# Restful API & Flask

1. What is a RESTful API?
 - A RESTful API (Representational State Transfer API) is a type of web API that follows the principles of REST architecture, which is a set of constraints for building scalable web services. RESTful APIs use standard HTTP methods to perform operations on resources, typically represented in formats like JSON or XML.

2.  Explain the concept of API specification?
 - An API specification is a detailed, formal document that defines how an API behaves and how developers can interact with it. It acts as a contract between the API provider and the API consumer, outlining exactly what requests are allowed, how they should be structured, and what responses to expect.

3. What is Flask, and why is it popular for building APIs?
 - Flask is a lightweight and flexible Python web framework that’s commonly used to build web applications and RESTful APIs. It's known for being simple, easy to get started with, and highly extensible.

Why Flask is Popular for Building APIs:
- Lightweight and Minimal
Flask doesn’t force any particular project structure or tools, so you can build exactly what you need — no more, no less.

- Easy to Learn and Use
Its syntax and concepts are straightforward, making it ideal for beginners and quick development.

- Excellent for RESTful APIs
Flask makes it easy to define endpoints, handle JSON data, and use HTTP methods.

-  Rich Ecosystem and Extensions
There are many Flask extensions (like Flask-RESTful, Flask-JWT, and Flask-SQLAlchemy) that add functionality when you need it.

- Great for Prototyping and Microservices
Fast setup and small footprint make Flask perfect for rapid prototyping or building microservices.

4.  What is routing in Flask?
 - Routing in Flask refers to the process of mapping URLs (routes) to Python functions that handle the requests. In other words, routing defines what happens when a user accesses a specific URL in your Flask application.

5.  How do you create a simple Flask application?
 - Creating a simple Flask application is straightforward. Here’s a step-by-step guide to build and run your first basic Flask app.

✅ Step 1: Install Flask
Make sure Python is installed, then install Flask using pip:

pip install flask

✅ Step 2: Create the Flask App
Create a file named app.py (you can name it anything).

python
# app.py
from flask import Flask

app = Flask(__name__)  # Create the Flask application

@app.route('/')  # Define the route for the homepage
def home():
    return "Hello, Flask!"  # Return a simple response

if __name__ == '__main__':
    app.run(debug=True)  # Start the server in debug mode

✅ Step 3: Run the Application
In the terminal, run:

bash
python app.py
You should see output like:

csharp
 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Open your browser and go to http://127.0.0.1:5000/ — you’ll see "Hello, Flask!"

6. What are HTTP methods used in RESTful APIs?
 - In RESTful APIs, HTTP methods (also called HTTP verbs) define the type of operation to be performed on resources. These methods correspond to the basic CRUD (Create, Read, Update, Delete) operations.

Here are the main HTTP methods used in RESTful APIs:

🔹 1. GET
Purpose: Retrieve data from the server.

Used For: Reading a resource or a list of resources.

Safe and idempotent (does not modify the resource).

Example:
GET /users → Get a list of users
GET /users/123 → Get user with ID 123

🔹 2. POST
Purpose: Create a new resource.

Used For: Submitting data to be processed.

Not idempotent (multiple requests can create multiple resources).

Example:
POST /users → Create a new user with data in the request body

🔹 3. PUT
Purpose: Update a resource completely.

Used For: Replacing an existing resource with new data.

Idempotent (same request yields the same result).

Example:
PUT /users/123 → Replace the entire user data for user with ID 123

🔹 4. PATCH
Purpose: Partially update a resource.

Used For: Updating only specified fields.

Idempotent, like PUT.

Example:
PATCH /users/123 → Update only the email field of user 123

🔹 5. DELETE
Purpose: Remove a resource.

Used For: Deleting data.

Idempotent.

Example:
DELETE /users/123 → Delete user with ID 123

7.  What is the purpose of the @app.route() decorator in Flask?
 -  Purpose of @app.route():

- Defines Routes

Maps specific URLs to Python functions (called view functions).

- Handles HTTP Requests

You can specify which HTTP methods (GET, POST, etc.) a route should accept:

python
@app.route('/submit', methods=['POST'])
def submit():
    return "Form submitted!"
Supports Dynamic URLs
Allows variables in the route:

python
@app.route('/user/<username>')
def greet_user(username):
    return f"Hello, {username}!"

