1. What is a RESTful API ?

A RESTful API (Representational State Transfer API) is a way for applications to communicate with each other over the web using the principles of REST architecture. It provides a simple, scalable, and standardized approach to building APIs.

2. Explain the concept of API specification ?

An API specification is like a blueprint or contract that clearly defines how an API works — what requests clients can make, what data they need to send, and what responses they can expect.

It provides rules and documentation for both API developers and users.




3. What is Flask, and why is it popular for building APIs?

Flask is a lightweight, open-source web framework for Python.

It’s called a microframework because it provides the essentials for building web applications and APIs but doesn’t force you to use specific tools or libraries.

Created by Armin Ronacher in 2010. Flask is a lightweight Python web framework that’s popular for building APIs because it’s simple, flexible, beginner-friendly, and has a rich ecosystem. It allows developers to quickly create RESTful APIs without the heavy overhead of larger frameworks.

4. What is routing in Flask ?

Routing is the process of mapping a URL (web address) to a specific Python function.

When a user visits a URL, Flask checks its routing table and runs the corresponding function.

These functions are often called view functions or endpoint functions.
Flask provides a @app.route() decorator to define routes.

Inside the decorator, you give the URL path.

The decorated function runs whenever that URL is requested.

5. M How do you create a simple Flask application ?

Flask(__name__) → creates the Flask app.

@app.route("/") → maps a URL to a function.

debug=True → enables auto-reload & detailed error messages.To create a simple Flask app, you just need to install Flask, create an app instance, define routes with @app.route(), and run the app.**bold text** .

6. What are HTTP methods used in RESTful APIs

GET → Retrieve data

Used to read or fetch information.

Doesn’t change anything on the server.

Example:

GET /users → Get all users

GET /users/101 → Get user with ID 101


POST → Create new data

Used to send data to the server to create a new resource.

Example:

POST /users

Request body:  RESTful APIs mainly use GET (read), POST (create), PUT (update/replace), PATCH (update/modify), and DELETE (remove) to work with resources.

7 .What is the purpose of the @app.route() decorator in Flask?

The @app.route() decorator in Flask is used to map a URL (route) to a specific function in your application.

When someone visits that URL in the browser (or calls it via API), the associated function (called a view function) is executed.

The result of the function is then sent back as the HTTP response.

8. What is the difference between GET and POST HTTP methods ?

Purpose: Retrieve data from the server.

Request Data Location: Query parameters (in the URL).

Idempotent: Yes → Multiple identical GET requests won’t change anything.

Cacheable: Yes → Browsers and CDNs can cache responses.

Visibility: Data is visible in the URL.

Purpose: Send data to the server (usually to create a new resource).

Request Data Location: Request body (not the URL).

Idempotent: No → Sending the same POST multiple times may create duplicate records.

Cacheable: No → Responses are not usually cached.

Visibility: Data is hidden in the request body (not shown in URL).

9. How do you handle errors in Flask APIs?

Flask APIs, errors are handled using status codes, abort(), custom error handlers, try/except, or custom exceptions. The goal is to give the client clear, consistent JSON responses instead of raw error pages.


200 OK → Success

400 Bad Request → Client error (wrong input)

401 Unauthorized → Authentication required

404 Not Found → Resource not found

500 Internal Server Error → Something went wrong on the server

10. How do you connect Flask to a SQL database?

SQLite is lightweight and comes with Python by default.

In [None]:
import sqlite3
from flask import Flask, g

app = Flask(__name__)
DATABASE = "mydb.sqlite"

def get_db():
    if "db" not in g:
        g.db = sqlite3.connect(DATABASE)
    return g.db

@app.teardown_appcontext
def close_db(error):
    if "db" in g:
        g.db.close()

@app.route("/create")
def create_table():
    db = get_db()
    db.execute("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT)")
    db.commit()
    return "Table created!"

@app.route("/add/<name>")
def add_user(name):
    db = get_db()
    db.execute("INSERT INTO users (name) VALUES (?)", (name,))
    db.commit()
    return f"User {name} added!"


11. What is the role of Flask-SQLAlchemy ?

Flask-SQLAlchemy is a Flask extension that integrates the SQLAlchemy ORM (Object Relational Mapper) with Flask.

It makes it easier to connect your Flask app to SQL databases (like SQLite, MySQL, PostgreSQL).

Instead of writing raw SQL queries, you work with Python classes and objects, and Flask-SQLAlchemy translates them into SQL automatically.

12. What are Flask blueprints, and how are they useful ?

In Flask, a Blueprint is a way to organize your application into smaller, reusable modules.

Think of a Blueprint as a mini Flask app inside your main app:

It can define its own routes, templates, static files, and error handlers.

Later, you register the blueprint with the main Flask app.

13. What is the purpose of Flask's request object ?

In Flask, the request object represents the incoming HTTP request from a client (browser, mobile app, or another API).

