# Restful API & Flask

1. What is a RESTful API?

* A RESTful API (Representational State Transfer API) is a way for different software systems to communicate over the internet using standard HTTP methods. It follows a set of architectural principles that make it scalable, stateless, and easy to use.

# Key Concepts of RESTful API:
1. Resources:

* Everything in REST is considered a resource (e.g., a user, an order, a product).

* Each resource is identified by a URL (e.g., https://api.example.com/users/123).

2. HTTP Methods:
* REST uses standard HTTP methods to perform actions on resources:

1. GET – Retrieve data

2. POST – Create a new resource

3. PUT – Update an existing resource (full update)

4. PATCH – Update part of a resource (partial update)

5. DELETE – Remove a resource

3. Stateless:

* Each API request is independent. The server doesn’t store client context between requests.

* All necessary information must be sent in the request.

4. JSON or XML:

* Most RESTful APIs use JSON to format data, though XML is sometimes supported.

5. Uniform Interface:

* REST APIs are designed with a consistent structure, making them easier to understand and use.

6. Client-Server Architecture:

* The client (frontend) and the server (backend) are separated, promoting modularity.

# Example:
* Suppose you have a RESTful API for managing books.

* GET /books – List all books

* GET /books/1 – Get details of book with ID 1

* POST /books – Add a new book

* PUT /books/1 – Replace book with ID 1

* DELETE /books/1 – Delete book with ID 1

2. Explain the concept of API specification?

* An API specification is a formal, structured document or definition that describes how an API behaves and how developers can interact with it. It acts like a contract between the API provider and consumers, ensuring consistency, clarity, and interoperability.

# Key Concepts in an API Specification:
1. Endpoints

* Define the URLs or routes the API exposes (e.g., /users, /orders/123).

2. HTTP Methods

* Describe the operations allowed on each endpoint: GET, POST, PUT, DELETE, etc.

3. Request Parameters

* Inputs required for each endpoint, including:

* Path parameters (e.g., /users/{id})

* Query parameters (e.g., /search?term=apple)

4. Headers

* Body content (typically in JSON)

5. Responses

* Expected output for each endpoint, including:

* Status codes (e.g., 200 OK, 404 Not Found)

* Response body schema

6. Headers

* Data Models / Schemas

* Definitions of the data structures used (e.g., what fields a User object has).

* Authentication/Authorization Requirements

* How users authenticate (e.g., API keys, OAuth tokens).



3.What is Flask, and why is it popular for building APIs?

* Flask is a microframework: it provides the core tools for web development without enforcing a specific structure or including unnecessary features.

* It’s built on Werkzeug (a WSGI utility library) and Jinja2 (a templating engine).

* You only include what you need (e.g., database integration, authentication) using extensions.

# Why Flask Is Popular for APIs
1. Minimal Boilerplate

* You can create a working API with just a few lines of code.

2. Pythonic and Intuitive

* Easy for Python developers to learn and use.

3. Highly Customizable

* You’re not locked into any particular architecture or tools.

4. Great for Prototyping and MVPs

* Fast to build and iterate.

5. Strong Ecosystem

* Many useful extensions like:

* Flask-RESTful – for structured REST APIs

* Flask-JWT – for authentication

* Flask-SQLAlchemy – for database ORM

6. Good for Small to Medium Projects

* Scales well up to a point; beyond that, more structured frameworks like Django or FastAPI might be better.



4.What is routing in Flask?

* Routing in Flask refers to the process of mapping URLs (or paths) to Python functions. These functions are called view functions, and they define what should happen when a specific URL is accessed—such as returning data or rendering a page.

| Feature          | Description                            |
| ---------------- | -------------------------------------- |
| `@app.route()`   | Binds a function to a URL path         |
| Dynamic segments | Use `<variable>` in URL paths          |
| HTTP methods     | Specify with `methods=['POST', 'GET']` |
| View functions   | Return the response (text, JSON, etc.) |


5. How do you create a simple Flask application?

# What’s Happening?
* Flask(__name__): Creates a Flask app instance.

* @app.route('/'): Maps the / URL to the home() function.

* return 'Hello, Flask!': Sends this text as the HTTP response.

* app.run(debug=True): Starts the development server and enables auto-reloading and debugging.

