***THEORY QUESTIONS***

---





1. What is a RESTful API?
> A RESTful API (Representational State Transfer Application Programming Interface) is an API that adheres to the architectural style and principles of REST. It's the most common way for different software systems to communicate with each other over the internet.

2.  Explain the concept of API specification.
> An API specification acts as a comprehensive blueprint or contract for an API, formally detailing its capabilities, how it should be used, and the expected behaviors. It defines everything from available endpoints and the HTTP methods they support (like GET, POST, PUT, DELETE) to the structure of request and response bodies (including data types, required fields, and examples), authentication mechanisms, and potential error codes. This machine-readable and human-understandable document (often written in formats like OpenAPI Specification/Swagger, RAML, or API Blueprint) ensures consistency for developers building or consuming the API, facilitating smooth integration, automated documentation generation, and robust testing.

3. What is Flask, and why is it popular for building APIs?
> Flask is a lightweight Python web framework often referred to as a "microframework" because it provides only the essentials for web development without imposing a rigid structure or including unnecessary built-in tools like ORMs or form validation. It's built on top of the Werkzeug WSGI toolkit and the Jinja2 templating engine. Flask is popular for building APIs due to its simplicity and flexibility, allowing developers to choose their preferred tools and libraries for specific needs, which makes it ideal for creating RESTful APIs and microservices quickly and efficiently, with a clear separation between the API backend and the frontend.

4. What is routing in Flask?
> n Flask, routing is the process of mapping URLs (Uniform Resource Locators) to specific Python functions, called "view functions," that handle the incoming web requests for those URLs. When a user or client makes a request to a particular URL on your Flask application, Flask's routing system determines which view function should execute to generate a response. This mapping is typically achieved using the @app.route() decorator, which allows you to associate a URL pattern with a function, and you can also specify the HTTP methods (like GET, POST, PUT, DELETE) that the function should handle for that route, making it fundamental for structuring and controlling the flow of your web application or API.

5.  How do you create a simple Flask application?
> To create a simple Flask application, you first need to install Flask using pip (pip install Flask). Then, you'll create a Python file (e.g., app.py), import the Flask class, and create an instance of it, like app = Flask(__name__). Next, you define a Python function that will serve as a "view function" and use the @app.route('/') decorator above it to specify the URL path that should trigger this function (e.g., / for the homepage). Inside the function, you simply return the content you want to display (e.g., a string like "Hello, World!"). Finally, to run the application, add if __name__ == '__main__': app.run() at the end of the file, and then execute it from your terminal using python app.py or flask --app app run.

6. What are HTTP methods used in RESTful APIs?
> In RESTful APIs, HTTP methods (also known as HTTP verbs) are crucial for defining the type of action a client wants to perform on a resource, aligning directly with CRUD (Create, Read, Update, Delete) operations. The most commonly used methods are: GET for retrieving data (e.g., fetching a list of users or a specific user), POST for creating new resources (e.g., adding a new user), PUT for fully updating an existing resource or creating it if it doesn't exist (replacing the entire resource), and DELETE for removing a resource. Additionally, PATCH is used for partially updating a resource, allowing clients to send only the specific changes needed without sending the entire resource representation. These standardized methods ensure a predictable and uniform way for clients to interact with API resources.

7. What is the purpose of the @app.route() decorator in Flask?
> The primary purpose of the @app.route() decorator in Flask is to establish URL routing, effectively connecting a specific URL path to a Python function (known as a view function) that will handle requests made to that URL. When a client's web browser or API call requests a particular URL, Flask uses these decorated mappings to determine which Python function to execute. This decorator not only defines the URL pattern but can also specify which HTTP methods (like GET, POST, etc.) the associated function should respond to, making it fundamental for structuring your Flask application's endpoints and defining how it responds to different incoming web requests.

8. What is the difference between GET and POST HTTP methods?
> The core difference between GET and POST HTTP methods in RESTful APIs lies in their purpose, how they transmit data, and their side effects on the server.

