#Restful API & Flask

1.What is a RESTful AP?
  - A RESTful API is an application programming interface (API) that follows the principles of REST (Representational State Transfer) architecture.

It uses HTTP methods (GET, POST, PUT, DELETE, etc.).

Resources are identified by URLs.

Data is usually exchanged in JSON or XML format.

It is stateless (each request is independent).



2. Explain the concept of API specification.
   - An API Specification is a detailed, structured description of how an API should work. It defines the rules of communication between the client (user, app, or service) and the server (API provider). It describes available endpoints (URLs) and their purposes.

It Specifies HTTP methods (GET, POST, PUT, DELETE, etc.) for each endpoint.

It Defines input parameters (query params, path params, request body).

It Defines response structure (status codes, JSON/XML format).

It May also include authentication & security requirements.






3. What is Flask, and why is it popular for building APIs?
   - Flask is a lightweight, open-source Python web framework.

It is often called a “micro-framework” because it does not come with too many built-in tools — you add only what you need using extensions.

It is mainly used to build web applications and RESTful APIs.


The Flask is Popular for Building APIs , beacuse the reason behind these are:
1. Lightweight & Simple – Easy to set up and learn, perfect for beginners.


2. Flexibility – Gives developers full control; you can choose your database, authentication method, etc.


3. Built-in Routing – Simple to map URLs to Python functions.


4. Extensions Available – Like Flask-SQLAlchemy (DB), Flask-RESTful (APIs), Flask-JWT (security).


5. JSON Support – Built-in support for returning JSON responses (needed for APIs).


6. Scalable – Suitable for small projects as well as large applications.


7. Active Community – Lots of documentation and community support.





4.What is routing in Flask?
 - Routing is the process of mapping URLs to specific functions in a Flask app.
Example:


```
# @app.route('/hello')
def hello():
    return "Hello World!"

```

Here, /hello URL is routed to the hello() function.



5.How do you create a simple Flask application?
  - To create a basic Flask app, follow these steps:


---

 Steps:

1. Install Flask:



pip install flask

2. Create a Python file, e.g., app.py.


3. Write this code:



```
# from flask import Flask   # import Flask

# create Flask application object
app = Flask(_name_)

# define a route (URL) and a function
@app.route('/')
def home():
    return "Welcome to Flask!"
# run the application
if _name_ == '_main_':
    app.run(debug=True)
```







6.What are HTTP methods used in RESTful APIs?
 - HTTP Methods in RESTful APIs

RESTful APIs use HTTP methods to perform operations on resources (data).

 - GET – Retrieve data (read).

Example: GET /users → fetch list of users.


- POST – Create a new resource.

Example: POST /users → add a new user.


 - PUT – Update an existing resource (replace fully).

Example: PUT /users/1 → update user with ID 1.


 - PATCH – Partially update a resource.

Example: PATCH /users/1 → update only certain fields.


 - DELETE – Remove a resource.

Example: DELETE /users/1 → delete user with ID 1.




7.What is the purpose of the @app.route() decorator in Flask?
  - The @app.route() decorator in Flask is used to map a URL path to a specific function in your application.

When a client visits that URL, Flask runs the function and returns the response.

It defines the route (URL path) for a function.

It can specify HTTP methods:


```
# @app.route('/submit', methods=['POST'])
```
Makes the code cleaner and more readable.




8.What is the difference between GET and POST HTTP methods?
  -The fundamental difference between GET and POST HTTP methods lies in their purpose and how they handle data:
# GET:
- **Purpose**: Primarily used for retrieving data from a server. It is considered a "safe" and "idempotent" method, meaning it should not alter the server's state and repeated requests should yield the same result.
- **Data Handling**: Parameters are appended to the URL as a query string (e.g., example.com/search?query=python). This makes the data visible in the URL, browser history, and server logs.
- **Limitations**: Has a practical limit on the amount of data that can be sent due to URL length restrictions. Not suitable for sensitive data due to visibility.
Caching: GET requests are generally cacheable by browsers and proxy servers, improving performance for repeated requests.
# POST:
- **Purpose**: Primarily used for submitting data to a server to create or update resources. It is not considered "safe" or "idempotent" as it can change the server's state, and repeated requests might lead to different outcomes (e.g., creating multiple entries).
- **Data Handling**: Data is sent in the request body, not in the URL. This makes the data less visible and allows for larger amounts of data to be sent, including binary data like files.
- **Limitations**: Generally not cacheable.
Security: While data is not visible in the URL, POST requests are not inherently secure without encryption (HTTPS).
  
