#Restful API & Flask Assignment

###Theory Questions

Q1.What is a RESTful API?

--> A RESTful API is an API (Application Programming Interface) that follows the principles of REST (Representational State Transfer) — an architectural style for designing networked applications.

Key Principles of REST

1.Client-Server

  Client (frontend) and server (backend) are separate.

  Client makes requests, server sends responses.

2.Stateless

  Each request must contain all necessary info.

3.Uniform Interface

  Standard way to interact with resources (use URLs + HTTP methods).

4.Resources are identified by URLs

  Example:

    /users → all users

    /users/5 → user with ID 5

5.Use of HTTP Methods properly

  GET → Retrieve data

  POST → Create new data

  PUT/PATCH → Update data

  DELETE → Remove data

6.Representation of resources

  Resources can be represented as JSON, XML, or HTML (JSON is most common).


A RESTful API is a web service that exposes resources via URLs, lets clients interact with them using HTTP methods, and usually exchanges data in JSON.


Q2.Explain the concept of API specification.

--> An API specification is a formal description of how an API works.
It defines the rules, endpoints, request/response formats, authentication methods, and error handling so that developers know exactly how to use (or implement) the API.

Think of it as the blueprint / contract between:

  API provider (backend) - who build the service

  API consumer (frontend/mobile/3rd parties) - who use the service

API Specification Importantance:

    Ensures clear communication between backend & frontend teams.

    Allows automation (tools can generate documentation, client SDKs, and even tests).

    Prevents misunderstandings about how to call the API.

    Makes onboarding faster for new developers.



Q3.What is Flask, and why is it popular for building APIs?

--> Flask is a lightweight, open-source Python web framework.
It is often called a “micro-framework” because it provides the essentials (routing, request handling, templates, etc.) but leaves many choices (databases, authentication, etc.) up to the developer.

Flask gives you just enough tools to build a web app or API, without forcing a big structure.

Flask is Popular for Building APIs:

1.Simplicity & Flexibility

    Very little boilerplate — you can build a working API with just a few lines.

2.Lightweight (Micro-framework)

    Unlike Django (which is more heavyweight), Flask lets you add only what you need (e.g., SQLAlchemy, Marshmallow, JWT).

    Perfect for small APIs and microservices.

3.Great for RESTful APIs

    Flask has simple support for routes, URL parameters, JSON request/response — everything an API needs.

4.Large Ecosystem & Extensions

  Add-ons like:

    Flask-RESTful / Flask-RESTx → build REST APIs easily

    Flask-JWT-Extended → authentication with JWT

    Flask-SQLAlchemy → database ORM

    Flask-Swagger / OpenAPI → API documentation

5.Community & Popularity

    Huge community, widely used in industry and teaching.

    Tons of tutorials, StackOverflow support, and extensions.

6.Easy Learning Curve

    Great for beginners learning web development and APIs.

    You can start small and scale up as needed.

7.Integration Friendly

    Works well with machine learning models (TensorFlow, PyTorch, scikit-learn).

    Many people use Flask to deploy ML models as APIs.




Q4.What is routing in Flask?

--> In Flask, routing means mapping a URL (web address) to a function in your Python code.

    When a user visits a URL (like /home), Flask decides which function to run based on the route defined.

    This function is called a view function and it returns a response (like HTML, JSON, or plain text).

How Routing Works in Flask

    You define a route using the @app.route() decorator.

    Inside, you specify the URL path.

    The function linked to that path is executed when the URL is visited.

Routing in Flask is how you connect URLs to functions. It allows you to control what happens when someone visits a certain web address.


Q5.How do you create a simple Flask application?

--> Steps to Create a Simple Flask Application

1.Install Flask:

pip install flask

2.Create a file (e.g., app.py)

    from flask import Flask

    Create a Flask app instance

    app = Flask(__name__)

    Define a route (URL) and its view function

    @app.route('/')

    def home():

        return "Hello, Flask!"