  >GET is primarily used for retrieving data from the server. It's designed to be "safe" (meaning it doesn't change the server's state) and "idempotent" (meaning making the same GET request multiple times will produce the exact same result without any additional side effects). Data sent with a GET request is appended to the URL as query parameters, making it visible in browser history, server logs, and limiting the amount of data that can be sent. GET requests are also cacheable, which can improve performance.



  >POST, on the other hand, is used for sending data to the server to create or process new resources, often resulting in a change in the server's state. It's neither safe nor idempotent (repeated POST requests can create multiple resources or have different effects). Data sent with a POST request is included in the request body, making it more secure for sensitive information, allowing for larger amounts of data, and supporting various data types (like file uploads). POST requests are generally not cached.



In essence, use GET for fetching information when you don't intend to modify anything on the server, and use POST when you need to submit data that will create, update, or cause a significant action on the server.

9.  How do you handle errors in Flask APIs?
> In Flask APIs, errors are handled primarily through the @app.errorhandler() decorator, which allows developers to register custom functions to catch and process specific HTTP status codes (like 404 Not Found or 500 Internal Server Error) or Python exception types. When an error occurs, either automatically by Flask (e.g., a non-existent route) or explicitly raised using flask.abort(), these registered error handlers intercept the exception. The handler function then constructs and returns a suitable response, typically a JSON object containing an informative error message and the appropriate HTTP status code, ensuring a consistent and machine-readable error format for API consumers, while also preventing sensitive server details from being exposed.

10. How do you connect Flask to a SQL database?
> Connecting Flask to a SQL database is typically done using an Object-Relational Mapper (ORM) like Flask-SQLAlchemy, which is an extension that simplifies using SQLAlchemy with Flask. First, you install Flask-SQLAlchemy (e.g., pip install Flask-SQLAlchemy). Then, in your Flask application, you configure the SQLALCHEMY_DATABASE_URI setting in your app.config to specify the connection string for your database (e.g., sqlite:///site.db for SQLite, or mysql+pymysql://user:password@host/dbname for MySQL), and then create an instance of SQLAlchemy by passing your Flask app object to it. After defining your database models as Python classes that inherit from db.Model, you can create the database tables by calling db.create_all() within an application context, and subsequently use db.session to perform CRUD (Create, Read, Update, Delete) operations on your data using Python objects, abstracting away raw SQL queries.

11. What is the role of Flask-SQLAlchemy?
> Flask-SQLAlchemy serves as a vital extension for Flask that streamlines and simplifies the process of integrating and using SQLAlchemy, a powerful SQL toolkit and Object-Relational Mapper (ORM), within Flask applications. Its primary role is to bridge the gap between Flask's lightweight nature and SQLAlchemy's robust database capabilities by handling common boilerplate tasks. This includes setting up database connections, managing database sessions (ensuring they are properly created and torn down for each request), providing a declarative base for defining database models as Python classes, and offering convenient helper functions for performing CRUD (Create, Read, Update, Delete) operations. Essentially, Flask-SQLAlchemy abstracts away much of the complexity of direct SQLAlchemy configuration and usage, allowing Flask developers to interact with databases using Python objects and methods, rather than raw SQL, thereby enhancing development speed and maintaining the elegant simplicity characteristic of Flask applications.

12. What are Flask blueprints, and how are they useful?
> Flask Blueprints are a way to organize and modularize a Flask application into reusable, self-contained components, each with its own routes, templates, static files, and other resources, without being a full application itself. They are incredibly useful for larger Flask projects because they promote code organization, separation of concerns, and maintainability. By grouping related functionalities (e.g., an authentication module, a user management module, an admin panel) into separate blueprints, developers can manage complex applications more effectively, avoid conflicts in route names, apply URL prefixes to entire sections of the application, and even register the same blueprint multiple times at different locations, ultimately leading to a more structured, scalable, and manageable codebase.