6. What are HTTP methods used in RESTful APIs?

* In RESTful APIs, HTTP methods define the type of operation you want to perform on a resource (like users, products, posts, etc.). These methods align with CRUD operations: Create, Read, Update, Delete.

| Method   | Description                       | CRUD Operation | Example Usage                       |
| -------- | --------------------------------- | -------------- | ----------------------------------- |
| `GET`    | Retrieve data from the server     | **Read**       | Get a list of users: `GET /users`   |
| `POST`   | Submit new data to the server     | **Create**     | Create a new user: `POST /users`    |
| `PUT`    | Replace an existing resource      | **Update**     | Replace user data: `PUT /users/1`   |
| `PATCH`  | Update part of a resource         | **Update**     | Update user email: `PATCH /users/1` |
| `DELETE` | Remove a resource from the server | **Delete**     | Delete a user: `DELETE /users/1`    |


7.  What is the purpose of the @app.route() decorator in Flask?

* The @app.route() decorator in Flask is used to bind a URL path to a Python function, turning that function into a view function (or route handler). It defines which URL triggers which code when accessed via a web browser or API request.

#Purpose of @app.route()
* It registers a route with the Flask application.

* It tells Flask: “When someone visits this URL, run this function.”

* It supports optional parameters and HTTP methods.

| Feature       | Description                                |
| ------------- | ------------------------------------------ |
| URL mapping   | Connects a specific URL to a function      |
| Dynamic paths | Supports variables in the URL              |
| HTTP methods  | Handles `GET`, `POST`, etc. via parameters |
| Readability   | Makes route definitions clean and readable |


8. What is the difference between GET and POST HTTP methods?

| Feature                | `GET`                              | `POST`                                      |
| ---------------------- | ---------------------------------- | ------------------------------------------- |
| **Purpose**            | Retrieve data                      | Submit or send data to create a resource    |
| **Data Location**      | Sent in the **URL** (query string) | Sent in the **request body**                |
| **Visibility**         | Visible in URL (e.g., `?q=test`)   | Hidden from URL                             |
| **Caching**            | Can be cached                      | Not usually cached                          |
| **Idempotent**         | ✅ Yes – Safe to repeat             | ❌ No – May create multiple entries          |
| **Use Case**           | Fetching info (e.g., search, view) | Creating a new resource (e.g., new user)    |
| **Request Size Limit** | Limited (due to URL length)        | Can send large payloads (e.g., JSON, files) |


9. How do you handle errors in Flask APIs?

* In Flask APIs, handling errors means catching issues like missing data, invalid input, or failed operations—and responding with clear, meaningful messages and proper HTTP status codes.

| Error Type       | How to Handle                                   |
| ---------------- | ----------------------------------------------- |
| 400 Bad Request  | Check for missing/invalid input manually        |
| 404 Not Found    | Use `abort(404)` or `@app.errorhandler(404)`    |
| 500 Server Error | Catch with `@app.errorhandler(500)`             |
| Validation       | Use manual checks or libraries like Marshmallow |


10. How do you connect Flask to a SQL database?

* To connect Flask to a SQL database, you typically use an ORM (Object-Relational Mapper) like SQLAlchemy, or Flask’s integration with it via Flask-SQLAlchemy. This simplifies querying and managing your database using Python objects instead of raw SQL.

| Component          | Role                                        |
| ------------------ | ------------------------------------------- |
| `Flask`            | Web framework                               |
| `Flask-SQLAlchemy` | ORM layer for connecting Flask with SQL DBs |
| `db.Model`         | Class that maps to a table in the database  |
| `db.session`       | Used to add, update, or delete records      |


11. What is the role of Flask-SQLAlchemy?

#Main Role of Flask-SQLAlchemy
* To make it easy to interact with SQL databases from a Flask app by:

* Managing database connections

* Mapping Python classes to database tables (ORM)

* Simplifying queries and data manipulation

* Handling migrations (when used with Flask-Migrate)

12. What are Flask blueprints, and how are they useful?

* A Blueprint is like a mini-application within your Flask app. You define routes, error handlers, templates, and static files in a blueprint, then register it with your main app.

| Benefit                | Description                                                            |
| ---------------------- | ---------------------------------------------------------------------- |
| **Modularity**         | Split features (auth, API, admin, etc.) into separate files or folders |
| **Reusability**        | Reuse blueprints across multiple apps or projects                      |
| **Cleaner Structure**  | Keeps your main app file smaller and easier to read                    |
| **Team Collaboration** | Teams can work on different blueprints without touching the core app   |


