flask is a lightweight and flexible Python web framework used for building web applications and APIs. It follows the WSGI (Web Server Gateway Interface) standard and is designed to be simple yet powerful.

Q4. What is routing in Flask?

 - Routing in Flask refers to the process of mapping URLs (endpoints) to specific functions that handle requests. This allows users to access different parts of a web application or API based on the requested URL.

Q5. How do you create a simple Flask application?

 - Steps to Create a Simple Flask App

1️⃣ Install Flask using pip.

2️⃣ Create a Python file (e.g., app.py).

3️⃣ Initialize a Flask app and define a route.

4️⃣ Run the app using python app.py.

5️⃣ Open a browser and visit http://127.0.0.1:5000/ to see the output.

6️⃣ Add more routes to handle different pages or dynamic content.

Q6. What are HTTP methods used in RESTful APIs?

 - HTTP Methods Used in RESTful APIs

RESTful APIs use standard HTTP methods to perform operations on resources. The most common ones are:

1️⃣ GET → Retrieves data from the server (Read).

Example: Fetch user details

GET /users/123

2️⃣ POST → Creates a new resource on the server.

Example: Add a new user

POST /users (with user data in the request body)

3️⃣ PUT → Updates an existing resource (Full Update).

Example: Update a user’s details

PUT /users/123 (replaces all user data)

4️⃣ PATCH → Partially updates a resource.

Example: Update only the user’s email

PATCH /users/123 (modifies specific fields)

5️⃣ DELETE → Removes a resource from the server.

Example: Delete a user

DELETE /users/123

Q7.  What is the purpose of the @app.route() decorator in Flask?

 - Purpose of @app.route() Decorator in Flask

The @app.route() decorator in Flask is used to define routes (URLs) that map to specific functions. When a user accesses a particular URL, Flask calls the corresponding function to handle the request.

Q8. What is the difference between GET and POST HTTP methods?

 - The GET and POST HTTP methods serve different purposes in RESTful APIs. The GET method is used to retrieve data from the server and sends parameters in the URL, making it visible and cacheable. Since GET requests do not modify data, they are considered idempotent, meaning multiple identical requests produce the same result. In contrast, the POST method is used to send data to the server, typically to create a new resource. It includes data in the request body, making it more secure and suitable for handling sensitive information like login credentials or form submissions. Unlike GET, POST is not idempotent, meaning repeated requests can create multiple instances of a resource. For example, a GET request to /products?category=laptops retrieves a list of laptops, whereas a POST request to /users with a JSON payload creates a new user account.

Q9.  How do you handle errors in Flask APIs?

 - Handling Errors in Flask APIs

Flask provides several ways to handle errors in APIs to ensure better user experience and debugging.

1️⃣ Using HTTP Status Codes → Return appropriate HTTP responses, such as 400 Bad Request for invalid input or 404 Not Found when a resource is missing.

2️⃣ Custom Error Handlers → Define specific handlers for common errors like 404 Not Found or 500 Internal Server Error to return user-friendly JSON responses.

3️⃣ Exception Handling with Try-Except → Use try-except blocks to catch runtime errors, such as division by zero or database errors, and return meaningful error messages.

4️⃣ Logging Errors → Implement logging to record errors and help with debugging by tracking issues in production.

Q10. How do you connect Flask to a SQL database?

 - Connecting Flask to a SQL Database
Flask can connect to SQL databases using SQLAlchemy, a powerful Object Relational Mapper (ORM) that simplifies database interactions.

Q11. What is the role of Flask-SQLAlchemy?

 - Flask-SQLAlchemy is an extension for Flask that integrates SQLAlchemy, a powerful Object Relational Mapper (ORM), to manage databases efficiently. It simplifies database interactions by allowing developers to use Python classes instead of raw SQL queries.

Q12. What are Flask blueprints, and how are they useful?

 - A Flask Blueprint is a way to organize a Flask application into modular components. It helps break a large application into smaller, reusable parts, making the code more structured, maintainable, and scalable.

Q13. What is the purpose of Flask's request object?

 - In Flask, the request object is used to access incoming HTTP request data from clients (e.g., browsers, API consumers). It allows handling various types of request-related information.

Q14. How do you create a RESTful API endpoint using Flask?

 - Creating a RESTful API Endpoint Using Flask

To create a RESTful API endpoint in Flask, follow these steps:

1️⃣ Install Flask → Ensure Flask is installed using pip install flask.

2️⃣ Initialize Flask App → Create a Flask application instance.