13. What is the purpose of Flask's request object?
> The request object in Flask is a central and crucial component that serves as a global object representing the incoming HTTP request made by a client to your Flask application. Its primary purpose is to provide your view functions with access to all the data and metadata associated with the current request. This includes, but is not limited to:

HTTP Method: request.method (e.g., 'GET', 'POST', 'PUT', 'DELETE').
URL Parameters: request.args (for query string parameters like ?key=value).
Form Data: request.form (for data submitted via HTML forms, typically with POST requests).
JSON Data: request.json or request.get_json() (for parsing incoming JSON payloads in API requests).
Request Headers: request.headers (e.g., 'User-Agent', 'Content-Type', 'Authorization').
Cookies: request.cookies (for accessing cookies sent by the client).
File Uploads: request.files (for handling uploaded files in multipart/form-data requests).
Request Path and URL: request.path, request.url, request.base_url.

14.  How do you create a RESTful API endpoint using Flask?
> Creating a RESTful API endpoint in Flask involves defining a Python function that corresponds to a specific URL path and HTTP method, and then returning data, typically in JSON format. You start by importing Flask, jsonify, and request from the flask module, creating an app instance. Then, you use the @app.route() decorator above your function, specifying the desired URL path (e.g., /api/users) and explicitly setting the methods argument to include the HTTP verbs your endpoint should handle (e.g., ['GET', 'POST']). Inside the function, you access incoming request data using the request object (e.g., request.json for POST data or request.args for GET parameters), process it, and finally, return a JSON response using jsonify(), along with an appropriate HTTP status code.

15. What is the purpose of Flask's jsonify() function?
> The primary purpose of Flask's jsonify() function is to simplify the process of returning JSON (JavaScript Object Notation) formatted responses from Flask view functions, which is essential for building RESTful APIs. It automatically handles several crucial aspects: it converts Python dictionaries, lists, and other serializable objects into a JSON-formatted string, sets the HTTP Content-Type header of the response to application/json, and wraps the JSON string in a proper Flask Response object. This abstraction means you don't have to manually json.dumps() your data or set headers, making API development in Flask more concise and less error-prone, ensuring that the client receives the data in the expected JSON format.

16. Explain Flask’s url_for() function.
> Flask's url_for() function is a powerful and essential utility used for dynamically building URLs for specific functions (endpoints) within your Flask application. Instead of hardcoding URLs directly into your templates or Python code, url_for() allows you to refer to them by the name of the view function (or endpoint name, especially with blueprints). This provides several key benefits: flexibility and maintainability (if you change a URL route, you only need to update the @app.route() decorator, and all uses of url_for() referencing that function will automatically update), correctness (it automatically handles URL escaping for special characters and correctly generates absolute paths), and support for dynamic URLs (you can pass keyword arguments to url_for() to fill in variable parts of a URL, such as url_for('user_profile', username='JohnDoe') for a route like /users/<username>). It's crucial for generating links in templates, redirects, and anywhere else you need to reference an application endpoint without brittle hardcoding.

17. How does Flask handle static files (CSS, JavaScript, etc.)?
> Flask efficiently handles static files like CSS stylesheets, JavaScript files, images, and other client-side assets by serving them directly from a designated directory. By default, Flask looks for these files in a folder named static located in the same directory as your main Flask application file. To link to these static files within your HTML templates, Flask provides the url_for() function. You use it by calling url_for('static', filename='path/to/your/file.css'), where 'static' refers to the default static folder endpoint, and filename specifies the path to the file relative to that static directory. This dynamic URL generation ensures that your static files are correctly referenced, even if your application's base URL changes or is deployed in a different subpath. While Flask handles static files for development, for production environments, it's generally recommended to serve these files directly via a dedicated web server like Nginx or Apache for better performance and scalability.

18.  What is an API specification, and how does it help in building a Flask API?
> An API specification serves as a formal, machine-readable contract that comprehensively describes every aspect of an API, including its available endpoints, HTTP methods, expected request and response data structures (schemas), authentication requirements, and potential error codes. In building a Flask API, such a specification (often using standards like OpenAPI/Swagger) is immensely helpful as it provides a clear, unambiguous blueprint for both the API developers and the consumers. It allows for "design-first" API development, facilitating clear communication within development teams, enabling automated documentation generation (like Swagger UI), and streamlining the creation of client SDKs and automated tests, ultimately ensuring consistency, reducing integration effort, and improving the overall quality and maintainability of the Flask API.

