# **Theory Questions**

1. What is a RESTful API?
   - A RESTful API (Representational State Transfer API) is a standardized way for different software systems to communicate over the internet using HTTP methods.
   - It is based on a set of principles and conventions that make APIs easy to use, scalable, and stateless.
   - Key Features of a RESTful API are as follows:
       - Uses HTTP Methods:
           - GET: Retrieve data
           - POST: Create data
           - PUT / PATCH: Update data
           - DELETE: Remove data
     - Stateless: Each request from the client contains all the information the server needs. The server doesn't store any session information.
     - Resource-Based: Everything is treated as a resource (e.g., users, orders) identified by URLs.
     - JSON or XML Format: Data is typically exchanged in JSON (JavaScript Object Notation), which is lightweight and human-readable.
     - Uniform Interface: A consistent and predictable way to access and manipulate resources.

2. Explain the concept of API specification?
   - An API specification is a detailed, structured description of how an API behaves and how developers can interact with it.
   - It acts as a contract between the API provider and the consumer.
   -  Key Concepts of an API Specification are as follows:
      - Endpoints: The specific URLs where resources can be accessed (e.g., /users, /products/{id}).
      - Methods (HTTP Verbs): Defines the allowed operations - GET (read), POST (create), PUT/PATCH (update), DELETE (remove).
      - Request Format: What data needs to be sent in the request body, headers, or URL parameters.
      - Response Format: What structure and data types to expect in the response (usually JSON or XML), including success and error responses
      - Authentication Requirements: Details like API keys, tokens, or OAuth methods needed to access the API securely.
      - Status Codes: HTTP response codes like 200 (OK), 400 (Bad Request), 401 (Unauthorized), 404 (Not Found), etc.
      - Data Models: The structure of input/output data (e.g., a User has id, name, email).

3. What is Flask, and why is it popular for building APIs?
   - Flask is a lightweight, open-source web framework for Python that is widely used to build web applications and RESTful APIs.
   - It is popular because of the following reasons:
     - Minimalistic & Flexible: Flask provides only the essential tools to get started, so you can build your application exactly how you want — without unnecessary overhead.
     - Easy to Learn: It has a simple, intuitive syntax, which makes it great for beginners and quick prototyping.
     - Built-in Development Server: Comes with a debugger and reloader, making development fast and smooth.
     - Extensible: You can add features using Flask extensions like Flask-RESTful, Flask-JWT, Flask-SQLAlchemy, etc.
     - Great for APIs: Ideal for building lightweight, fast REST APIs due to its simplicity and support for HTTP methods, routing, JSON handling, etc.

4. What is routing in Flask?
   - Routing in Flask refers to how the application maps URLs (web addresses) to specific Python functions, known as view functions.
   - It connects URLs to Python functions so the app knows how to respond to different user requests.

5. How do you create a simple Flask application?
    - Install Flask: First, make sure Python is installed on your computer, Open your terminal or command prompt, Type pip install flask and press Enter. This will download and install Flask into your system.
    - Create a Python File: Open a text editor or code editor like VS Code or Notepad, Create a new file and save it with a name like app.py.
    - Write Basic Flask Code: Inside app.py, write the basic code to start a Flask app. This includes: Importing Flask, Creating an app object, Defining a route (like the home page), Returning a message when someone visits that route., Starting the app.
    - Run the Flask App: Open your terminal again, Go to the folder where your app.py file is saved, Run the command python app.py.
    - View the App in a Browser: After running the app, you will see a message saying that Flask is running on a local server (usually http://127.0.0.1:5000/), Open your web browser and go to that address, We should see the message “Hello, Flask!” displayed on the page.

6. What are HTTP methods used in RESTful APIs?
   - In RESTful APIs, HTTP methods are used to perform actions on resources (like data). The most commonly used HTTP methods are:
   - 1. GET - Retrieve data from the server. Example: Get details of a user.
   - 2. POST - Create a new resource on the server. Example: Add a new user.
   - 3. PUT - Update an existing resource completely. Example: Update all details of a user.
   - 4. PATCH - Update a part of an existing resource. Example: Change only the email of a user.
   - 5. DELETE - Remove a resource from the server. Example: Delete a user by ID.

