#**Restful API and Flask**


### **1. What is a RESTful API?**

A **RESTful API** (Representational State Transfer) is a set of web services that follow REST principles.

‚úÖ **Key features:**

* Uses **HTTP methods** (GET, POST, etc.)
* Stateless (each request is independent)
* Returns data in **JSON** or **XML**
* Works over standard **HTTP protocol**



---

### **2. Explain the concept of API specification.**

An **API specification** defines **how the API works** ‚Äî what endpoints exist, what input/output they expect, and error responses.

Popular formats:

* **OpenAPI (Swagger)** ‚Äì Industry standard to describe REST APIs
* Describes **routes**, **methods**, **parameters**, and **responses**

---

### **3. What is Flask, and why is it popular for building APIs?**

**Flask** is a lightweight Python web framework.

‚úÖ Why it‚Äôs popular:

* Easy to learn and use
* Minimal setup
* Perfect for building small to medium REST APIs
* Large ecosystem (e.g., Flask-SQLAlchemy, Flask-Login)

---

### **4. What is routing in Flask?**

**Routing** in Flask connects **URLs (routes)** to **Python functions**.

üìå Example:

```python
@app.route('/hello')
def hello():
    return "Hello, World!"
```

---

### **5. How do you create a simple Flask application?**

```python
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return 'Welcome to Flask!'

if __name__ == '__main__':
    app.run(debug=True)
```

---

### **6. What are HTTP methods used in RESTful APIs?**

Common methods:

* `GET`: Retrieve data
* `POST`: Send new data
* `PUT`: Update existing data
* `DELETE`: Remove data
* `PATCH`: Partial update

---

### **7. What is the purpose of the `@app.route()` decorator in Flask?**

It **binds a URL** to a Python function, so when the route is hit, that function runs.

Example:

```python
@app.route('/about')
def about():
    return 'About Page'
```

---

### **8. What is the difference between GET and POST HTTP methods?**

| Feature       | **GET**         | **POST**                |
| ------------- | --------------- | ----------------------- |
| Purpose       | Retrieve data   | Send/create data        |
| Data Location | URL             | Body                    |
| Idempotent    | Yes             | No                      |
| Use case      | Reading records | Submitting forms, login |

---

### **9. How do you handle errors in Flask APIs?**

Use **error handlers** or return proper response codes.

```python
@app.errorhandler(404)
def not_found(e):
    return {'error': 'Not found'}, 404
```

---

### **10. How do you connect Flask to a SQL database?**

Use **Flask-SQLAlchemy**:

```python
from flask_sqlalchemy import SQLAlchemy

app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///data.db'
db = SQLAlchemy(app)
```

---

### **11. What is the role of Flask-SQLAlchemy?**

It‚Äôs an **ORM (Object-Relational Mapper)** that lets you interact with the database using **Python classes**, instead of SQL queries.

‚úÖ Benefits:

* Cleaner code
* Easy migrations
* Relationships support

---

### **12. What are Flask blueprints, and how are they useful?**

**Blueprints** let you **split your app into components or modules**.

‚úÖ Useful for:

* Organizing large apps (e.g., user routes, admin routes)
* Reusable APIs

```python
from flask import Blueprint

api = Blueprint('api', __name__)
@api.route('/users')
def users():
    return "Users List"
```

---

### **13. What is the purpose of Flask's `request` object?**

It gives access to **incoming request data**, such as:

* `request.form`: for form data
* `request.json`: for JSON body
* `request.args`: for query parameters

üìå Example:

```python
from flask import request

name = request.args.get('name')
```

---

### **14. How do you create a RESTful API endpoint using Flask?**

```python
from flask import Flask, jsonify, request

app = Flask(__name__)

@app.route('/api/user', methods=['POST'])
def add_user():
    data = request.json
    return jsonify({'message': 'User added', 'user': data}), 201
```

---

### **15. What is the purpose of Flask's `jsonify()` function?**

`jsonify()` converts a Python dictionary into a **JSON response**, which is the standard format in REST APIs.

```python
return jsonify({'name': 'Ali', 'role': 'admin'})
```
Here are clear and complete answers to your Flask API questions (16‚Äì23), tailored for easy understanding:

---

### **16. Explain Flask‚Äôs `url_for()` function**

`url_for()` generates a **URL for a specific route** based on the function name, rather than hardcoding the path.

‚úÖ Benefits:

* Avoids broken links if routes change
* Helps in dynamic routing

üìå Example:

```python
@app.route('/profile/<username>')
def profile(username):
    return f'Welcome {username}'

# Generate the URL:
url_for('profile', username='ali')  # Output: /profile/ali
```

---

### **17. How does Flask handle static files (CSS, JavaScript, etc.)?**

Flask automatically serves **static files** (CSS, JS, images) from a folder named **`static/`**.

üìÅ Project structure:

```
/project
   app.py
   /static
      style.css
```

üìå Usage in HTML:

```html
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
```

---

### **18. What is an API specification, and how does it help in building a Flask API?**

An **API specification** defines:

* **Endpoints**
* **Methods (GET, POST, etc.)**
* **Parameters**
* **Response format**
* **Error codes**

‚úÖ **Benefits:**

* Acts like a blueprint or documentation
* Helps developers understand how to use your API
* Can be auto-generated using **OpenAPI / Swagger**

---

### **19. What are HTTP status codes, and why are they important in a Flask API?**

**HTTP status codes** are 3-digit numbers that tell the client what happened to their request.

‚úÖ Examples:

* `200 OK` ‚Äì Request successful
* `201 Created` ‚Äì New resource added
* `400 Bad Request` ‚Äì Client-side error
* `404 Not Found` ‚Äì Resource doesn‚Äôt exist
* `500 Internal Server Error` ‚Äì Server problem

üìå Use in Flask:

```python
return jsonify({"msg": "User created"}), 201
```

---

### **20. How do you handle POST requests in Flask?**

Use the `methods` parameter in `@app.route()` and access data using `request.json` or `request.form`.

üìå Example:

```python
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit():
    data = request.json
    return jsonify({'received': data}), 200
```

---

### **21. How would you secure a Flask API?**

‚úÖ **Common security practices:**

1. **Input validation & sanitization**
2. **Use HTTPS**
3. **Authentication** ‚Äì Token-based (e.g., JWT) or API Key
4. **Rate limiting** ‚Äì Prevent abuse
5. **Cross-Origin Resource Sharing (CORS)** ‚Äì Use Flask-CORS to allow specific domains
6. **Hide sensitive info** ‚Äì Use environment variables

üìå JWT Example:

```bash
pip install flask-jwt-extended
```

---

### **22. What is the significance of the Flask-RESTful extension?**

**Flask-RESTful** is an extension that makes it **easier to build REST APIs** by organizing them into **resources and methods**.

‚úÖ Features:

* Clean code with `Resource` classes
* Auto input parsing
* Better error handling

üìå Example:

```python
from flask_restful import Api, Resource

api = Api(app)

class Hello(Resource):
    def get(self):
        return {'message': 'Hello'}

api.add_resource(Hello, '/hello')
```

---

### **23. What is the role of Flask‚Äôs `session` object?**

The `session` object stores **user-specific data across multiple requests**, using cookies.

‚úÖ Key points:

* Stores data **server-side (secure)**
* Signed using a secret key
* Great for login systems, shopping carts, etc.

üìå Example:

```python
from flask import session

session['username'] = 'ali'
user = session.get('username')
```