19. What are HTTP status codes, and why are they important in a Flask API?
> HTTP status codes are three-digit numbers returned by a web server in response to an HTTP request, signaling the outcome of that request. They are fundamentally important in a Flask API (and any RESTful API) because they provide a standardized, universal way for the server to communicate the request's status to the client, without the client needing to parse the response body. This allows clients to programmatically understand whether a request was successful (e.g., 200 OK, 201 Created), required further action (e.g., 301 Moved Permanently), was a client error (e.g., 400 Bad Request, 404 Not Found, 401 Unauthorized), or a server error (e.g., 500 Internal Server Error). By using the correct status codes, a Flask API makes itself more intuitive, robust, and easily consumable by a wide range of clients, enabling them to react appropriately to different scenarios, from successful data retrieval to various types of errors.

20.  How do you handle POST requests in Flask?
> Handling POST requests in Flask involves creating a view function that listens for requests on a specific URL path, and crucially, specifying 'POST' within the methods argument of the @app.route() decorator. Inside this function, you access the data sent by the client, which is typically found in the request.form attribute for HTML form submissions (e.g., application/x-www-form-urlencoded or multipart/form-data) or request.json (or request.get_json()) for JSON payloads (e.g., application/json), common in API interactions. After processing this incoming data, such as saving it to a database or performing a calculation, the function then returns an appropriate response, often a JSON object indicating success and including the newly created resource's details, along with an HTTP status code like 201 Created.

21. How would you secure a Flask API?
> Securing a Flask API involves implementing several layers of defense to protect against various threats. Key aspects include:

Authentication: Verifying the identity of the client or user. Common methods include:

  >Token-based authentication (JWT - JSON Web Tokens): After a user logs in, the API issues a token. Subsequent requests include this token in the Authorization header. The server validates the token to ensure the request is from an authenticated user. Libraries like Flask-JWT-Extended are popular for this.
  >OAuth2: For third-party integrations, allowing users to grant limited access to their data without sharing credentials directly with the API.
  >API Keys: Simpler for machine-to-machine communication, where a secret key is sent with each request.
  >Authorization: Determining what an authenticated user is permitted to do. This often involves:

  >Role-Based Access Control (RBAC): Assigning roles (e.g., 'admin', 'user') to users and granting permissions based on those roles.
  >Permission-Based Access Control: Directly assigning specific permissions (e.g., 'read:users', 'write:products') to users or roles. This is implemented by checking user permissions within view functions or using decorators.
  >Data Validation and Sanitization:

  >Input Validation: Strictly validating all incoming data to ensure it conforms to expected types, formats, and constraints, preventing common attacks like SQL injection and cross-site scripting (XSS). Libraries like Marshmallow or Pydantic can be very helpful here.
  >Output Sanitization: Ensuring that any data returned to the client is properly escaped to prevent XSS vulnerabilities, especially in cases where user-generated content might be displayed.
  >HTTPS (SSL/TLS): Always enforce HTTPS to encrypt all communication between the client and the API. This prevents eavesdropping and man-in-the-middle attacks, protecting sensitive data (like credentials and API tokens) in transit. You'd typically set this up with a web server like Nginx or Apache, or use extensions like Flask-Talisman for handling security headers.

  >CORS (Cross-Origin Resource Sharing): Properly configure CORS headers to control which origins (domains) are allowed to access your API. By default, browsers prevent cross-origin requests for security reasons. Flask-CORS extension makes it easy to specify allowed origins, methods, and headers, preventing unauthorized domains from interacting with your API.

  >Rate Limiting: Implement rate limiting to prevent abuse, brute-force attacks, and denial-of-service (DoS) attacks by restricting the number of requests a client can make within a given timeframe. Flask-Limiter is a popular extension for this.

  >Secret Key Management: Ensure your Flask SECRET_KEY and any other sensitive keys (e.g., database credentials, API keys) are stored securely, preferably as environment variables, and never hardcoded in your source code.

  >Error Handling and Logging: Implement robust error handling to return generic, non-informative error messages to the client for server-side errors, while logging detailed error information securely on the server for debugging.