13. What is the purpose of Flask's request object?

* The request object in Flask is used to access incoming request data from the client (such as a browser or API consumer). It allows your Flask app to read details like form inputs, JSON payloads, query parameters, headers, and cookies from the HTTP request.

| Attribute             | Description                               | Example                                 |
| --------------------- | ----------------------------------------- | --------------------------------------- |
| `request.method`      | HTTP method used (`GET`, `POST`, etc.)    | `'POST'`                                |
| `request.args`        | Query string parameters                   | `/search?q=flask` → `request.args['q']` |
| `request.form`        | Form data submitted via `POST` or `PUT`   | `request.form['username']`              |
| `request.json`        | JSON payload (usually from an API client) | `request.json['email']`                 |
| `request.headers`     | Request headers                           | `request.headers['User-Agent']`         |
| `request.cookies`     | Cookies sent by the client                | `request.cookies.get('session')`        |
| `request.files`       | Uploaded files                            | `request.files['file']`                 |
| `request.path`        | Path part of the URL                      | `/profile`                              |
| `request.remote_addr` | IP address of the client                  | `'127.0.0.1'`                           |


14. How do you create a RESTful API endpoint using Flask?

* Creating a RESTful API endpoint in Flask involves setting up routes that handle specific HTTP methods (GET, POST, PUT, DELETE) to interact with resources (like users, products, tasks, etc.).

| HTTP Method | Endpoint      | Action              |
| ----------- | ------------- | ------------------- |
| `GET`       | `/users`      | Retrieve all users  |
| `GET`       | `/users/<id>` | Retrieve one user   |
| `POST`      | `/users`      | Create new user     |
| `PUT`       | `/users/<id>` | Update/replace user |
| `DELETE`    | `/users/<id>` | Delete user         |


15. What is the purpose of Flask's jsonify() function?

* The purpose of Flask's jsonify() function is to:

🔹 Convert Python data (like dict, list) into a JSON response, and

🔹 Automatically set the correct MIME type (application/json) for the HTTP response.

16. Explain Flask’s url_for() function?

* Flask’s url_for() function is used to dynamically build URLs for your Flask app routes based on the route’s function name, rather than hardcoding paths. This makes your code more maintainable, flexible, and less error-prone—especially if route paths change.

# Purpose of url_for()
✅ Avoid hardcoding URLs

✅ Automatically generate URLs that adapt to changes

✅ Append query parameters if needed



17. How does Flask handle static files (CSS, JavaScript, etc.)?

* Flask handles static files (like CSS, JavaScript, images) through a dedicated /static folder. When a client requests a file like /static/style.css, Flask automatically serves it from the corresponding file inside your project.

| Feature         | Description                                               |
| --------------- | --------------------------------------------------------- |
| Folder name     | `static/` by default                                      |
| Access path     | `url_for('static', filename='...')`                       |
| Files it serves | CSS, JS, images, fonts, etc.                              |
| Flask behavior  | Automatically serves from `/static/` without extra config |


18. M What is an API specification, and how does it help in building a Flask API?

* An API specification is a detailed, structured description of how an API behaves—what endpoints it exposes, what data it accepts and returns, and what errors it might produce. Think of it as a blueprint for building, consuming, and documenting an API.

#Purpose of an API Specification
* Defines what the API does and how to interact with it

* Provides a contract between backend developers, frontend teams, and third-party clients

* Enables automation: testing, documentation, code generation, validation


| Specification Tool    | Description                    |
| --------------------- | ------------------------------ |
| **OpenAPI** (Swagger) | Most widely used for REST APIs |
| RAML                  | YAML-based, developer-friendly |
| API Blueprint         | Markdown-style, human-readable |


19. What are HTTP status codes, and why are they important in a Flask API?

* HTTP status codes are standardized 3-digit codes sent by a server in response to a client's request. They indicate the result of the HTTP request, helping both clients (like browsers or API consumers) and developers understand what happened.

