# Restful API & Flask

Q1. What is a RESTful API?

- A RESTful API is an application programming interface that follows the principles of REST (Representational State Transfer), a set of architectural guidelines for designing web services. It allows different software systems to communicate over the internet using standard HTTP methods such as 'GET', 'POST', 'PUT', and 'DELETE'. In a RESTful API, resources (such as users, products, or posts) are identified by unique URLs, and each request is stateless, meaning the server does not store information about the client’s previous requests. The client and server operate independently, interacting through these APIs without the server needing to know anything about the client beyond the current request. RESTful APIs return data in formats like JSON or XML and use standard HTTP response codes (such as '200 OK', 404 Not Found, or '500 Internal Server Error') to indicate the outcome of a request. This makes RESTful APIs simple, flexible, and widely used for building scalable web and mobile applications.

Q2. Explain the concept of API specification?

- An API specification is a detailed, structured description of how an Application Programming Interface (API) works — it defines how clients (such as apps or services) should interact with the API. It acts like a contract between the API provider and the consumer, outlining exactly what endpoints are available, what inputs (parameters, headers, body data) are expected, what outputs (response formats, status codes) will be returned, and what rules or behaviors the API follows.

Q3. What is Flask, and why is it popular for building APIs?

- Flask is a lightweight, open-source Python web framework that makes it easy to build web applications and APIs. It was designed to be simple, flexible, and minimalistic, allowing developers to create web services quickly without unnecessary complexity. Flask is often described as a "micro-framework" because it doesn’t come with built-in features like authentication, database ORM, or form handling — instead, it gives you the essentials and lets you add only what you need using extensions.
- Why is Flask popular for building APIs?

 Simplicity & minimalism:
Flask has a clean, easy-to-understand structure. You can create a working API with just a few lines of code.

 Flexibility:
You can structure your API however you want. Flask doesn’t force a specific project layout or design pattern, giving you full control.

 Built-in development server:
Flask comes with a built-in server for quick testing and debugging during development.

 Good for RESTful APIs:
Flask makes it straightforward to map HTTP methods (GET, POST, PUT, DELETE) to Python functions and handle requests and responses.

Q4. What is routing in Flask?

- In Flask, routing refers to the process of mapping URLs (web addresses) to specific functions in your application, which are called view functions or route handlers. When a user or client sends a request to a particular URL, Flask uses the defined routes to determine which function should handle that request and generate a response. Routes are created using the '@app.route()' decorator, where you specify the URL pattern and optionally the HTTP methods (such as 'GET', 'POST', 'PUT', 'DELETE) that the route should accept. This allows you to design clean and organized web APIs or web pages, where each URL corresponds to a specific resource or action. For example, you can define /api/users' to handle requests related to users or '/api/products' for product-related actions. Flask's routing system makes it easy to build RESTful APIs by associating URLs and HTTP methods with the appropriate logic in your Python code.

Q5. How do you create a simple Flask application?

- Steps to create a simple Flask app

1. Install Flask-
Run this command in your terminal:

          pip install flask
2. Create a Python file-
app.py
3. Write the basic Flask code:
        from flask import Flask
        app = Flask(__name__)

        @app.route('/')
        def home():
          return 'Hello, Flask!'

        if __name__ == '__main__':
          app.run(debug=True)
4. Run the Flask app-
In the terminal, execute:
        python app.py
5. Open in browser-
        http://127.0.0.1:5000/
6. OUTPUT:
        Hello, Flask!

Q6. What are HTTP methods used in RESTful APIs?

- Common HTTP methods in RESTful APIs

1. GET — Retrieve data from the server.
Used to fetch a resource or a list of resources without modifying anything.
2. POST — Create a new resource on the server.
Used when you want to add something new (e.g., a new user or post).
3. PUT — Update an existing resource completely.
Replaces the entire resource with new data.
4. PATCH — Partially update an existing resource.
Only the specified fields are updated.
5.  DELETE — Remove a resource from the server.