    Run the app

    if __name__ == '__main__':

        app.run(debug=True)

3.Run the Flask app

In the terminal, run:
python app.py

4.Open in browser with link




Q6.What are HTTP methods used in RESTful APIs?

--> In REST, different HTTP methods are used to represent CRUD operations (Create, Read, Update, Delete)

1.GET : Retrieve data (read-only).

2.POST : Create new resource.

3.PUT : Update/replace a resource (full update).

4.PATCH : Partially update a resource.

5.DELETE : Remove a resource.



Q7.What is the purpose of the @app.route() decorator in Flask?

--> Purpose of @app.route() in Flask

The @app.route() decorator is used to map a URL path to a Python function (called a view function).

    When a client (like a browser) visits that URL, Flask runs the associated function and returns the response (HTML, JSON, text, etc.).

    Without routes, Flask wouldn’t know which function should handle a given request.

Q8.What is the difference between GET and POST HTTP methods?

Difference Between GET and POST

GET

1.used to retrieve data from the server

2.Data is sent in the URL query string

3.Parameters are visible in the URL

4.Data size limit is
Limited

5.Safe & idempotent → Multiple GETs don't change data.

GET = request data (read-only, safe, parameters in URL).

POST

1.Used to send data to the server

2.Data is sent in the request body

3.Parameters are hidden in the body

4.Can send large amounts of data

5.Each POST may create a new resource/change state

POST = send data (create/update, hidden in body, larger & more secure).



Q9.How do you handle errors in Flask APIs?

--> Ways to Handle Errors in Flask APIs

1.Using @app.errorhandler()

Flask lets you define custom responses for specific HTTP error codes.

2.Using abort()

You can trigger an error intentionally with abort().

3.Handling Validation Errors

Example: If required data is missing in a POST request.

4.Global Error Handling with before_request / after_request

You can intercept and format all errors in a consistent JSON style.



Always return JSON responses instead of HTML.

Include meaningful error messages and status codes (400, 404, 401, 500).

Use Flask-RESTful or Flask-API extensions for cleaner error handling in larger projects.

Q10.How do you connect Flask to a SQL database?


--> Flask on its own doesn't come with a database, but it integrates very well with SQL databases

1.Using Flask-SQLAlchemy (Recommended)

Flask-SQLAlchemy is an ORM (Object Relational Mapper) that makes database interaction easier.

2.Using Raw SQL with sqlite3 (Lightweight)

For very simple apps, you can use Python's built-in sqlite3 library.



Q11.What is the role of Flask-SQLAlchemy?

--> Flask-SQLAlchemy is an extension for Flask that makes it much easier to work with SQL databases. It provides a high-level abstraction called an ORM (Object Relational Mapper) so that instead of writing raw SQL queries, you can interact with your database using Python classes and objects.

Key Roles of Flask-SQLAlchemy

1.Database Connection Management

It handles connecting your Flask app to different SQL databases (SQLite, MySQL, PostgreSQL, etc.) using a simple config.

2.Defines Models as Python Classes

Each class represents a table, and each attribute represents a column.

3.Simplifies CRUD Operations

4.Querying Made Easy

5.Database Schema Management

6.Supports Relationships

Easy definition of relationships between tables


Flask-SQLAlchemy is the bridge between Flask and SQL databases, letting you use Python code instead of raw SQL for database operations.

Q12.What are Flask blueprints, and how are they useful?

--> A Blueprint in Flask is like a mini-application inside your Flask project.

It lets you organize routes, templates, static files, and other code into reusable modules, instead of putting everything into a single app.py file.

Think of a Blueprint as a collection of related views and logic that can be registered on the main Flask app.

Blueprints useful:

1.Better Organization

Instead of one giant file, you can split your app into multiple files (e.g., auth.py, blog.py).

2.Reusability

A Blueprint can be reused across projects (for example, an auth Blueprint for login/signup).

3.Scalability

Makes it easy to maintain and scale large applications by grouping functionality.

4.Team Collaboration

Different developers can work on different Blueprints independently.