  

```
# In Python (using the requests library):
Python

import requests

# GET request example
response_get = requests.get('https://api.example.com/data', params={'id': 123})
print(f"GET status code: {response_get.status_code}")
print(f"GET response data: {response_get.json()}")

# POST request example
data_post = {'name': 'John Doe', 'email': 'john.doe@example.com'}
response_post = requests.post('https://api.example.com/users', json=data_post)
print(f"POST status code: {response_post.status_code}")
print(f"POST response data: {response_post.json()}")
```



9. How do you handle errors in Flask APIs?
   - Flask allows you to define custom error handlers to return meaningful responses when something goes wrong.
   Errors in Flask APIs are handled using custom error handlers with @app.errorhandler(), returning meaningful JSON responses and appropriate HTTP status codes.



```
# Example:

from flask import Flask, jsonify

app = Flask(__name__)

# Custom handler for 404 Not Found
@app.errorhandler(404)
def not_found(error):
    return jsonify({"error": "Resource not found"}), 404

# Custom handler for 500 Internal Server Error
@app.errorhandler(500)
def server_error(error):
    return jsonify({"error": "Internal server error"}), 500
```

 key point:
- Use @app.errorhandler(status_code) to handle specific HTTP errors.

 - Return a JSON response and proper HTTP status code.

- Helps clients understand what went wrong.


10. How do you connect Flask to a SQL database?
    - Flask can connect to SQL databases using the Flask-SQLAlchemy extension.

  Steps:

1. Install Flask-SQLAlchemy:



```
# pip install flask-sqlalchemy
```

2. Configure and connect in your Flask app:


```
# from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
# Database URI (example: SQLite)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

db = SQLAlchemy(app) # Initialize the database
```
3. Define a model (table structure):



```
# class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(50), nullable=False)

# Create tables
with app.app_context():
    db.create_all()
```
Key Points:

- SQLALCHEMY_DATABASE_URI defines the database connection.

- db.create_all() creates tables based on models.

- You can use db.session.add() and db.session.commit() to insert data.

In short:Flask connects to a SQL database using Flask-SQLAlchemy, by configuring SQLALCHEMY_DATABASE_URI, initializing SQLAlchemy(app), and defining models for database tables.




11.What is the role of Flask-SQLAlchemy?
   - Flask-SQLAlchemy is an extension for Flask that simplifies working with SQL databases.

It provides an Object Relational Mapper (ORM), allowing you to interact with the database using Python classes and objects instead of writing raw SQL queries.

 Key Roles:

1. Simplifies database operations (CRUD: Create, Read, Update, Delete).

2. Manages database connections and sessions automatically.

3. Provides models to define tables as Python classes.

4. Supports multiple databases (SQLite, MySQL, PostgreSQL, etc.).
 In short: Flask-SQLAlchemy provides an ORM for Flask, making it easy to work with databases using Python classes instead of raw SQL.


12.What are Flask blueprints, and how are they useful?
   - Flask Blueprints are a mechanism within the Flask web framework that allows for the organization of an application into modular, reusable components. Instead of defining all routes, templates, and static files directly within a single Flask application instance, blueprints encapsulate these elements into self-contained units.
 -  **Flask Blueprints are Useful:**
      - *Modularity and Organization*:
Blueprints enable the logical grouping of related functionalities, such as an authentication system, an administrative panel, or a user profile section. This breaks down a large application into smaller, more manageable parts, improving code readability and maintainability.
      - *Reusability*:
A significant advantage of blueprints is their reusability. A blueprint developed for a specific feature, like a contact form or a set of icons, can be easily integrated into multiple Flask applications without significant modification.
      - *Scalability*:
As an application grows, managing all its components in a single file becomes challenging. Blueprints facilitate scaling by allowing different teams or developers to work on distinct parts of the application concurrently without interfering with each other's code.
    - *Clear Separation of Concerns*:
Blueprints enforce a clear separation of concerns by allowing each module to manage its own routes, templates, and static files, leading to a more structured and understandable codebase.
     - *Simplified Development and Testing*:
With modular components, individual blueprints can be developed and tested in isolation before being registered with the main application, simplifying the development and debugging process.