It gives your application access to all the data sent by the client, including form data, query parameters, headers, JSON payload, and more.

It’s part of Flask’s global context, so you can use it inside your view functions without passing it explicitly.

14. How do you create a RESTful API endpoint using Flask ?


Creating a RESTful API endpoint using Flask is simple because Flask is lightweight and provides decorators for defining routes.
Use @app.route() to map a URL path to a function.

Specify allowed HTTP methods (GET, POST, PUT, DELETE).

15.What is the purpose of Flask's jsonify() function ?


In Flask, the jsonify() function is used to convert Python data structures (like dictionaries and lists) into JSON format and send them as an HTTP response.jsonify() makes sure your Flask API responses are valid JSON, with the right headers, encoding, and formatting .

16. Explain Flask’s url_for() function ?

The url_for() function in Flask is used to build a URL for a specific function (endpoint) in your application.

Instead of writing URLs manually (like /home or /user/123), you call url_for('function_name', ...).
Flask then generates the correct URL for you, even if routes change later.

17. How does Flask handle static files (CSS, JavaScript, etc.)?

Default static Folder

By convention, Flask looks for static files in a folder named static/ inside your project directory.


Flask automatically serves files in the static/ folder at the URL path:

/static/<filename>

Using url_for() in Templates

Instead of hardcoding /static/..., you should use url_for('static', filename='...').

Example in an HTML template (templates/index.html):

18.  What is an API specification, and how does it help in building a Flask API?

An API specification is a detailed description of how an API works — it defines the endpoints, request formats, response formats, authentication methods, and error handling rules.

OpenAPI (Swagger) → most popular

RAML (RESTful API Modeling Language)

API Blueprint
Endpoints (routes) → e.g., /users, /products/<id>

HTTP methods → GET, POST, PUT, DELETE

Request format → query params, path params, body (JSON/XML)

Response format → JSON structure, status codes

Authentication → e.g., API keys, JWT tokens

Error responses → standardized messages

How does it help in building a Flask API?

Clear Documentation

Developers know exactly how to use your API.

Example: Swagger UI can auto-generate interactive docs.

Consistency

Ensures all endpoints follow the same style (naming, responses, error handling).

Collaboration

Frontend and backend teams can work in parallel.

Example: Frontend can mock API calls before backend is fully built.

Validation

You can validate requests and responses against the spec (e.g., with libraries like flask-swagger or apispec).

Future Maintenance

Easier to add new endpoints or update old ones because the spec acts as a single source of truth.

19 .What are HTTP status codes, and why are they important in a Flask API?

HTTP status codes are 3-digit numbers sent by a server in response to a client’s request.
They indicate whether the request was successful, failed, or requires some extra action.

Categories of HTTP Status Codes

1xx – Informational
→ Request received, still processing. (e.g., 100 Continue)

2xx – Success
→ Request completed successfully.

200 OK → Request succeeded

201 Created → Resource created successfully

204 No Content → Success, but no data to return

3xx – Redirection
→ Further action needed (redirect).

301 Moved Permanently

302 Found (temporary redirect)

4xx – Client Errors
→ Problem with the request.

400 Bad Request → Invalid input

401 Unauthorized → Authentication required

403 Forbidden → Not allowed

404 Not Found → Resource doesn’t exist

5xx – Server Errors
→ Server failed to process a valid request.

500 Internal Server Error



20. How do you handle POST requests in Flask ?

In Flask, POST requests are usually used to send data from the client to the server (e.g., creating a new record, submitting a form, sending JSON).

Steps to Handle POST in Flask

Allow POST in the route.

Access data sent in the request

Form data → request.form

JSON data → request.get_json() .

21. How would you secure a Flask API

Always run your API over https:// instead of http://.

Encrypts communication so sensitive data (passwords, tokens) isn’t exposed.

Usually configured via Nginx/Apache or a cloud provider (not Flask directly).

🔹 2. Authentication & Authorization

Ensure only authorized users can access endpoints.

Common methods:

API keys (simple, but less secure)
JWT (JSON Web Tokens) – stateless and widely used

OAuth2 – for third-party apps

Example with JWT (using flask-jwt-extended) .

22. What is the significance of the Flask-RESTful extension?

Flask-RESTful is an extension for Flask that makes it easier to build RESTful APIs. It provides tools and patterns to organize your API code cleanly, instead of manually handling routes, request parsing, and response formatting.

Significance / Benefits

Simplifies Route and Resource Management

You can define a resource as a Python class, and map HTTP methods to class methods (get(), post(), put(), delete()).

23. What is the role of Flask’s session object ?

The session object in Flask is used to store data that persists across requests for a particular user.

Think of it as a server-side dictionary where you can save information about the user between requests, such as login status, preferences, or temporary data.

Flask stores the session data securely in a cookie on the client-side, but it is signed using a secret key so it cannot be tampered with.