Blueprints = modular, reusable pieces of a Flask app

Useful for: organization, reusability, scalability, and teamwork

Q13.What is the purpose of Flask's request object?

--> Purpose of Flask's request object

The request object in Flask (from flask import request) is a global object that represents the current incoming HTTP request.

It lets you access data sent by the client (browser, API client, etc.) such as:

    Form inputs (from HTML forms)

    JSON data (from API requests)

    Query parameters (from URLs like ?id=10)

    Request headers (like cookies, auth tokens, user-agent)

    HTTP method (GET, POST, etc.)




Q14.How do you create a RESTful API endpoint using Flask?

--> Steps to Create a RESTful API Endpoint in Flask

1.Install Flask

pip install flask

2.Import Flask & JSON utilities

from flask import Flask, request, jsonify

3.Create Flask app

app = Flask(__name__)

4.Define RESTful API endpoints

Use HTTP methods (GET, POST, PUT, DELETE) to follow REST conventions.

Q15.What is the purpose of Flask's jsonify() function?

--> Purpose of Flask's jsonify() function

The jsonify() function is used to convert Python objects into JSON responses and send them to the client with the correct Content-Type header (application/json).

It ensures your API returns properly formatted JSON instead of raw Python dictionaries.


jsonify() = Converts Python objects → JSON response

Q16.Explain Flask's url_for() function?

--> The url_for() function is used to generate URLs for routes dynamically in Flask.
Instead of hardcoding URLs as strings ("/about"), you use the function name of the view — Flask will build the correct URL for you.

This makes your app more flexible:

    If you change the route path later, you don't need to update links everywhere.

    It avoids mistakes with hardcoded URLs.

Q17.How does Flask handle static files (CSS, JavaScript, etc.)?

-->
1.By default, Flask looks for a folder called static/ in your project directory.

2.Any file inside this folder can be served directly via the special route:

/static/<filename>

3.You can access static files in templates using url_for('static', filename='...').

In short:

Flask serves files from the static/ folder automatically.

Use url_for('static', filename='file') inside templates to link them.

You can directly access them via /static/<filename>.

Q18.What is an API specification, and how does it help in building a Flask API?

--> API Specification

An API specification is a detailed document (or file) that describes how an API works.
It defines:

    Endpoints (URLs)

    HTTP methods (GET, POST, PUT, DELETE, etc.)

    Request parameters (query, path, headers, body)

    Response formats (JSON, XML, etc.)

    Error codes (e.g., 400 Bad Request, 404 Not Found)

Think of it as a blueprint/contract between the API provider (your Flask app) and the clients.

How It Helps with Flask

With this spec, you can:

Use Flask-RESTful or Flask-Smorest to build endpoints that match it.

Generate interactive docs (Swagger UI / ReDoc).

Ensure frontend and backend are in sync.



Q19.What are HTTP status codes, and why are they important in a Flask API?

--> HTTP status codes are 3-digit numbers returned by a server in response to a client's request.

They indicate whether the request was successful, failed, or requires further action.

They are grouped into categories:

    1xx – Informational (e.g., 100 Continue)

    2xx – Success (e.g., 200 OK, 201 Created)

    3xx – Redirection (e.g., 301 Moved Permanently)

    4xx – Client Errors (e.g., 400 Bad Request, 404 Not Found)

    5xx – Server Errors (e.g., 500 Internal Server Error)

Why are They Important in Flask APIs:

In a Flask API, status codes are important because they:

1.Tell the client what happened

  Example: Was the request successful? Did the client send wrong data? Did the server fail?

2.Enable proper error handling

  Frontend apps (or other clients) can react differently depending on the code.

3.Improve debugging

  Developers can quickly spot if a failure is due to client-side mistakes (4xx) or server issues (5xx).

4.Follow REST best practices

  RESTful APIs rely heavily on status codes to make APIs predictable and easy to use.

Q20.How do you handle POST requests in Flask?

--> POST is an HTTP method used to send data to the server.