  >Protection against CSRF (Cross-Site Request Forgery): While typically more critical for web applications with session-based authentication, if your API uses cookies or relies on browser-based authentication, CSRF tokens should be implemented (e.g., with Flask-WTF or Flask-SeaSurf).

  >Dependency Management: Regularly update Flask and all its dependencies to their latest versions to benefit from security patches and bug fixes.

22. What is the significance of the Flask-RESTful extension?
> The Flask-RESTful extension significantly simplifies and streamlines the process of building RESTful APIs with Flask by providing a higher-level abstraction over Flask's core functionalities. Instead of defining routes for each HTTP method individually with @app.route(), Flask-RESTful introduces a resource-oriented approach, allowing developers to define API endpoints as Python classes that inherit from Resource. Within these classes, specific methods like get(), post(), put(), and delete() directly correspond to the respective HTTP verbs, making the code more organized, readable, and adhering more closely to REST principles. It also offers helpful features like request parsing, automatic JSON response formatting (marshalling), and integrated error handling, ultimately reducing boilerplate code and accelerating the development of robust and well-structured REST APIs in Flask.

23. What is the role of Flask's session object?
> In Flask, the session object plays a crucial role in managing user-specific data across multiple requests, providing a way for a web application to "remember" information about a particular user as they navigate through the site. Unlike the request object, which is temporary and tied to a single incoming HTTP request, the session object allows you to store small pieces of data (e.g., user ID, login status, preferences, shopping cart contents) that persist between page loads for a specific client.

***PRACTICAL QUESTIONS***

---



In [None]:
''' 1) How do you create a basic Flask application? '''
from flask import Flask

app = Flask(__name__)

@app.route('/')
def hello_world():
    return 'Hello, World!'

if __name__ == '__main__':
    app.run()

 * Serving Flask app '__main__'
 * Debug mode: off


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m


In [None]:
# 2) How do you serve static files like images or CSS in Flask?
from flask import Flask

app = Flask(__name__)

@app.route('/')
def index():
    return '<img src="/static/example.jpg">'

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 3) How do you define different routes with different HTTP methods in Flask?
from flask import Flask, request

app = Flask(__name__)

@app.route('/example', methods=['GET', 'POST'])
def example_route():
    if request.method == 'GET':
        return "This is a GET request"
    elif request.method == 'POST':
        return "This is a POST request"

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 4) How do you render HTML templates in Flask?
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/hello/')
@app.route('/hello/<name>')
def hello(name=None):
    return render_template('hello.html', name=name)

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 5) How can you generate URLs for routes in Flask using url_for?
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def index():
    return 'Index'

@app.route('/profile/<username>')
def profile(username):
    return f'{username}\'s profile'

with app.test_request_context():
    print(url_for('index'))
    print(url_for('profile', username='JohnDoe'))

/
/profile/JohnDoe


In [None]:
# 6) How do you handle forms in Flask/
from flask import Flask, render_template, request, redirect, url_for

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def handle_form():
    if request.method == 'POST':
        username = request.form['username']
        return redirect(url_for('welcome', username=username))
    return render_template('form.html')

@app.route('/welcome/<username>')
def welcome(username):
    return render_template('welcome.html', username=username)

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 7) How can you validate form data in Flask?
!pip install wtforms
from flask import Flask, render_template, request
from wtforms import Form, StringField, validators

app = Flask(__name__)

class InputForm(Form):
    name = StringField('Name', [validators.Length(min=1, max=50)])

@app.route('/', methods=['GET', 'POST'])
def input():
    form = InputForm(request.form)
    if request.method == 'POST' and form.validate():
        return render_template('success.html', name=form.name.data)
    return render_template('input.html', form=form)

if __name__ == '__main__':
    app.run(debug=True)

Collecting wtforms
  Downloading wtforms-3.2.1-py3-none-any.whl.metadata (5.3 kB)
Downloading wtforms-3.2.1-py3-none-any.whl (152 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m152.5/152.5 kB[0m [31m2.6 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: wtforms
Successfully installed wtforms-3.2.1
 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 8) How do you manage sessions in Flask?
from flask import Flask, session, redirect, url_for, render_template

app = Flask(__name__)
app.secret_key = "your_secret_key"