8.  What is the difference between GET and POST HTTP methods?
 - The GET and POST HTTP methods are two of the most commonly used methods in web development, especially in RESTful APIs and web forms. They serve different purposes and have key differences in how they send data and how they're used.

 🔹 GET Method

  Purpose:
Retrieve (read) data from the server.

 Characteristics:

Data is sent in the URL as query parameters.

Example: GET /search?query=flask

Idempotent: Making the same request multiple times gives the same result.

Safe: It does not modify any data on the server.

Cached by browsers: Responses can be stored and reused.

Bookmarkable: URLs with query parameters can be saved and shared.

Limited data size (because of URL length limits).


POST Method

Purpose:
Submit (create or send) data to the server.


Characteristics:

Data is sent in the request body, not in the URL.

Not idempotent: Making the same request multiple times can have side effects (like creating multiple records).

Used to change server state (e.g., create a new user, submit a form).

Not cached by default.

Supports larger payloads than GET.

9. How do you handle errors in Flask APIs?
 - Handling errors in Flask APIs is important to ensure your application responds gracefully and communicates issues clearly to clients. Flask provides multiple ways to handle errors, both automatically and customized.

10.  How do you connect Flask to a SQL database?
 - To connect Flask to a SQL database, you typically use a library like SQLAlchemy, which is a powerful Object-Relational Mapper (ORM) for Python. Flask also provides an integration layer called Flask-SQLAlchemy to simplify this process.


 ✅ Step-by-Step: Connecting Flask to a SQL Database

🔹 1. Install Flask and Flask-SQLAlchemy
Use pip:

bash
pip install flask flask-sqlalchemy

🔹 2. Set Up Your Flask App and Database
Create a file called app.py:

python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)

# Configure the database URI (here using SQLite)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///mydatabase.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

# Initialize the database object
db = SQLAlchemy(app)

🔹 3. Define Your Models (Tables)
python
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(100), nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)

    def __repr__(self):
        return f'<User {self.name}>'

🔹 4. Create the Database Tables
Run this once to create your database file and tables:

python
with app.app_context():
    db.create_all()

🔹 5. Add and Query Data
python
@app.route('/add_user')
def add_user():
    user = User(name='Alice', email='alice@example.com')
    db.session.add(user)
    db.session.commit()
    return f"Added user {user.name}"

@app.route('/users')
def get_users():
    users = User.query.all()
    return { "users": [user.name for user in users] }

11. What is the role of Flask-SQLAlchemy?
 - Role of Flask-SQLAlchemy:

- Integrates SQLAlchemy with Flask

It bridges SQLAlchemy and Flask, making it easy to set up database connections and use ORM features within Flask apps.

- Simplifies Configuration

Handles common Flask-specific setup like configuration from Flask’s app.config and managing the application context.

- Provides ORM Capabilities

Lets you define Python classes (models) that map to database tables, enabling you to interact with the database using Python objects instead of raw SQL.

- Manages Database Sessions

Takes care of creating and managing database sessions, so you don’t have to manually manage connections or transactions.

- Supports Multiple Databases

Works seamlessly with SQLite, PostgreSQL, MySQL, and more, through SQLAlchemy’s dialect system.

- Facilitates Database Migrations

When combined with tools like Flask-Migrate, it supports smooth schema migrations.

12. What are Flask blueprints, and how are they useful?
 - Flask Blueprints are a way to organize your Flask application into smaller, reusable, and modular components. Think of them as mini applications or “sub-apps” that group related routes, templates, and static files.

Why Are Blueprints Useful?

- Modularity

Split your app into distinct modules, e.g., auth, blog, admin, each with its own routes.


- Code Reusability

Blueprints can be reused across different projects or shared within a project.

- Simplifies Large Projects

Keeps the codebase clean and maintainable.

- Supports Multiple Instances

You can register the same blueprint multiple times with different URL prefixes.