13. What is the purpose of Flask's request object?
    - The request object in Flask represents the incoming HTTP request from a client. It is used to access data sent by the client, such as query parameters, form data, JSON payloads, headers, and cookies.
    Common Uses:
 from flask import Flask, request, jsonify
 app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit():
   

```
# Access JSON data from POST request
    data = request.json
    # Access query parameters
    param = request.args.get('param')
    # Access form data
    name = request.form.get('name')
    return jsonify({"received_data": data, "param": param, "name": name})
```
Key Points:

- request.args → query parameters in URL

- request.form → form data from HTML forms

- request.json → JSON body

- request.headers → HTTP headers


14.How do you create a RESTful API endpoint using Flask?
   - A RESTful API endpoint is created by defining a route in Flask and specifying HTTP methods.

The endpoint usually returns JSON responses using jsonify().
Example:


```
# from flask import Flask, jsonify, request

app = Flask(__name__)

# GET endpoint
@app.route('/api/users', methods=['GET'])
def get_users():
    users = [{"id": 1, "name": "Alice"}, {"id": 2, "name": "Bob"}]
    return jsonify(users)

# POST endpoint
@app.route('/api/users', methods=['POST'])
def create_user():
    data = request.json
    return jsonify({"message": "User created", "user": data}), 201
```
Key Points:

- Use @app.route('/endpoint', methods=[...]) to define the endpoint.

- Use request to access incoming data (for POST, PUT, PATCH).

- Use jsonify() to return JSON responses.

- Return proper HTTP status codes (e.g., 200, 201, 400).



15.What is the purpose of Flask's jsonify() function?
  - The jsonify() is used to convert Python data structures (dict, list) into a JSON response.It automatically sets the Content-Type header to application/json, which tells the client that the response is JSON.
Example:


```
# from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {"name": "Alice", "age": 25}
    return jsonify(data) # returns JSON response
```

Key Points:

- Makes API responses standardized and client-friendly.
- Can also include HTTP status codes:
- return jsonify({"message": "Created"}), 201

16.Explain Flask’s url_for() function.
   - In Flask, the url_for() function is a powerful helper function used to dynamically build URLs for specific functions or static files within your application. Flask’s url_for() Function url_for() is used to generate URLs dynamically for routes in a Flask application.Instead of hardcoding URLs, you pass the function name (endpoint) and any required parameters.
This makes your app more flexible — if routes change, you don’t need to update links everywhere.



```
# from flask import render_template

@app.route('/dashboard')
def dashboard():
    return render_template('dashboard.html')

In templates/dashboard.html:

<a href="{{ url_for('home') }}">Go to Home</a>
<a href="{{ url_for('profile', username='Alice') }}">Alice's Profile</a>

```
In short: The url_for() function in Flask is used to generate URLs dynamically for routes by referring to the function name instead of hardcoding paths. This improves maintainability and avoids broken links when routes change.



17.How does Flask handle static files (CSS, JavaScript, etc.)?  
   -Flask automatically serves static files (like CSS, JavaScript, images) from a folder named static.
We can reference these files in templates using url_for('static', filename='...').

Example:
```
# Folder structure:

project/
│
├── app.py
├── static/
│ ├── style.css
│ └── script.js
└── templates/
    └── index.html

In index.html:

<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
<script src="{{ url_for('static', filename='script.js') }}"></script>
```
Key Points:

- static/ is the default folder for static files.

- url_for('static', filename='...') generates the correct URL.

- Helps serve front-end assets efficiently without writing custom routes.

