# 📘 RESTful API & Flask – Assignment

---

## 🔹 Part 1: Theory


**Q1. What is a RESTful API?**

A RESTful API (Representational State Transfer API) is a way of designing web services that follows REST principles.
- Uses standard HTTP methods like **GET, POST, PUT, PATCH, DELETE**.
- Treats data as **resources** identified by URLs (e.g., `/users/7`).
- **Stateless**: each request contains all information needed; the server doesn’t remember previous requests.
- Benefits: simple, scalable, and widely supported across platforms.

**Q2. Explain the concept of API specification.**

An API specification is like an instruction manual or **contract** that explains how to use an API.
It includes:
- **Endpoints** (URLs) and their purposes
- **HTTP methods** allowed (GET/POST/PUT/DELETE…)
- **Parameters** and **request/response** formats (usually JSON)
- **Authentication** rules and **error codes** with examples
Popular formats/tools: **OpenAPI/Swagger**, Postman Collections. Specs help teams build and use APIs consistently.

**Q3. What is Flask, and why is it popular for building APIs?**

**Flask** is a lightweight Python web framework.
Why it’s popular:
- **Minimal & flexible** – start small, add only what you need
- **Easy to learn** – great for beginners
- **Rich ecosystem** – many extensions (Flask‑SQLAlchemy, Flask‑RESTful, Flask‑JWT‑Extended, etc.)
- Perfect for **quick prototypes** and **small/medium REST APIs**

**Q4. What is routing in Flask?**

Routing is the process of **mapping a URL path to a Python function**.
Example: visiting `/hello` triggers a function that returns a page or JSON.
In Flask this is done using the `@app.route()` decorator.

**Q5. How do you create a simple Flask application?**

Basic steps:
1) `from flask import Flask`  
2) Create an app: `app = Flask(__name__)`  
3) Register routes with `@app.route()`  
4) Run using `app.run(debug=True)` (when running as a script)

**Q6. What are HTTP methods used in RESTful APIs?**

- **GET** → read data
- **POST** → create new data
- **PUT** → replace/update entire resource
- **PATCH** → partial update
- **DELETE** → remove data
(Also: **HEAD**, **OPTIONS** are used for metadata and capability checks.)

**Q7. What is the purpose of the @app.route() decorator in Flask?**

`@app.route()` **binds a URL** (like `/users`) to a **function**.
When a user visits that URL, Flask runs the function and returns its response.

**Q8. What is the difference between GET and POST HTTP methods?**

- **GET**: retrieves data, parameters appear in the URL query string (e.g., `?page=2`). Not suitable for sensitive data. Cacheable.
- **POST**: sends data in the **request body**. Used to create or submit forms. Better for sensitive data. Not cached by default.

**Q9. How do you handle errors in Flask APIs?**

Use custom error handlers and return **JSON responses** with proper **HTTP status codes**:
- `@app.errorhandler(404)` → resource not found
- `@app.errorhandler(400)` → bad request (validation errors)
- `@app.errorhandler(500)` → server error
Also validate inputs and handle exceptions with `try/except`.

**Q10. How do you connect Flask to a SQL database?**

- Install and configure **Flask‑SQLAlchemy**.
- Set `SQLALCHEMY_DATABASE_URI` (e.g., `sqlite:///app.db` or a PostgreSQL URL).
- Create models as Python classes, then create tables and use sessions to read/write data.

**Q11. What is the role of Flask‑SQLAlchemy?**

It integrates SQLAlchemy (an ORM) with Flask, letting you work with the database using **Python classes** instead of writing raw SQL. It manages connections, sessions, and migrations (with Flask‑Migrate).

**Q12. What are Flask blueprints, and how are they useful?**

**Blueprints** help break a large app into **modular parts** (e.g., `auth`, `users`, `admin`).
Benefits: cleaner structure, reusable components, easier teamwork and testing. You register blueprints on the main app with optional URL prefixes like `/api`.

**Q13. What is the purpose of Flask’s request object?**

`flask.request` gives access to everything the client sent:
- **Query params**: `request.args`
- **Form data**: `request.form`
- **JSON body**: `request.get_json()` or `request.json`
- **Headers/Cookies/Files**: `request.headers`, `request.cookies`, `request.files`

**Q14. How do you create a RESTful API endpoint using Flask?**

Define a route, specify allowed methods, read inputs from `request`, and return JSON with a status code using `jsonify(...), 200`.