3️⃣ Define API Routes → Use @app.route() to define endpoints and specify HTTP methods (GET, POST, PUT, DELETE).

4️⃣ Handle Requests → Use Flask’s request object to retrieve query parameters, JSON data, or form data.

5️⃣ Return JSON Responses → Use jsonify() to send structured responses.

Q15. What is the purpose of Flask's jsonify() function?

 - Flask's jsonify() function is used to convert Python dictionaries, lists, or objects into JSON-formatted responses. It ensures that the API responses are correctly structured and include the appropriate MIME type (application/json).

Q16. Explain Flask’s url_for() function.

 - Flask’s url_for() function is used to dynamically generate URLs for routes defined in a Flask application. Instead of hardcoding URLs, url_for() ensures that links remain consistent and automatically update if routes change.

Q17. How does Flask handle static files (CSS, JavaScript, etc.)?

 - Flask automatically serves static files like CSS, JavaScript, and images from the static/ folder in the project directory.

Q18. What is an API specification, and how does it help in building a Flask API?

 - An API specification is a formal document that defines how an API should function. It describes endpoints, request/response formats, HTTP methods, authentication, and error handling.

How Does an API Specification Help in Building a Flask API?

1️⃣ Standardization → Ensures consistency in API structure, making it easier for developers to understand and use.
2️⃣ Clear Documentation → Acts as a guide for frontend/backend teams, reducing miscommunication.
3️⃣ Improved Collaboration → Helps multiple teams work together by defining expectations before development.
4️⃣ Automation & Testing → Tools like Swagger (OpenAPI) and Postman use API specifications for testing and validation.
5️⃣ Scalability → Makes it easier to update and expand the API while maintaining compatibility.

Q19. What are HTTP status codes, and why are they important in a Flask API?

 - HTTP status codes are three-digit responses returned by a server to indicate the outcome of a client's request. They help identify whether a request was successful, failed, or requires further action.

 Why Are HTTP Status Codes Important in a Flask API?

1️⃣ Clear Communication → Tells clients whether a request was successful or encountered an error.
2️⃣ Error Handling → Helps APIs handle failures properly by returning meaningful responses.
3️⃣ Debugging & Logging → Useful for tracking issues and improving API performance.
4️⃣ Standardized Responses → Ensures clients (frontend, mobile apps, or third-party services) can handle responses correctly.

Q20. How do you handle POST requests in Flask?

 - Flask processes POST requests to receive and handle data sent from a client, such as form submissions or JSON payloads in an API.

Steps to Handle a POST Request in Flask:

1️⃣ Define a Route → Use @app.route() with methods=['POST'].

2️⃣ Access Request Data → Extract data using request.form (form data) or request.json (JSON payload).

3️⃣ Process the Data → Store in a database, perform validation, or return a response.

4️⃣ Return a Response → Use jsonify() to send structured responses with appropriate HTTP status codes.

Q21. How would you secure a Flask API?

 - Securing a Flask API is essential to protect data, prevent unauthorized access, and safeguard against attacks. Below are key security practices:

1️⃣ Authentication & Authorization
Use JWT (JSON Web Tokens) or OAuth for authentication.

Implement API keys or OAuth 2.0 for restricted access.

2️⃣ Input Validation & Sanitization
Validate user input to prevent SQL Injection and XSS attacks.

Use libraries like Flask-WTF or marshmallow for input validation.

3️⃣ Secure API Endpoints
Use Flask’s @login_required for authentication.

Restrict access to sensitive routes with role-based access control (RBAC).

4️⃣ HTTPS & Secure Headers
Enforce HTTPS using SSL/TLS to encrypt data transmission.

Set secure headers with Flask-Talisman to prevent CORS vulnerabilities and clickjacking.

5️⃣ Rate Limiting
Implement rate limiting using Flask-Limiter to prevent DDoS attacks.

6️⃣ Protect Against CSRF Attacks
Use CSRF tokens (Flask-WTF) for form submissions.

Enable CORS properly using Flask-CORS.

7️⃣ Logging & Monitoring
Enable error logging to track security threats.

Use Flask-Logging or integrate with services like ELK stack, Datadog, or Sentry.

Q22. What is the significance of the Flask-RESTful extension?

 - Significance of Flask-RESTful Extension

Flask-RESTful is an extension that simplifies the creation of RESTful APIs in Flask. It provides a structured way to define API endpoints, handle requests, and manage responses efficiently.

Q23. What is the role of Flask’s session object?