In short: Flask serves static files from the static/ folder, and url_for('static', filename='...') is used to reference them in templates.



18.What is an API specification, and how does it help in building a Flask API?
   - An API specification is a formal blueprint describing how an API works.

It defines:

Endpoints and URLs

HTTP methods (GET, POST, etc.)

Request parameters and body

Response formats and status codes

Authentication requirements

 It helps in Flask API development:
  -  Clarity & Consistency – Backend and frontend developers know exactly how the API behaves.

 - Documentation & Testing – Tools like Swagger/OpenAPI can generate docs and test endpoints automatically.

- Reduces Errors – Ensures correct input/output formats and HTTP status codes.

-  Speeds Development – Provides a blueprint for coding Flask routes and responses.


19. What are HTTP status codes, and why are they important in a Flask API?
   - HTTP status codes are 3-digit codes sent by the server in response to a client request.
They indicate whether the request was successful, failed, or requires further action.

 - Common Status Codes:

Code Meaning Example in Flask

200 OK (success) Returning data successfully
201 Created Resource created via POST
400 Bad Request Invalid input sent by client
401 Unauthorized Authentication required
404 Not Found Requested resource does not exist
500 Internal Server Error Server-side error

 - **Its Importance in Flask API:**

    - Communicates success or failure to clients.
    - Helps debug issues and handle responses programmatically.
     - Ensures RESTful principles are followed.
 In short: HTTP status codes are numeric responses from the server indicating success, failure, or errors, and they are important for communicating request results in a Flask API.


20.How do you handle POST requests in Flask?
   - POST requests are used to send data to the server to create a resource.

Flask handles POST data using the request object.
Example:


```
# from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/api/users', methods=['POST'])
def create_user():
    data = request.json # Get JSON data from request body
    # Example: {"name": "Alice", "age": 25}
    # You could save data to database here
    return jsonify({"message": "User created", "user": data}), 201
```
Key Points:

- Use methods=['POST'] in @app.route().

- Access request data with request.json (JSON) or request.form (form data).

- Return JSON response using jsonify() and appropriate status code (e.g., 201 for creation).


21. How would you secure a Flask API?
    - Securing a Flask API ensures that only authorized clients can access resources and that data remains safe.

 - ** Common Security Measures:**

1. Authentication & Authorization:
Use JWT (JSON Web Tokens) or OAuth2 to verify users.
Example: Only logged-in users can access certain endpoints.

2. HTTPS / SSL:
Encrypt data in transit using HTTPS instead of HTTP.

3. Input Validation & Sanitization:
Prevent attacks like SQL Injection or XSS by validating user input.

4. Rate Limiting:
Prevent abuse by limiting the number of requests per client.

5. CORS (Cross-Origin Resource Sharing):
Control which domains can access your API.


6. Secure Headers:
Use libraries like Flask-Talisman to add security headers.

 In short: A Flask API can be secured using authentication, HTTPS, input validation, rate limiting, CORS, and secure headers to protect data and restrict access.


22. What is the significance of the Flask-RESTful extension?
    - Flask-RESTful is an extension for building REST APIs in Flask more easily.

It provides tools for creating API resources, handling requests, and formatting responses.

 **Key Features:**

 -  Resource Classes: Define endpoints as Python classes.

 -  Request Parsing: Simplifies extracting and validating input data.

-  Automatic JSON Response: Converts dictionaries to JSON.

-  Error Handling: Built-in support for common API errors.
 In short: Flask-RESTful simplifies building REST APIs in Flask by providing resource classes, request parsing, JSON responses, and error handling, making API development faster and clean.

23. What is the role of Flask’s session object?
   -  The Role of Flask’s session Object
The session object in Flask is used to store data specific to a user across multiple requests.
It allows you to remember information like login status, user preferences, or temporary data without storing it in the URL.
Data in session is stored on the client-side in a secure, signed cookie, preventing tampering.
 Example:

```
# from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = "mysecretkey" # required for session security

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    session['username'] = username # store user in session
    return f"Logged in as {username}"

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Welcome, {session['username']}!"
    else:
        return "You are not logged in."
```

Key Points:

- session['key'] = value → store data

- session.pop('key', None) → remove data

- Requires app.secret_key for security

Data persists across requests until the user closes the browser or the session is cleared

 In short: The session object in Flask is used to store user-specific data across requests in a secure cookie, enabling features like login sessions and user preferences.