13. What is the purpose of Flask's request object?
 - Purpose of Flask’s request object:

It allows you to access all data sent by the client as part of the request, including:

- Request data (form data, JSON, query parameters)

- HTTP method (GET, POST, etc.)

- Headers (e.g., content type, authorization)

- Cookies

- Files uploaded via forms

- URL information

14.  How do you create a RESTful API endpoint using Flask?
 - Creating a RESTful API endpoint in Flask involves defining routes that respond to HTTP methods (GET, POST, PUT, DELETE) and returning data (usually JSON) in a structured way.

 How it works:

- GET /api/items — Returns all items.

- POST /api/items — Creates a new item (expects JSON body like {"name": "New Item"}).

- GET /api/items/<item_id> — Returns item by id.

- PUT /api/items/<item_id> — Updates the item by id.

- DELETE /api/items/<item_id> — Deletes the item by id.

15. What is the purpose of Flask's jsonify() function?
 - Flask's jsonify() function is used to convert Python data structures into a JSON-formatted HTTP response that Flask can send back to the client.

Why use jsonify()?

- Automatic JSON conversion: It takes Python dictionaries, lists, or other serializable objects and converts them into a JSON string.

- Sets the correct content-type: It automatically sets the HTTP response header Content-Type to application/json, so the client knows the response is JSON.

- Handles encoding: It takes care of properly encoding Unicode and special characters.

- Creates a Flask Response object: So you don't have to manually create the response.

16. Explain Flask’s url_for() function?
 - Flask’s url_for() function is a very handy utility that helps you build URLs dynamically for your Flask routes (endpoints) based on the function name, rather than hardcoding the URL paths as strings.

 What does url_for() do?

- Takes the name of a view function (the function that handles a route) and generates the corresponding URL.

- You can also pass keyword arguments to fill in dynamic parts of the URL.

- This makes your code more maintainable because if you ever change the URL pattern of a route, you don’t have to search and replace URLs everywhere — just the route decorator.

17. How does Flask handle static files (CSS, JavaScript, etc.)?
 - Flask has built-in support for serving static files like CSS, JavaScript, images, and other assets.

How Flask handles static files:
- Default folder:

By convention, Flask looks for static files in a folder named static located at the root of your Flask project (next to your main app file).

- Accessing static files:
Static files inside the static folder are served automatically under the /static URL path.

- Referencing static files in templates:
You should use Flask’s url_for() to generate URLs for static files, so the URLs are always correct regardless of deployment path.

18. What is an API specification, and how does it help in building a Flask API?
 - An API specification is a formal, structured document that defines how an API behaves, what endpoints it offers, what inputs it expects, and what outputs it returns. It acts as a blueprint or contract between the API provider and consumers (developers, applications).

 How does an API specification help when building a Flask API?

- Clear contract:

It clearly defines what your API should do, making implementation focused and consistent.

- Design-first development:

You can design the API spec first, then implement the Flask endpoints to match it.

- Documentation:

The spec can be used to automatically generate interactive API docs (e.g., Swagger UI) for users and testers.

- Client generation:

Tools can generate client libraries in multiple languages from the spec, easing integration.

- Validation:

You can validate incoming requests and outgoing responses against the spec to ensure correctness.

- Collaboration:

Helps backend developers, frontend developers, testers, and other stakeholders stay aligned.

19. What are HTTP status codes, and why are they important in a Flask API?
 - HTTP status codes are standardized 3-digit numbers sent by a server in response to an HTTP request. They indicate the outcome of the request—whether it succeeded, failed, or something else.

Why are HTTP status codes important in a Flask API?

They communicate the result of the client’s request clearly and consistently.


Help clients understand what happened (e.g., success, error, redirect).


Allow clients to handle responses properly (e.g., retry, show error message, redirect).


Make debugging and monitoring easier by providing meaningful responses.
?
20. How do you handle POST requests in Flask?
 - Handling POST requests in Flask involves a few key steps:

- Define a route with the methods=['POST'] parameter.

- Access the request data sent by the client using request from flask.

- Process the data (e.g., validate, save to a database).

- Return a response (usually JSON) with an appropriate status code.