Common use cases:

    Creating new resources (e.g., a new user)

    Submitting forms

    Uploading files



In [None]:
#Handling POST requests in Flask

from flask import Flask, request, jsonify

app = Flask(__name__)

# POST with form data
@app.route('/submit', methods=['POST'])
def submit():
    data = request.form   # For form data
    return jsonify(data.to_dict())

# POST with JSON data
@app.route('/json', methods=['POST'])
def json_submit():
    data = request.get_json()   # For JSON
    return jsonify(data)

if __name__ == '__main__':
    app.run(debug=True)

Q21.How would you secure a Flask API?

--> Securing a Flask API is very important because APIs often expose sensitive data or allow actions like user registration, payments, etc.

Here are the main ways to secure a Flask API:

1.Use HTTPS

    Always run your API over HTTPS (not plain HTTP).

    Ensures data is encrypted between client and server.

    In production, use a reverse proxy like Nginx with an SSL certificate (e.g., Let’s Encrypt).

2.Authentication & Authorization

  Protect endpoints so only authorized users can access them.

  Common methods:

    API Keys → simple, but less secure.

    Token-based auth (JWT – JSON Web Token) → widely used.

    OAuth2 → for third-party integrations (e.g., Google login).

3.Validate and Sanitize Input

  Prevent attacks like SQL injection or XSS.

  Always validate POST data (request.get_json() or request.form).

  Use libraries like Marshmallow or Flask-WTF for validation.

4.Rate Limiting

  Prevent DoS attacks by limiting requests per user/IP.

5.CORS (Cross-Origin Resource Sharing)

  If your API is accessed from a frontend app, control who can call it.

6.Error Handling & Hiding Stack Traces

  Don't expose detailed errors to clients (attackers could exploit them).

  Use custom error handlers with generic messages.

7.Secure Secrets & Config

  Store API keys, DB credentials, SECRET_KEY in environment variables, not code.

  Use python-dotenv or system environment variables.

  

Q22.What is the significance of the Flask-RESTful extension?

--> The Flask-RESTful extension is widely used when building RESTful APIs with Flask. Instead of writing everything manually with routes and request handling, it provides a higher-level abstraction that makes building APIs faster, cleaner, and more maintainable.

Significance of Flask-RESTful:

1.Class-Based Resources

  Normally in Flask, you write functions for routes.

  With Flask-RESTful, you define resources as classes.

  Each HTTP method (GET, POST, PUT, DELETE) becomes a method of the class.

2.Automatic Routing

  No need to write multiple @app.route() decorators.

  Just use api.add_resource() to map a class to a URL.

3.Built-in Request Parsing

  Provides reqparse for handling and validating request data.

4.Automatic JSON Responses

  Flask-RESTful automatically converts dictionaries into JSON responses.

5.Error Handling

  Provides simple ways to return HTTP status codes and error messages.

6.Scalability

  Encourages an organized, modular structure for large APIs.

  Each resource is defined separately, making it easy to maintain.

Q23.What is the role of Flask's session object?

--> The session object in Flask plays a key role in handling user sessions — that is, storing data across multiple requests from the same user.

Role of Flask's session object:

1.Stores User-Specific Data

  Each user interacting with your Flask app gets a unique session.

  You can store things like login state, shopping cart items, preferences, etc.

2.Persists Across Requests

Unlike request, which is per-request only, session data stays available until the user logs out, session expires, or the browser is closed.

3.Implemented Using Secure Cookies

  By default, Flask stores the session data in a signed cookie on the client's browser.

  It is cryptographically signed using SECRET_KEY so the user can't tamper with it.

4.Used for Authentication

  Commonly used to keep users logged in after they authenticate.

5.Temporary Storage

Sessions are cleared automatically when the browser closes (unless configured otherwise).



###Practical

1.How do you create a basic Flask application?