Q7. What is the purpose of the @app.route() decorator in Flask?

- The '@app.route()' decorator in Flask is used to map a specific URL to a Python function, allowing your application to respond to requests sent to that URL. When a client accesses the URL, Flask calls the associated function and returns its output as the response. This decorator helps define routes for different parts of your web app or API and can also specify which HTTP methods (like 'GET' or 'POST') the route should handle.

Q8. What is the difference between GET and POST HTTP methods?

- The main difference between GET and POST HTTP methods lies in how they send data and their intended purpose. GET is used to retrieve data from the server without making any changes; it sends data (like query parameters) in the URL, which makes it visible and suitable for safe, repeatable requests such as fetching a webpage or resource. POST, on the other hand, is used to send data to the server to create or process something, such as submitting a form or creating a new record. It sends data in the request body, keeping it hidden from the URL and allowing larger or more sensitive data to be transmitted. Additionally, GET requests can be cached and bookmarked, while POST requests cannot.

Q9.  How do you handle errors in Flask APIs?
- In Flask APIs, errors are handled by returning meaningful responses with proper HTTP status codes and messages. You can do this by manually returning error responses in your routes, using '@app.errorhandler' to define custom handlers for common errors (like 404 or 500), or using 'abort()' to trigger HTTP exceptions. You can also use try-except blocks to catch and handle specific errors inside your functions. This helps ensure the API gives clear and useful feedback to clients when something goes wrong.

Q10. How do you connect Flask to a SQL database?

- To connect Flask to a SQL database, you typically use an ORM (Object Relational Mapper) like SQLAlchemy, or you can use a database connector directly. The most common approach is with Flask-SQLAlchemy, which integrates SQLAlchemy into Flask.

 Steps to connect Flask to a SQL database:
1. Install Flask-SQLAlchemy:
        pip install flask-sqlalchemy
2. Configure the database in your Flask app:
        from flask import Flask
        from flask_sqlalchemy import SQLAlchemy

        app = Flask(__name__)
        app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db'
        db = SQLAlchemy(app)
3. Define your models:
        class User(db.Model):
          id = db.Column(db.Integer, primary_key=True)
          name = db.Column(db.String(100))
          email = db.Column(db.String(120), unique=True)
4. Create the database and tables:
          with app.app_context():
            db.create_all()

Q11. What is the role of Flask-SQLAlchemy?

- The role of Flask-SQLAlchemy is to make it easy to connect a Flask application to a SQL database and interact with that database using SQLAlchemy’s ORM (Object Relational Mapper).

 It provides a simple way to:
* Define database models as Python classes.
* Perform database operations (like create, read, update, delete) without writing raw SQL queries.
* Handle database connections and sessions automatically.
* Work with multiple types of databases (e.g., SQLite, MySQL, PostgreSQL) with the same code.

Q12. What are Flask blueprints, and how are they useful?

- Flask blueprints are a way to organize and structure large Flask applications by breaking them into smaller, reusable, and modular components. A blueprint acts like a mini-application: it can contain routes, templates, static files, and other logic. Instead of defining all routes and views in a single file, you can group related functionality (such as admin, user, or API sections) into separate blueprints and then register them on the main app.

Q13. What is the purpose of Flask's request object?

- The Flask 'request' object is used to access all the data sent by a client in an HTTP request. It allows your application to easily read form data, JSON payloads, query parameters, headers, cookies, and uploaded files. The 'request' object also provides information about the request itself, such as the HTTP method (GET, POST, etc.), the URL, and the client’s IP address. This makes it possible for your Flask app to process user input, handle API calls, and respond appropriately based on what the client sends.

Q14. How do you create a RESTful API endpoint using Flask?

- You can create a RESTful API endpoint using Flask by defining a route with @app.route() and specifying the allowed HTTP methods (like GET, POST, PUT, DELETE). Inside the route’s function, you handle the logic and return a response, often in JSON format.