 - Flask’s session object is used to store data across multiple requests for a specific user. It allows temporary data storage (e.g., authentication state, user preferences) that persists between requests.

# Practical

In [1]:
# 1. How do you create a basic Flask application

from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [2]:
# 2. How do you serve static files like images or CSS in Flask

from flask import Flask, send_from_directory

app = Flask(__name__)

@app.route('/static/<path:filename>')
def serve_static(filename):
    return send_from_directory('static', filename)

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [3]:
# 3. How do you define different routes with different HTTP methods in Flask

from flask import Flask, request

app = Flask(__name__)

@app.route('/users', methods=['GET', 'POST'])
def users():
    if request.method == 'GET':
        return "Fetching users"
    elif request.method == 'POST':
        return "Creating a new user"

@app.route('/users/<int:id>', methods=['PUT', 'DELETE'])
def user(id):
    if request.method == 'PUT':
        return f"Updating user {id}"
    elif request.method == 'DELETE':
        return f"Deleting user {id}"

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [4]:
# 4. How do you render HTML templates in Flask

# -Flask uses the Jinja2 templating engine to render dynamic HTML pages. You can store HTML files inside a templates/ folder and use render_template() to serve them.

Q5. How can you generate URLs for routes in Flask using url_for?

 -
 ```
 from flask import Flask, url_for

 app = Flask(__name__)

 @app.route('/home')
def home():
    return "Welcome to Home Page"

 @app.route('/dashboard')
def dashboard():
    return f"Dashboard URL: {url_for('dashboard')}"

 if __name__ == '__main__':
    app.run(debug=True
```

Q6.  How do you handle forms in Flask?

 -

```
from flask import Flask, request, render_template

 app = Flask(__name__)

 @app.route('/')
def index():
    return render_template('form.html')

 @app.route('/submit', methods=['POST'])
def submit():
    name = request.form['name']
    return f"Hello, {name}!"

 if __name__ == '__main__':
    app.run(debug=True)



Q7. How can you validate form data in Flask?

 -


```
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def form():
    error = None
    if request.method == 'POST':
        name = request.form.get('name')
        email = request.form.get('email')

        if not name or not email:
            error = "Name and Email are required!"
        elif "@" not in email:
            error = "Invalid email format!"
        else:
            return f"Welcome, {name}!"

    return render_template('form.html', error=error)

if __name__ == '__main__':
    app.run(debug=True)

```



Q8. How do you manage sessions in Flask?



```
from flask import Flask, session

app = Flask(__name__)
app.secret_key = "your_secret_key"  # Required for session security

```



Q9. How do you redirect to a different route in Flask?



```
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page!"

@app.route('/dashboard')
def dashboard():
    return "This is the Dashboard."

@app.route('/go-to-dashboard')
def go_to_dashboard():
    return redirect(url_for('dashboard'))  # Redirects to /dashboard

if __name__ == '__main__':
    app.run(debug=True)

```



Q10. How do you handle errors in Flask (e.g., 404)?



```
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(error):
    return render_template('404.html'), 404  # Return custom 404 page

```



Q11. How do you structure a Flask app using Blueprints?



```
from flask import Blueprint, render_template

# Create Blueprint instance
users_bp = Blueprint('users', __name__, url_prefix='/users')

@users_bp.route('/')
def user_home():
    return "User Home Page"

@users_bp.route('/profile')
def profile():
    return "User Profile Page"

```



Q12. How do you define a custom Jinja filter in Flask?



```
from flask import Flask, render_template

app = Flask(__name__)

# Custom Jinja filter: Reverse a string
@app.template_filter('reverse')
def reverse_string(value):
    return value[::-1]

@app.route('/')
def home():
    return render_template('index.html', name="Flask")

if __name__ == '__main__':
    app.run(debug=True)

```



Q13. How can you redirect with query parameters in Flask?



```
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page!"

@app.route('/search')
def search():
    query = request.args.get('q', 'No query provided')
    return f"Search results for: {query}"

@app.route('/go-to-search')
def go_to_search():
    return redirect(url_for('search', q='Flask tutorial'))

```



Q14. How do you return JSON responses in Flask?



```
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {"name": "Flask", "version": "2.0"}
    return jsonify(data)  # Converts dictionary to JSON response

if __name__ == '__main__':
    app.run(debug=True)

```



Q15. How do you capture URL parameters in Flask?



```
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def show_user(username):
    return f"User: {username}"

if __name__ == '__main__':
    app.run(debug=True)

```