In [None]:
# first create new directory for project then to create and activate
# virtual envirnoment to manage dependencies
python -m venv myvenv
myvenv\Scripts\activate
#install flask
pip install Flask
#inside project directory create a python file app.py
#add below code
from flask import Flask

app = flask(__name__)

@app.route('/')
def hello():
  return 'Hello World!'

if __name__ == '__main__':
  app.run(debuh = True)

#in terminal or command prompt write command to run
python app.py

2.How do you serve static files like images or CSS in Flask?


In [None]:

#Default static folder

#Accessing static file
<!DOCTYPE html>
<html>
<head>
    <title>Flask Static Example</title>
    <!-- CSS file -->
    <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
</head>
<body>
    <h1>Hello Flask</h1>
    <!-- Image -->
    <img src="{{ url_for('static', filename='images/logo.png') }}" alt="Logo">
    <!-- JavaScript file -->
    <script src="{{ url_for('static', filename='script.js') }}"></script>
</body>
</html>

#flaskautomatically serves files
#custom static folder

from flask import Flask, render_template

app = Flask(__name__, static_folder='assets')

@app.route('/')
def home():
    return render_template("index.html")

if __name__ == '__main__':
    app.run(debug=True)


3.How do you define different routes with different HTTP methods in Flask?

In [None]:
#Use one function for multiple methods

from flask import Flask, request
app = Flask(__name__)

@app.route('/user', methods=['GET', 'POST'])
def user():
    if request.method == 'GET':
        return "GET request - Fetching user info"
    elif request.method == 'POST':
        return "POST request - Creating a new user"

#use separate functions for the same route with different methods

@app.route('/user', methods=['GET'])
def get_user():
    return "GET - Fetching user info"

@app.route('/user', methods=['POST'])
def create_user():
    return "POST - Creating user"



4.How do you render HTML templates in Flask?

In [None]:
#create folder name templates inside it create file name index.html
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>{{ title }}</title>
</head>
<body>
    <h1>{{ heading }}</h1>
    <p>This is a list of items:</p>
    <ul>
        {% for item in items %}
            <li>{{ item }}</li>
        {% endfor %}
    </ul>
</body>
</html>

#in app.py import render_template

from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    # Define some dynamic data
    page_title = "My Flask App"
    main_heading = "Welcome to the Homepage"
    items_list = ["apple", "banana", "cherry"]

    return render_template(
        'index.html',
        title=page_title,
        heading=main_heading,
        items=items_list
    )

if __name__ == '__main__':
    app.run(debug=True)


5.How can you generate URLs for routes in Flask using url_for?

In [None]:
from flask import Flask, url_for, render_template_string

app = Flask(__name__)

@app.route('/')
def home():
    return 'Welcome to Home Page!'

@app.route('/about')
def about():
    return 'This is About Page'

@app.route('/profile/<username>')
def profile(username):
    return f"Profile page of {username}"

@app.route('/links')
def links():
    # Generate URLs using url_for
    home_url = url_for('home')
    about_url = url_for('about')
    profile_url = url_for('profile', username="pratiksha")

    return render_template_string("""
        <h1>Links</h1>
        <ul>
            <li><a href="{{ home_url }}">Home</a></li>
            <li><a href="{{ about_url }}">About</a></li>
            <li><a href="{{ profile_url }}">Profile</a></li>
        </ul>
    """, home_url=home_url, about_url=about_url, profile_url=profile_url)

if __name__ == "__main__":
    app.run(debug=True)


6.How do you handle forms in Flask?

In [None]:
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/form')
def form():
    return render_template('form.html')  # HTML with <form method="POST">

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form['name']   # get form field by name
    return f"Hello, {name}!"


7.How can you validate form data in Flask?