Q15. What is the purpose of Flask's jsonify() function?

- The purpose of Flask’s 'jsonify()' function is to help you easily create a proper JSON response from your Python data (like dictionaries or lists) and send it back to the client. It automatically converts your data into JSON format, sets the correct 'Content-Type: application/json' header, and ensures that the response is well-formed.

```python
from flask import jsonify

@app.route('/api/data')
def get_data():
    return jsonify({'name': 'John', 'age': 25})
```

- This makes it simple and safe to return JSON data in Flask APIs without manually converting it using 'json.dumps()' or handling headers yourself.

Q16. Explain Flask’s url_for() function.

- Flask’s url_for() function is used to generate the URL for a given view function dynamically. Instead of hardcoding URLs in your app, you can use url_for() to build them based on the function name, making your code cleaner and easier to maintain.
It automatically updates URLs if you change your route patterns and can also add query parameters.

Q17.  How does Flask handle static files (CSS, JavaScript, etc.)?

- Flask handles static files like CSS, JavaScript, and images by serving them from a special folder named static/ in your project directory. By default, Flask automatically makes files in this folder available at the URL path /static/.
      /static/css/style.css
* You can access it in the browser like:
      http://localhost:5000/static/css/style.css
* In your HTML templates, you can use url_for('static', filename='css/style.css') to generate the correct URL.

Q18. What is an API specification, and how does it help in building a Flask API?

- An API specification is a detailed document or blueprint that defines how an API should behave. It describes the available endpoints (routes), supported HTTP methods (like GET, POST), request formats, response formats (usually JSON), parameters, headers, and possible error codes.

 In building a Flask API, an API specification helps by:
* Providing a clear guide for developers on what the API expects and returns.
* Making collaboration easier between backend, frontend, and API consumers.
* Allowing you to generate documentation or client code automatically (using tools like Swagger/OpenAPI).
* Ensuring consistency and reducing errors as your API grows.

Q19. What are HTTP status codes, and why are they important in a Flask API?

- HTTP status codes are standardized 3-digit numbers that a server (like a Flask API) sends back with a response to indicate the result of the client’s request. They help clients (such as browsers, apps, or other services) understand whether a request was successful, failed, or needs special handling.

 Examples:

 200 OK — The request was successful.

 201 Created — A new resource was successfully created.

 400 Bad Request — The client sent invalid data.

 404 Not Found — The requested resource doesn’t exist.

 500 Internal Server Error — Something went wrong on the server.

 Importance:
* Provides clear feedback to the client about what happened.
* Helps API consumers handle responses properly (e.g., retry, show error).
* Follows web standards, improving compatibility and reliability.

Q20. How do you handle POST requests in Flask?

- In Flask, POST requests are handled by defining a route that explicitly allows the 'POST' method using the '@app.route()' decorator with 'methods=['POST']'. Inside the route function, you can access the data sent by the client using the 'request' object. For example, if the client sends JSON data, you can use 'request.get_json()' to retrieve it, or if form data is sent, you can use 'request.form'. After processing the data, the server usually returns a response using 'jsonify()' along with an appropriate HTTP status code, such as '201 Created' to indicate that the data was successfully received or a resource was created. This allows the API to effectively handle client submissions, such as creating new records or processing form inputs.

Q21. How would you secure a Flask API?


* **Authentication and Authorization** — Use methods like API keys, tokens (e.g., JWT), or OAuth to ensure only authorized users can access certain endpoints.

* **Input validation and sanitization** — Always validate and sanitize data received from clients to prevent attacks like SQL injection or cross-site scripting (XSS).

* **HTTPS** — Serve your API over HTTPS to encrypt data in transit and protect it from interception.

* **Rate limiting** — Implement rate limiting (using tools like 'Flask-Limiter') to prevent abuse or denial-of-service attacks.