**Q15. What is the purpose of Flask’s jsonify() function?**

`jsonify()` converts Python dicts/lists to a **proper JSON HTTP response** with the right `Content‑Type: application/json` header.

**Q16. Explain Flask’s url_for() function.**

`url_for('function_name', **params)` **builds URLs dynamically** from route names. It avoids hardcoding paths and updates automatically if routes change. Useful in templates and redirects.

**Q17. How does Flask handle static files (CSS, JavaScript, etc.)?**

Files placed in the **`static/`** folder are served automatically at `/static/<filename>`. In templates, use `{{ url_for('static', filename='style.css') }}` to link CSS/JS/images.

**Q18. What is an API specification, and how does it help in building a Flask API?**

It’s the **formal description** of your API (endpoints, parameters, schemas, errors, auth). It helps:
- Backend devs implement consistent behavior
- Frontend/mobile devs integrate correctly
- Testers and stakeholders understand expectations
- Auto‑generate docs and client SDKs (with OpenAPI/Swagger)

**Q19. What are HTTP status codes, and why are they important in a Flask API?**

They are **numeric results** returned with responses:
- **2xx** success (200 OK, 201 Created)
- **4xx** client errors (400 Bad Request, 401 Unauthorized, 404 Not Found)
- **5xx** server errors (500 Internal Server Error)
They help clients understand whether a request succeeded and how to react to errors.

**Q20. How do you handle POST requests in Flask?**

Allow the `POST` method in `@app.route(..., methods=['POST'])`. Read data with `request.form` (HTML form) or `request.get_json()` (JSON API). Validate inputs, then return `jsonify(...)` with a proper status code (often `201 Created`).

**Q21. How would you secure a Flask API?**

- **HTTPS** everywhere
- **Authentication/Authorization** (JWT, OAuth 2.0, API keys)
- **Input validation & sanitization** (avoid injection attacks)
- **Rate limiting** (e.g., Flask‑Limiter)
- **CORS** configuration (Flask‑CORS) if needed
- **Secrets management** & environment variables
- **Error handling** that doesn’t leak internals

**Q22. What is the significance of the Flask‑RESTful extension?**

Flask‑RESTful provides a **Resource** class and helpful utilities to build REST endpoints cleanly with methods like `.get()`, `.post()`, `.put()`, `.delete()`, plus request parsing and error handling helpers.

**Q23. What is the role of Flask’s session object?**

`flask.session` stores **per‑user data** (e.g., login info) in a signed cookie between requests. You must set `app.secret_key`. For server‑side sessions, use extensions like Flask‑Session.

---

## 🔹 Part 2: Practical

📝 Note: These are **assignment‑ready code listings** (e.g., `app.py`, `models.py`, etc.).
They are shown here for demonstration and may not be executed directly inside the notebook.


**Q1. How do you create a basic Flask application?**

```python
# app.py
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)
```

**Q2. How do you serve static files like images or CSS in Flask?**

```python
# Folder structure:
# - app.py
# - static/
#     - style.css
#     - logo.png

from flask import Flask

app = Flask(__name__)

@app.route('/')
def index():
    # In templates you'd typically use url_for('static', filename=...)
    # For a quick demo string:
    return '<link rel="stylesheet" href="/static/style.css"><h1>Welcome</h1><img src="/static/logo.png" />'

if __name__ == '__main__':
    app.run(debug=True)
```

**Q3. How do you define different routes with different HTTP methods in Flask?**

```python
# app.py
from flask import Flask, request

app = Flask(__name__)

@app.route('/item', methods=['GET', 'POST'])
def item():
    if request.method == 'GET':
        return "GET: return items/list"
    if request.method == 'POST':
        # read form/json and create item
        return "POST: item created", 201

if __name__ == '__main__':
    app.run(debug=True)
```

**Q4. How do you render HTML templates in Flask?**

```python
# Folder structure:
# - app.py
# - templates/
#     - index.html

# index.html (inside templates/)
# --------------------------------
# <!doctype html>
# <html>
#   <head><title>Home</title></head>
#   <body><h1>Hello, {{ name }}!</h1></body>
# </html>

from flask import Flask, render_template

app = Flask(__name__)

@app.route('/hello/<name>')
def hello(name):
    return render_template('index.html', name=name)

if __name__ == '__main__':
    app.run(debug=True)
```