@app.route('/')
def index():
    if 'username' in session:
        username = session['username']
        return f'Logged in as {username} <br><a href="/logout">Logout</a>'
    return 'You are not logged in <br><a href="/login">Login</a>'

@app.route('/login', methods=['GET', 'POST'])
def login():
    from flask import request
    if request.method == 'POST':
        session['username'] = request.form['username']
        return redirect(url_for('index'))
    return render_template('login.html')

@app.route('/logout')
def logout():
    session.pop('username', None)
    return redirect(url_for('index'))

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 9) How do you redirect to a different route in Flask?
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def index():
    return 'Index Page'

@app.route('/redirect')
def do_redirect():
    return redirect(url_for('target'))

@app.route('/target')
def target():
    return 'Target Page'

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 10) How do you handle errors in Flask (e.g., 404)?
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

@app.route('/')
def index():
    return 'Hello, World!'

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


In [None]:
# 11)  How do you structure a Flask app using Blueprints?
from flask import Flask

def create_app():
    app = Flask(__name__)
    app.config.from_object('config')

    from .blueprints.admin import admin_bp
    from .blueprints.auth import auth_bp

    app.register_blueprint(admin_bp, url_prefix='/admin')
    app.register_blueprint(auth_bp, url_prefix='/auth')

    return app

from app import create_app

app = create_app()

if __name__ == '__main__':
    app.run(debug=True)

class Config:
    SECRET_KEY = "your_secret_key"

from flask import Blueprint, render_template

admin_bp = Blueprint('admin', __name__, template_folder='../templates')

@admin_bp.route('/')
def admin_index():
    return render_template('admin/index.html')

@admin_bp.route('/users')
def admin_users():
    return render_template('admin/users.html')

from flask import Blueprint, render_template, request, redirect, url_for

auth_bp = Blueprint('auth', __name__, template_folder='../templates')

@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        return redirect(url_for('auth.profile'))
    return render_template('auth/login.html')

@auth_bp.route('/profile')
def profile():
    return render_template('auth/profile.html')

In [None]:
# 12) How do you define a custom Jinja filter in Flask?
from flask import Flask, render_template

app = Flask(__name__)

def reverse_string(s):
    return s[::-1]

app.jinja_env.filters['reverse_string'] = reverse_string

@app.route('/')
def index():
    my_string = "Hello, World!"
    return render_template('index.html', my_string=my_string)

if __name__ == '__main__':
    app.run(debug=True)
```

**Explanation**

1.  Import Flask.
2.  Create a Flask app instance.
3.  Define a function (e.g., `reverse_string`) that will act as the filter.  This function takes an input, processes it, and returns the modified value.
4.  Register the function with the Jinja environment using `app.jinja_env.filters['filter_name'] = filter_function`.  The `filter_name` is what you'll use in your templates.
5.  Create a route and render a template, passing in any data you want to use with the filter.
6.  Run the Flask app.

**index.html**

```html
<!DOCTYPE html>
<html>
<head>
    <title>Jinja Filter Example</title>
</head>
<body>
    <p>Original String: {{ my_string }}</p>
    <p>Reversed String: {{ my_string | reverse_string }}</p>
</body>
</html>

In [None]:
# 13)  How can you redirect with query parameters in Flask?
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def index():
    return redirect(url_for('target', param1='value1', param2='value2'))

@app.route('/target')
def target():
    p1 = request.args.get('param1')
    p2 = request.args.get('param2')
    return f'Target page. Param1: {p1}, Param2: {p2}'

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
# 14) How do you return JSON responses in Flask?
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        'name': 'John Doe',
        'age': 30,
        'city': 'New York'
    }
    return jsonify(data)

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
# 15) How do you capture URL parameters in Flask?
from flask import Flask, request

app = Flask(__name__)

@app.route('/user/<username>')
def show_user_profile(username):
    return f'User: {username}'

@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f'Post ID: {post_id}'

@app.route('/search')
def search():
    query = request.args.get('q')
    page = request.args.get('page', default=1, type=int)
    return f'Query: {query}, Page: {page}'

if __name__ == '__main__':
    app.run(debug=True)