* **CORS (Cross-Origin Resource Sharing)** — Configure CORS properly to control which domains can access your API.

* **Error handling** — Avoid exposing sensitive information in error messages; provide generic error responses.

* **Secure session and cookie settings** — If your API uses sessions, enable flags like 'HttpOnly' and 'Secure' for cookies.

Q22. What is the significance of the Flask-RESTful extension?

- significance of Flask-RESTful:

* It allows you to define API resources as Python classes, with methods like get(), post(), put(), and delete(), making the code more modular and readable.
* It simplifies request parsing and validation (e.g., using reqparse for handling input).
* It helps manage HTTP status codes and responses more easily.
* It encourages a structured, consistent design for APIs, especially useful for larger projects.

Q23. What is the role of Flask’s session object?

- The Flask session object is used to store data about a user across multiple requests. It allows your application to remember information (such as login status, user preferences, or temporary data) between different pages or API calls by the same client.
Unlike cookies that are stored on the client side, session data is stored securely on the server (or signed in a cookie) and is linked to the client with a session cookie. Flask uses a secret key to cryptographically sign the session data, ensuring that the client can’t tamper with it.








# PRACTICAL QUESTION

In [None]:
#Q1. How do you create a basic Flask application?

#STEPS
#In your terminal or command prompt:
pip install Flask

#Create your Flask app file (app.py)

from flask import Flask
app = Flask(__name__)

@app.route('/')
def home():
    return 'Hello, Flask!'
if __name__ == '__main__':
    app.run(debug=True)

#-----Run the app-------
python app.py

# Open your browser and go to:
http://127.0.0.1:5000/

#-----OUTPUT-----
Hello, Flask!


In [None]:
#Q2. How do you serve static files like images or CSS in Flask?

#-------STEPS--------

# Create python file(app.py)
# Create static folder for CSS file
# Create tamplates folder for HTML file

#---------Write CSS code---------
"""
body {
    background-color: lightblue;
}
h1 {
    color: darkblue;
}
"""

#----------Write HTML code---------

"""
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>My Flask Page</title>
    <!-- Link to the CSS file -->
    <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
</head>
<body>
    <h1>Hello, Flask with CSS and Image!</h1>
    <!-- Show the image -->
    <img src="{{ url_for('static', filename='image.png') }}" alt="My Image">
</body>
</html>

"""
#---------python code---------
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == '__main__':
    app.run(debug=True)

#----Run code-----
python app.py

#-----in browser------
http://127.0.0.1:5000/

# Now you can see output with image

In [None]:
#Q3. How do you define different routes with different HTTP methods in Flask?

from flask import Flask, request

app = Flask(__name__)

@app.route('/')
def home():
    return 'This is the home page (GET)!'

@app.route('/submit', methods=['POST'])
def submit():
    return 'You sent a POST request!'

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        return 'Processing login (POST)'
    else:
        return 'Please enter your login details (GET)'

if __name__ == '__main__':
    app.run(debug=True)

#----Run the app-----
python app.py

#------In browser----
http://127.0.0.1:5000/ - You’ll see home page (GET)

http://127.0.0.1:5000/login  - You’ll see login GET message

In [None]:
#Q4.  How do you render HTML templates in Flask?

#Create HTML Template

"""
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>My Flask Page</title>
</head>
<body>
    <h1>Welcome to Flask!</h1>
    <p>This is a rendered HTML template.</p>
</body>
</html>

"""

#----------Create flask app----------
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == '__main__':
    app.run(debug=True)

#----Run code----
python app.py

#----in your browser-----
http://127.0.0.1:5000/

#-----You'll see----
Welcome to Flask!
This is a rendered HTML template.