#Practical

1.How do you create a basic Flask application?

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)

2.How do you serve static files like images or CSS in Flask?

In [None]:
# Serve Images / CSS from static/ folder

# Project structure:

flask_static_demo/
 ├── app.py
 ├── static/
 │ ├── logo.png
 │ └── style.css
 └── templates/
     └── index.html

app.py

from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template("index.html")
    if __name__ == '__main__':
    app.run(debug=True)

templates/index.html

<!DOCTYPE html>
<html>
<head>
    <title>Static File Example</title>
    <!-- Linking CSS from static folder -->
    <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
</head>
<body>
    <h1>Serving Static Files in Flask</h1>

    <!-- Loading image from static folder -->
    <img src="{{ url_for('static', filename='logo.png') }}" alt="Logo" width="200">
</body>
</html>

 Run → Visit http://127.0.0.1:5000/ → You’ll see the image and CSS applied.

3.How do you define different routes with different HTTP methods in Flask?

In [None]:
from flask import request

@app.route('/submit', methods=['GET', 'POST'])
def submit():
    if request.method == 'POST':
        return "Form Submitted!"
    else:
        return "Please submit the form."

4. How do you render HTML templates in Flask?

In [None]:
from flask import render_template

@app.route('/home')
def home():
    return render_template('index.html') # index.html in templates/

5. How can you generate URLs for routes in Flask using url_for?

In [None]:
from flask import url_for

@app.route('/profile/<username>')
def profile(username):
    return f"Profile page of {username}"

with app.test_request_context():
    print(url_for('profile', username='Alice')) # Output: /profile/Alice

6. How do you handle forms in Flask?

In [None]:
from flask import request

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        return f"Welcome {username}"
    return '''
        <form method="post">
            <input type="text" name="username">
            <input type="submit" value="Login">
        </form>
    '''

7. How can you validate form data in Flask?

In [None]:
@app.route('/register', methods=['POST'])
def register():
    username = request.form.get('username')
    if not username:
        return "Username required", 400
    return f"Registered {username}"


8. How do you manage sessions in Flask?

In [None]:
from flask import session

app.secret_key = "mysecret"

@app.route('/set')
def set_session():
    session['user'] = 'Alice'
    return "Session set!"

@app.route('/get')
def get_session():
    return session.get('user', 'Not logged in')


9.How do you redirect to a different route in Flask?

In [None]:
from flask import redirect, url_for

@app.route('/old')
def old():
    return redirect(url_for('new'))

@app.route('/new')
def new():
    return "New Page"

10.How do you handle errors in Flask (e.g., 404)?

In [None]:
@app.errorhandler(404)
def page_not_found(e):
    return "Custom 404 Page", 404

11. How do you structure a Flask app using Blueprints?

In [None]:
from flask import Blueprint

auth_bp = Blueprint('auth', __name__)

@auth_bp.route('/login')
def login():
    return "Login Page"

# Register in app
app.register_blueprint(auth_bp, url_prefix='/auth')

12. How do you define a custom Jinja filter in Flask?

In [None]:
@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

@app.route('/show')
def show():
    return render_template('show.html', text="Flask")

In show.html:

<p>{{ text|reverse }}</p>  <!-- Output: ksalf -->

13. How can you redirect with query parameters in Flask?

In [None]:
@app.route('/go')
def go():
    return redirect(url_for('target', q='hello'))

@app.route('/target')
def target():
    return f"Query param: {request.args.get('q')}"



14.How do you return JSON responses in Flask?

In [None]:
from flask import jsonify

@app.route('/api/data')
def data():
    return jsonify({"name": "Alice", "age": 25})


15.How do you capture URL parameters in Flask?

In [None]:
@app.route('/user/<int:id>')
def user_profile(id):
    return f"User ID: {id}"

Visiting /user/10 → Output: User ID: 10