21. How would you secure a Flask API?
 - Securing a Flask API involves multiple layers and practices to protect your app from unauthorized access, data breaches, and common web vulnerabilities. Here’s a broad overview with actionable steps:

- Use Authentication & Authorization
- Use HTTPS
- Validate and Sanitize Input
- Rate Limiting
- Handle CORS Carefully
- Error Handling
- Keep Dependencies Updated
- Secure Configuration
- Use Security Headers
- Logging and Monitoring

22.  What is the significance of the Flask-RESTful extension?
 - Significance of Flask-RESTful:

- Simplifies API resource routing:

Instead of manually writing route handlers for each HTTP method, Flask-RESTful introduces the concept of Resource classes where you define methods like get(), post(), put(), delete() inside a class, and it handles routing automatically.

- Built-in request parsing:

It includes reqparse to easily parse and validate incoming request arguments (query parameters, JSON body, headers).

- Improved organization:

Encourages clean and modular code by organizing endpoints as classes.

- Automatic output formatting:

Automatically converts Python dictionaries returned by resource methods into JSON responses.

- Supports HTTP status codes:

Makes it easy to return custom status codes along with responses.

- Error handling:

Provides useful error handling utilities.

- Extensible:

Works well with Flask extensions like Flask-JWT, Flask-SQLAlchemy, etc.

23. What is the role of Flask’s session object?
 - Flask’s session object provides a way to store data specific to a user across multiple requests in a secure, signed cookie.
 It's a dictionary-like object that allows you to save user-specific information (like login status, preferences, shopping cart contents).

Data stored in session is stored client-side in a cookie but cryptographically signed to prevent tampering.

The cookie data is encrypted (signed) using the app’s secret key, so users cannot modify it without detection.



# Practical

1.  How do you create a basic Flask application?
 - Creating a basic Flask application is simple and quick. Here’s a step-by-step guide:

- Install Flask
If you haven’t already installed Flask, run:

bash
pip install Flask
- Create a simple Flask app
Create a new Python file, e.g., app.py, and add the following code:

python
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)
- Run the Flask app
Run the app from your terminal:

bash
python app.py
You should see output like:

csharp

 Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
- Test it
Open your browser and go to http://127.0.0.1:5000/, and you will see:

Hello, Flask!

2. How do you serve static files like images or CSS in Flask?
 - Flask serves static files (like images, CSS, JavaScript) automatically from a folder named static in your project.

How to serve static files in Flask:

Create a folder named static at the root of your Flask project (where your main app file is).

Put your static files inside this folder, for example:

bash
/your-flask-app
    /static
        /css
            style.css
        /images
            logo.png
    app.py
Reference static files in your HTML or templates using url_for('static', filename=...):

Example in an HTML template:

html
<link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">
<img src="{{ url_for('static', filename='images/logo.png') }}" alt="Logo">
Access static files via URL:

If you run your Flask app locally, style.css will be available at:

ruby
http://127.0.0.1:5000/static/css/style.css

3. How do you define different routes with different HTTP methods in Flask?
 - In Flask, you can define different routes and handle specific HTTP methods like GET, POST, PUT, DELETE by:

- Using @app.route() with the methods parameter
Here’s a basic example:

python
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/hello', methods=['GET'])
def get_hello():
    return "Hello with GET!"

@app.route('/hello', methods=['POST'])
def post_hello():
    data = request.get_json()
    return jsonify({"message": f"Hello {data['name']}!"}), 201
In this example:

A GET request to /hello returns a plain message.

A POST request to /hello returns a personalized response from the request body.

- Handling multiple methods in the same function

You can also handle multiple HTTP methods in a single route function using request.method:

python
@app.route('/user', methods=['GET', 'POST'])
def handle_user():
    if request.method == 'GET':
        return "Fetching user info..."
    elif request.method == 'POST':
        data = request.get_json()
        return jsonify({"created": data}), 201

- Using Flask-RESTful (alternative approach)

With Flask-RESTful, you define a Resource class and implement different HTTP method functions (get, post, etc.):

python
from flask_restful import Resource, Api
from flask import Flask, request

app = Flask(__name__)
api = Api(app)

class Hello(Resource):
    def get(self):
        return {"message": "GET method"}

    def post(self):
        data = request.get_json()
        return {"message": f"Hello {data['name']}"}, 201

api.add_resource(Hello, '/hello')

4.  How do you render HTML templates in Flask?
 - In Flask, you render HTML templates using the render_template() function and the Jinja2 templating engine. This allows you to separate your Python logic from HTML and pass dynamic data to your web pages.