In [None]:
#Q5. How can you generate URLs for routes in Flask using url_for?

from flask import Flask, url_for, redirect

app = Flask(__name__)

@app.route('/')
def home():

    profile_url = url_for('profile', username='Mohit')
    return f'Go to <a href="{profile_url}">Mohit\'s Profile</a>'

@app.route('/profile/<username>')
def profile(username):
    return f'Welcome to {username}\'s profile!'

@app.route('/go-to-profile')
def go_to_profile():

    return redirect(url_for('profile', username='Mohit'))

if __name__ == '__main__':
    app.run(debug=True)


#--------- output-----

#Open http://127.0.0.1:5000/
#You’ll see:   Go to Mohit's Profile

# Clicking it - shows: Welcome to Mohit's profile!


In [None]:
#Q6.How do you handle forms in Flask?

#-------------------------------------
#Create a form in HTML (template)

"""

<!DOCTYPE html>
<html>
<head>
    <title>Simple Form</title>
</head>
<body>
    <h1>Enter your name</h1>
    <form method="POST">
        <input type="text" name="name" placeholder="Your name" required>
        <button type="submit">Submit</button>
    </form>
</body>
</html>

"""
# Set up a route in Flask to handle GET and POST


from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'POST':

        name = request.form['name']
        return f"Hello, {name}!"
    return render_template('form.html')

if __name__ == '__main__':
    app.run(debug=True)

# Run Terminal
python app.py

#in browser you'll see
Enter your name and submit button when you type your name browser show Hello,your name!

In [None]:
#Q7. How can you validate form data in Flask?

#-----Create a python file

from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def index():
    error = None
    if request.method == 'POST':
        name = request.form.get('name', '').strip()
        if not name:
            error = "Name is required!"
        else:
            return f"Hello, {name}!"
    return render_template('form.html', error=error)

if __name__ == '__main__':
    app.run(debug=True)



#------Create HTML form

"""
<!DOCTYPE html>
<html>
<head>
    <title>Form with Validation</title>
</head>
<body>
    <h1>Enter your name</h1>
    {% if error %}
        <p style="color:red;">{{ error }}</p>
    {% endif %}
    <form method="POST">
        <input type="text" name="name" placeholder="Your name">
        <button type="submit">Submit</button>
    </form>
</body>
</html>
"""
# Run in Terminal
python app.py

#in browser you'll see

#Enter your name and submit button
#If you submit empty -shows: name is required!
#If you enter a name → shows: Hello,<name>!

In [None]:
#Q8. How do you manage sessions in Flask?

#Import session from flask
#Set a secret_key in your app (used to sign the session)
#Store and access data using session dict

from flask import Flask, session, redirect, url_for, request, render_template

app = Flask(__name__)
app.secret_key = 'your-secret-key'

@app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'POST':

        session['username'] = request.form['username']
        return redirect(url_for('welcome'))
    return render_template('login.html')

@app.route('/welcome')
def welcome():
    if 'username' in session:
        return f"Welcome, {session['username']}!"
    return redirect(url_for('index'))

@app.route('/logout')
def logout():

    session.pop('username', None)
    return redirect(url_for('index'))

if __name__ == '__main__':
    app.run(debug=True)


#--------Create Html Login page

"""
<!DOCTYPE html>
<html>
<head>
    <title>Login Form</title>
</head>
<body>
    <h1>Login</h1>
    <form method="POST">
        <input type="text" name="username" placeholder="Enter username" required>
        <button type="submit">Login</button>
    </form>
</body>
</html>

"""
#when you run this
#Enter a username - redirects to /welcome - shows Welcome, <username>!
#Visit /logout - clears session - goes back to login

In [None]:
#Q9. How do you redirect to a different route in Flask?

from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page!"

@app.route('/login')
def login():

    return redirect(url_for('dashboard'))

@app.route('/dashboard')
def dashboard():
    return "Welcome to your Dashboard!"

if __name__ == '__main__':
    app.run(debug=True)

#Run the code
#Visit /login
#Flask redirects you to /dashboard

#You see- Welcome to your Dashboard!