**Q5. How can you generate URLs for routes in Flask using url_for?**

```python
# app.py
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/profile/<username>')
def profile(username):
    return f"Profile of {username}"

@app.route('/link')
def link():
    # Build the URL of the 'profile' route for 'shreya'
    return url_for('profile', username='shreya')  # -> "/profile/shreya"

if __name__ == '__main__':
    app.run(debug=True)
```

**Q6. How do you handle forms in Flask?**

```python
# app.py
from flask import Flask, request, render_template_string

app = Flask(__name__)

form_html = '''
<form action="/submit" method="post">
  <input name="name" placeholder="Your name">
  <button type="submit">Send</button>
</form>
'''

@app.route('/')
def form():
    return render_template_string(form_html)

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form.get('name', 'Guest')
    return f"Hello, {name}!"
    
if __name__ == '__main__':
    app.run(debug=True)
```

**Q7. How can you validate form data in Flask?**

```python
# app.py (basic validation without WTForms)
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/register', methods=['POST'])
def register():
    email = request.form.get('email', '')
    if '@' not in email:
        return jsonify(error="Invalid email"), 400
    return jsonify(message="Registered"), 201

if __name__ == '__main__':
    app.run(debug=True)
```

**Q8. How do you manage sessions in Flask?**

```python
# app.py
from flask import Flask, session

app = Flask(__name__)
app.secret_key = 'change-this-secret'  # required for sessions

@app.route('/login/<user>')
def login(user):
    session['user'] = user
    return f"{user} logged in"

@app.route('/whoami')
def whoami():
    return session.get('user', 'Guest')

@app.route('/logout')
def logout():
    session.clear()
    return "Logged out"

if __name__ == '__main__':
    app.run(debug=True)
```

**Q9. How do you redirect to a different route in Flask?**

```python
# app.py
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Home Page"

@app.route('/go-home')
def go_home():
    return redirect(url_for('home'))

if __name__ == '__main__':
    app.run(debug=True)
```

**Q10. How do you handle errors in Flask (e.g., 404)?**

```python
# app.py
from flask import Flask, jsonify

app = Flask(__name__)

@app.errorhandler(404)
def not_found(e):
    return jsonify(error="Resource not found"), 404

@app.errorhandler(500)
def server_error(e):
    return jsonify(error="Internal server error"), 500

if __name__ == '__main__':
    app.run(debug=True)
```

**Q11. How do you structure a Flask app using Blueprints?**

```python
# project/
#   app.py
#   blueprints/
#       __init__.py
#       users.py

# blueprints/users.py
from flask import Blueprint
users_bp = Blueprint('users', __name__, url_prefix='/users')

@users_bp.route('/profile')
def profile():
    return "User profile"

# app.py
from flask import Flask
from blueprints.users import users_bp

app = Flask(__name__)
app.register_blueprint(users_bp)

if __name__ == '__main__':
    app.run(debug=True)
```

**Q12. How do you define a custom Jinja filter in Flask?**

```python
# app.py
from flask import Flask, render_template_string

app = Flask(__name__)

@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

@app.route('/')
def demo():
    return render_template_string("{{ 'Flask' | reverse }}")  # -> kslaF

if __name__ == '__main__':
    app.run(debug=True)
```

**Q13. How can you redirect with query parameters in Flask?**

```python
# app.py
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/target')
def target():
    # read request.args.get('msg')
    return "Target endpoint"

@app.route('/jump')
def jump():
    return redirect(url_for('target', msg='welcome'))

if __name__ == '__main__':
    app.run(debug=True)
```

**Q14. How do you return JSON responses in Flask?**

```python
# app.py
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/info')
def info():
    data = {"framework": "Flask", "type": "API"}
    return jsonify(data), 200  # (body, status)

if __name__ == '__main__':
    app.run(debug=True)
```

**Q15. How do you capture URL parameters in Flask?**

```python
# app.py
from flask import Flask

app = Flask(__name__)

@app.route('/user/<int:user_id>')
def get_user(user_id):
    return f"User ID is {user_id}"

if __name__ == '__main__':
    app.run(debug=True)
```