In a Flask API, using the correct status codes is essential for clear communication, error handling, and API best practices.

| Code                        | Meaning                       | When to Use                                 |
| --------------------------- | ----------------------------- | ------------------------------------------- |
| `200 OK`                    | Success (default for `GET`)   | Data was returned or updated successfully   |
| `201 Created`               | Resource was created          | After a `POST` that creates a new record    |
| `204 No Content`            | Success with no body          | After successful `DELETE` or `PUT`          |
| `400 Bad Request`           | Invalid input                 | Client sent malformed or missing data       |
| `401 Unauthorized`          | Auth required or invalid      | Access requires login/token                 |
| `403 Forbidden`             | Authenticated but not allowed | Valid token but insufficient permissions    |
| `404 Not Found`             | Resource doesn't exist        | ID doesn't match any data                   |
| `409 Conflict`              | Conflict with existing state  | Trying to create a user that already exists |
| `500 Internal Server Error` | Unhandled exception           | Something failed server-side                |


20. How do you handle POST requests in Flask?

* To handle POST requests in Flask, you define a route that accepts the POST method and use Flask’s request object to access the data sent by the client—usually form data or JSON.

| Step              | Code Example                              |
| ----------------- | ----------------------------------------- |
| Define POST route | `@app.route('/submit', methods=['POST'])` |
| Access JSON data  | `request.get_json()`                      |
| Access form data  | `request.form.get('field')`               |
| Return response   | `return jsonify(...), 200`                |


21. How would you secure a Flask API?

* Securing a Flask API involves multiple layers of protection to ensure that only authorized clients can access your endpoints and that data is transmitted safely.

| Security Aspect    | What to Do                                   |
| ------------------ | -------------------------------------------- |
| Transport Security | Use HTTPS                                    |
| Authentication     | JWT, API keys, OAuth 2.0                     |
| Authorization      | Role-based access control                    |
| Input Validation   | Validate and sanitize inputs                 |
| Rate Limiting      | Prevent DoS attacks                          |
| Secure Headers     | Set security-related HTTP headers            |
| Error Handling     | Hide sensitive info, use proper status codes |
| Dependency Updates | Keep libraries and Flask up-to-date          |


22. What is the significance of the Flask-RESTful extension?

* The Flask-RESTful extension is a popular Flask add-on that simplifies building RESTful APIs by providing tools and abstractions tailored for API development.

| Feature                   | Benefit                                        |
| ------------------------- | ---------------------------------------------- |
| Resource-based routing    | Organizes API endpoints cleanly                |
| Request parsing           | Validates and extracts parameters effortlessly |
| Automatic JSON output     | Simplifies response formatting                 |
| Consistent error handling | Provides standard API error messages           |
| Scalable for large APIs   | Supports namespaces and modular design         |


23. What is the role of Flask’s session object?

* Flask’s session object is used to store data specific to a user’s session between requests. It allows you to keep user-specific information (like login status, preferences, or temporary data) across multiple HTTP requests without requiring a database on every request.

| Feature                 | Description                                       |
| ----------------------- | ------------------------------------------------- |
| **Purpose**             | Store user-specific data across requests          |
| **Storage**             | Stored in **signed cookies** by default           |
| **Usage**               | Acts like a dictionary (`session['key'] = value`) |
| **Requires Secret Key** | Needed to cryptographically sign session cookies  |


# practical Question

1. How do you create a basic Flask application?

In [2]:
pip install flask




In [8]:
from flask import Flask

app = Flask(__name__)  # Initialize the Flask app

@app.route('/')        # Define route for home page
def home():
    return "Hello, Flask!"  # Return a simple message

if __name__ == '__main__':
    app.run(debug=True)  # Run the app in debug mode


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


2. How do you serve static files like images or CSS in Flask?

In [9]:
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
<img src="{{ url_for('static', filename='logo.png') }}" alt="Logo">


SyntaxError: invalid syntax (ipython-input-3746080289.py, line 1)

In [10]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')


3. How do you define different routes with different HTTP methods in Flask?

In [11]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/item', methods=['GET', 'POST'])
def item():
    if request.method == 'GET':
        # Handle GET request
        return jsonify(message="This is a GET request")
    elif request.method == 'POST':
        # Handle POST request
        data = request.get_json()
        return jsonify(message="Received POST request", data=data)


4. How do you render HTML templates in Flask?

In [12]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html', name='Alice')


5. How can you generate URLs for routes in Flask using url_for?

In [13]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return 'Home Page'

@app.route('/user/<username>')
def profile(username):
    return f"User: {username}"

@app.route('/links')
def links():
    home_url = url_for('home')
    profile_url = url_for('profile', username='alice')
    return f'<a href="{home_url}">Home</a><br><a href="{profile_url}">Alice\'s Profile</a>'


6.  How do you handle forms in Flask?

In [16]:
from flask import Flask, render_template, request

app = Flask(__name__)