5. How can you generate URLs for routes in Flask using url_for?
 - In Flask, you use the url_for() function to dynamically generate URLs for your routes based on the function name, not hardcoded paths. This ensures your app remains maintainable and flexible if routes change.

6. How do you handle forms in Flask?
 - Handling forms in Flask involves these key steps:

- Create an HTML Form

Place this in a template file, e.g. templates/form.html:

html
<!DOCTYPE html>
<html>
<head><title>Form Example</title></head>
<body>
    <form method="POST" action="{{ url_for('handle_form') }}">
        Name: <input type="text" name="name"><br>
        Age: <input type="number" name="age"><br>
        <input type="submit" value="Submit">
    </form>
</body>
</html>

- Set Up Flask Route to Display and Handle the Form
python
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def handle_form():
    if request.method == 'POST':
        name = request.form['name']
        age = request.form['age']
        return f"Received: {name}, {age}"
    return render_template('form.html')

if __name__ == '__main__':
    app.run(debug=True)

7. How can you validate form data in Flask?
 - Manual Validation with request.form

This is the simplest way, using basic Python checks:

python
from flask import Flask, request, render_template_string

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def basic_form():
    error = None
    if request.method == 'POST':
        name = request.form.get('name', '').strip()
        age = request.form.get('age', '')

        if not name:
            error = 'Name is required.'
        elif not age.isdigit():
            error = 'Age must be a number.'
        else:
            return f"Hello {name}, age {age}"

    return render_template_string("""
        <form method="POST">
            Name: <input name="name"><br>
            Age: <input name="age"><br>
            <input type="submit">
        </form>
        {% if error %}<p style="color:red;">{{ error }}</p>{% endif %}
    """, error=error)

8. How do you manage sessions in Flask?
 - In Flask, sessions are used to store data across requests for individual users. Flask manages sessions using secure cookies, which are signed (not encrypted) and stored on the client side.

9. How do you redirect to a different route in Flask?
 - n Flask, you can redirect a user to a different route using the redirect() function along with url_for() to dynamically generate the target URL.

10. How do you handle errors in Flask (e.g., 404)?
 - In Flask, you can handle errors like 404 (Not Found) or 500 (Internal Server Error) using custom error handler functions with the @app.errorhandler() decorator.

- Example: Handling 404 Errors

python
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def not_found(error):
    return render_template('404.html'), 404      

11.  How do you structure a Flask app using Blueprints?
 - Using Blueprints in Flask helps you organize a large application into reusable and modular components. Each blueprint can represent a part of your app (e.g., user, admin, API) with its own routes, templates, and static files.

12. How do you define a custom Jinja filter in Flask?
 - In Flask, you can define a custom Jinja filter to transform values in your templates. This is useful when you want to add custom formatting or logic that's not already provided by Jinja's built-in filters.

13. How can you redirect with query parameters in Flask?
 - To redirect with query parameters in Flask, you can use redirect() together with url_for(), passing the query parameters as keyword arguments.

- Example: Redirect with Query Parameters
python
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    # Redirect to /search with query params ?q=flask&page=2
    return redirect(url_for('search', q='flask', page=2))

@app.route('/search')
def search():
    from flask import request
    query = request.args.get('q')
    page = request.args.get('page')
    return f"Search results for '{query}', page {page}"


14.  How do you return JSON responses in Flask?
 - In Flask, to return JSON responses you can use the jsonify() function, which formats your data as JSON and sets the correct Content-Type header (application/json).

15.  How do you capture URL parameters in Flask?
 - In Flask, you capture URL parameters by defining variable parts in your route URL using angle brackets < >. These parameters are then passed as arguments to your view function.

- Basic URL Parameter Capture

python
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def show_user(username):
    return f"User: {username}"