In [None]:
from flask import Flask, render_template, request, flash, redirect, url_for

app = Flask(__name__)
app.secret_key = "supersecretkey"   # Needed for flash messages

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        name = request.form.get('name')
        email = request.form.get('email')

        # Simple validation
        if not name or not email:
            flash("All fields are required!", "error")
            return redirect(url_for('register'))

        if "@" not in email:
            flash("Invalid email address!", "error")
            return redirect(url_for('register'))

        flash("Registration successful!", "success")
        return redirect(url_for('register'))

    return render_template('register.html')


#html

<!DOCTYPE html>
<html>
<head><title>Register</title></head>
<body>
    <h2>Register</h2>
    <form method="POST">
        Name: <input type="text" name="name"><br><br>
        Email: <input type="text" name="email"><br><br>
        <input type="submit" value="Register">
    </form>

    <!-- Display flash messages -->
    {% with messages = get_flashed_messages(with_categories=true) %}
        {% if messages %}
            <ul>
            {% for category, message in messages %}
                <li style="color: {% if category=='error' %}red{% else %}green{% endif %};">
                    {{ message }}
                </li>
            {% endfor %}
            </ul>
        {% endif %}
    {% endwith %}
</body>
</html>



8.How do you manage sessions in Flask?

In [None]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = "supersecretkey"  # Required for session security

@app.route('/')
def home():
    if "username" in session:
        return f"Welcome {session['username']}! <br><a href='/logout'>Logout</a>"
    return "You are not logged in. <a href='/login'>Login here</a>"

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == "POST":
        session["username"] = request.form["username"]
        return redirect(url_for("home"))
    return '''
        <form method="post">
            <input type="text" name="username" placeholder="Enter username">
            <input type="submit" value="Login">
        </form>
    '''

@app.route('/logout')
def logout():
    session.pop("username", None)  # remove username from session
    return redirect(url_for("home"))

if __name__ == "__main__":
    app.run(debug=True)





9.How do you redirect to a different route in Flask?

In [None]:
from flask import Flask, redirect

app = Flask(__name__)

@app.route('/')
def index():
    return "This is the home page."

@app.route('/go-to-home')
def go_to_home():
    # Directly redirect to the route path
    return redirect("/")

if __name__ == "__main__":
    app.run(debug=True)


10.How do you handle errors in Flask (e.g., 404)?

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to Flask!"

# Custom 404 page
@app.errorhandler(404)
def page_not_found(error):
    return render_template("404.html"), 404

# Custom 500 page
@app.errorhandler(500)
def internal_error(error):
    return render_template("500.html"), 500

if __name__ == "__main__":
    app.run(debug=True)

#html
<!DOCTYPE html>
<html>
<head><title>Page Not Found</title></head>
<body>
    <h1>404 - Oops! Page not found.</h1>
    <p>The page you are looking for does not exist.</p>
    <a href="/">Go Home</a>
</body>
</html>


11.How do you structure a Flask app using Blueprints?

In [None]:
from flask import Blueprint, render_template

blog_bp = Blueprint("blog", __name__, url_prefix="/blog", template_folder="templates")

@blog_bp.route("/")
def blog_home():
    return render_template("blog_home.html")


12.How do you define a custom Jinja filter in Flask?

In [None]:
from flask import Flask, render_template_string

app = Flask(__name__)

# Define custom filter
@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

@app.route('/')
def home():
    text = "Flask"
    return render_template_string(
        "<h1>Original: {{ text }}</h1>"
        "<h2>Reversed: {{ text|reverse }}</h2>",
        text=text
    )

if __name__ == "__main__":
    app.run(debug=True)


13.How can you redirect with query parameters in Flask

In [None]:
from flask import Flask, redirect, request

app = Flask(__name__)

@app.route('/')
def home():
    return "Home Page"

@app.route('/search')
def search():
    query = request.args.get("q", "")
    return f"Search results for: {query}"

@app.route('/go-to-search')
def go_to_search():
    # Manually construct the URL with query parameters
    return redirect("/search?q=flask+tutorial")

if __name__ == "__main__":
    app.run(debug=True)


14.How do you return JSON responses in Flask?

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    return jsonify({
        "name": "Pratiksha",
        "age": 22,
        "skills": ["Python", "Flask", "Data Science"]
    })

if __name__ == "__main__":
    app.run(debug=True)


15.How do you capture URL parameters in Flask?

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def show_user(username):
    return f"Hello, {username}!"


if __name__ == "__main__":
    app.run(debug=True)