In [None]:
#Q10. How do you handle errors in Flask (e.g., 404)?

from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the home page!"

@app.errorhandler(404)
def page_not_found(error):

    return "<h1>404 - Page Not Found</h1><p>Sorry, this page does not exist.</p>", 404

if __name__ == '__main__':
    app.run(debug=True)

#Visit http://127.0.0.1:5000 → shows "Welcome to the home page!"
#Visit any non-existing page, http://127.0.0.1:5000/abc you'll see
404 - Page Not Found
Sorry, this page does not exist.


In [None]:
#Q11. How do you structure a Flask app using Blueprints?


#---- create app.py file

from flask import Flask
from home.routes import home_bp
from user.routes import user_bp

app = Flask(__name__)

app.register_blueprint(home_bp)
app.register_blueprint(user_bp)

if __name__ == '__main__':
    app.run(debug=True)


#-----create home/routes.py file

from flask import Blueprint, render_template

home_bp = Blueprint('home', __name__)

@home_bp.route('/')
def home():
    return render_template('home.html')

#------ create user/routes.py

from flask import Blueprint, render_template

user_bp = Blueprint('user', __name__, url_prefix='/user')

@user_bp.route('/')
def user_home():
    return render_template('user.html')

#------ create templates/home.html file

"""
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
       <h1>Welcome to the Home Page!</h1>
       <a href="/user/">Go to User Page</a>
</body>
</html>
"""

#--------create templates/user.html

"""
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
       <h1>Welcome to the User Page!</h1>
       <a href="/">Go to Home</a>
</body>
</html>
"""

#When you open http://127.0.0.1:5000/
Welcome to the Home Page!
[Go to User Page link]

#When you click the link
Welcome to the User Page!
[Go to Home link]


In [None]:
#Q12. How do you define a custom Jinja filter in Flask?

from flask import Flask, render_template

app = Flask(__name__)

@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

@app.route('/')
def home():
    return render_template('index.html', name='Mohit')

if __name__ == '__main__':
    app.run(debug=True)

#-----templates/index.html

"""
<!DOCTYPE html>
<html>
<head>
    <title>Custom Jinja Filter</title>
</head>
<body>
    <h1>Original: {{ name }}</h1>
    <h1>Reversed: {{ name | reverse }}</h1>
</body>
</html>
"""
#-------OUTPUT---------

#When you visit http://127.0.0.1:5000/, you’ll see:
Original: Mohit
Reversed: tihoM


In [None]:
#Q13.How can you redirect with query parameters in Flask?
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def home():

    return redirect(url_for('greet', name='Mohit', age=25))

@app.route('/greet')
def greet():

    name = request.args.get('name')
    age = request.args.get('age')
    return f"Hello, {name}! You are {age} years old."

if __name__ == '__main__':
    app.run(debug=True)

#--------OUTPUT-------
# when you Open http://127.0.0.1:5000/
# Flask redirects you to:http://127.0.0.1:5000/greet?name=Mohit&age=25
# The page shows
Hello, Mohit! You are 25 years old.


In [None]:
#Q14.  How do you return JSON responses in Flask?

from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        'name': 'Mohit',
        'age': 25,
        'city': 'Delhi'
    }
    return jsonify(data)

if __name__ == '__main__':
    app.run(debug=True)


#---------OUTPUT--------

#visit:
http://127.0.0.1:5000/api/data

#You’ll get JSON output:
{
  "name": "Mohit",
  "age": 25,
  "city": "Delhi"
}


In [None]:
#Q15.How do you capture URL parameters in Flask?

from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def show_user(username):
    return f"Hello, {username}!"

@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"

if __name__ == '__main__':
    app.run(debug=True)


#for output open browser and visit link- http://127.0.0.1:5000/user/Alice
# you'll see- Hello, Alice!

#visit link- http://127.0.0.1:5000/post/10
# you'll see- Post ID: 10