# Create a simple HTML template file named 'form.html'
# In a real project, you would save this in a 'templates' folder.
# For this example, we'll create the content as a string.
form_template = """
<!DOCTYPE html>
<html>
<body>
  <form method="POST" action="/submit">
    Name: <input type="text" name="name" />
    <input type="submit" value="Submit" />
  </form>
</body>
</html>
"""

# Define the route to display the form (GET request)
# and handle the form submission (POST request)
@app.route('/submit', methods=['GET', 'POST'])
def handle_form():
    if request.method == 'POST':
        # Get the data from the submitted form
        name = request.form.get('name')
        if name:
            return f"Hello, {name}!"
        else:
            return "Please enter your name."
    # For GET requests, render the form
    # In a real app, you'd load 'form.html' from the templates folder
    # return render_template('form.html')
    # For this example, we'll just return the template string
    return form_template

# To run this in Colab, you'll need to use something like ngrok
# to expose your local Flask server to the internet.
# Or, you can run this code in a local Python environment.
# For demonstration purposes, you can uncomment the line below
# and run this cell, then try accessing the '/submit' route.
# if __name__ == '__main__':
#     app.run(debug=True)

7. How can you validate form data in Flask?

In [17]:
from flask import Flask, request, render_template, flash, redirect, url_for

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Needed for flashing messages

@app.route('/form')
def form():
    return render_template('form.html')

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form.get('name')
    if not name or len(name) < 3:
        flash("Name is required and should be at least 3 characters.")
        return redirect(url_for('form'))
    return f"Hello, {name}!"


8. How do you manage sessions in Flask?

In [18]:
app = Flask(__name__)
app.secret_key = 'your-secret-key'  # Change this to a secure random value


In [19]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'your-secret-key'

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    # Suppose authentication succeeds
    session['username'] = username  # Save username in session
    return redirect(url_for('profile'))

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Logged in as {session['username']}"
    else:
        return "You are not logged in."


In [20]:
@app.route('/logout')
def logout():
    session.pop('username', None)  # Remove 'username' from session if exists
    return "Logged out"


9. How do you redirect to a different route in Flask?

In [21]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "This is the home page."

@app.route('/go-to-home')
def go_to_home():
    return redirect(url_for('home'))  # Redirect to the 'home' route


10. How do you handle errors in Flask (e.g., 404)?

In [22]:
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404


In [24]:
@app.errorhandler(500)
def internal_error(e):
    return "An internal error occurred.", 500


11. How do you structure a Flask app using Blueprints?

In [26]:
# Create a dummy routes.py file for demonstration
%%writefile routes.py
from flask import Blueprint

blog_bp = Blueprint('blog', __name__, template_folder='templates')

@blog_bp.route('/')
def index():
    return "This is the blog index from the blueprint."

@blog_bp.route('/<int:post_id>')
def post(post_id):
    return f"This is blog post {post_id} from the blueprint."

Writing routes.py


In [27]:
from flask import Flask
from routes import blog_bp # Use absolute import

app = Flask(__name__)
app.register_blueprint(blog_bp, url_prefix='/blog')

# Add a simple home route for the main app
@app.route('/')
def home():
    return "Main App Home Page"


# To run this app, you would typically do:
# if __name__ == '__main__':
#     app.run(debug=True)

# In Colab, you might need to use ngrok or similar to access it.
# For demonstration, you can manually test the routes after running this cell.

12.  How do you define a custom Jinja filter in Flask?

In [35]:
def reverse_string(s):
    return s[::-1]


In [38]:
from flask import Flask

app = Flask(__name__)

@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]
    app.jinja_env.filters['reverse'] = reverse_string
    {{ "hello" | reverse }}




13. How can you redirect with query parameters in Flask?

In [39]:
from flask import Flask, request, redirect, url_for

app = Flask(__name__)

@app.route('/greet')
def greet():
    name = request.args.get('name', 'Guest')
    return f"Hello, {name}!"


In [40]:
@app.route('/redirect-example')
def redirect_example():
    return redirect(url_for('greet', name='Alice'))


14. M How do you return JSON responses in Flask?

In [41]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        'name': 'Alice',
        'age': 30,
        'location': 'Wonderland'
    }
    return jsonify(data)
{
  "name": "Alice",
  "age": 30,
  "location": "Wonderland"
}


{'name': 'Alice', 'age': 30, 'location': 'Wonderland'}

15. How do you capture URL parameters in Flask?

In [42]:
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def show_user(username):
    return f"Hello, {username}!"
@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"