7. What is the purpose of the @app.route() decorator in Flask?
   - The @app.route() decorator in Flask is used to define a route, which is the URL pattern the application will respond to, and to bind that URL to a specific Python function (called a view function).
   - Purpose of @app.route() are as follows:
     - Map a URL path to a Python function: For example, if someone visits http://localhost:5000/home, we can display a specific message or page using a function.
     - Tell Flask what code to run for a given URL: Flask checks the route and calls the associated function

8. What is the difference between GET and POST HTTP methods?
    - GET Method:
            - Purpose: Used to retrieve data from the server.
            - Data location: Sent in the URL (as query parameters).
            - Visibility: Data is visible in the URL.
            - Use case: When you want to fetch or display information without making changes (e.g., search queries, loading a webpage).
            - Idempotent: Yes - making the same request repeatedly doesn't change anything.
            - Example: GET /search?query=books
    - POST Method:
             - Purpose: Used to submit data to the server to create or update a resource.
             - Data location: Sent in the request body (not visible in the URL).- Visibility: Data is hidden from the URL.
             - Use case: When you're sending sensitive or large amounts of data (e.g., login forms, submitting a comment).
             - Idempotent: No - submitting the same POST request multiple times can create multiple entries.
             - Example: POST /register With body: { "name": "John", "email": "john@example.com" }

9. How do you handle errors in Flask APIs?
    - Common Ways to Handle Errors in Flask are as follows:
    - 1. Using @app.errorhandler() Decorator - Flask allows to define custom responses for specific HTTP status codes.
    - 2. Using try-except Blocks in Routes - This is useful for catching unexpected exceptions and returning a JSON response.
    - 3. Using abort() for Manual Errors - You can use abort() to stop execution and return a specific HTTP error.
    - 4. Return Structured JSON Errors - For APIs, always return errors in a structured JSON format.

10. How do you connect Flask to a SQL database?
     - To connect Flask to a SQL database, it typically use an ORM (Object Relational Mapper) like SQLAlchemy, which allows to interact with the database using Python classes and objects instead of raw SQL queries.

11. What is the role of Flask-SQLAlchemy?
    - Flask-SQLAlchemy is an extension for Flask that simplifies the integration of SQLAlchemy, a powerful Object Relational Mapper (ORM), with Flask applications.
    - Role of Flask-SQLAlchemy are as follows:   
         - Simplifies Configuration: It makes it easy to connect a Flask app to databases (like SQLite, MySQL, PostgreSQL) using simple configuration settings.
         - Provides ORM Support: It can define Python classes (models) that automatically map to database tables — no need to write SQL queries for common operations.
         - Manages Database Sessions: Handles connections and commits/rollbacks automatically in the background, reducing boilerplate code.
         - Supports Migrations & Relationships: Allows it to create, modify, and manage database schemas. We can also define relationships (one-to-many, many-to-many) between tables using Python.
         - Integrates Tightly with Flask: The extension respects Flask's application context, making it easy to use with blueprints, request hooks, and other Flask features.

12. What are Flask blueprints, and how are they useful?
    - Flask Blueprints are a way to organize a Flask application into modular components. Instead of putting all your routes and logic in a single file, Blueprints allow us to split the app into multiple, manageable files—each representing a feature or module.
    - Modular structure: Separate different functionalities (e.g., auth, admin, user) into clean files.
    - Reusability: Easily reuse a blueprint in different applications.
    - Scalability: Makes large apps easier to maintain and extend.
    
13. What is the purpose of Flask's request object?
    - The request object in Flask is used to access incoming data from a client making a request to the server. It helps to retrieve form data, JSON payloads, query parameters, HTTP headers, and more.
    - request.method - Type of request (e.g., GET, POST).
    - request.args - Query parameters (e.g., /search?name=John).
    - request.form - Data from HTML forms (POST requests).
    - request.json - JSON data in the body of the request.
    - request.headers - Access request headers like content-type, auth tokens, etc.
    - request.files - For uploaded files.

14. How do you create a RESTful API endpoint using Flask?
    - Creating a RESTful API endpoint in Flask involves defining a route and associating it with a function that responds to HTTP methods like GET, POST, PUT, or DELETE.
    - Steps to Create a RESTful API Endpoint in Flask are as follows:
         - Import Flask
         - Create a Flask app instance
         - Define the API endpoint using @app.route
         - Run the Flask app

15. What is the purpose of Flask's jsonify() function?
    - The jsonify() function in Flask is used to convert Python data structures (like dicts or lists) into JSON format, which is a standard format for sending data over web APIs.
    - Automatically sets the correct Content-Type: application/json in the HTTP response.
    - Ensures that the JSON data is properly formatted.
    - Safer and easier than manually using json.dumps() and Response().

16. Explain Flask's url_for() function.
    - The url_for() function in Flask is used to build a URL to a specific function or static file, making the code cleaner, dynamic, and easier to maintain.
    - It automatically builds URLs using the function name (not hardcoded paths).
    - Ensures the app continues to work even if routes change.
    - Supports dynamic URL generation with parameters.
    - Useful in templates and Python code.

17. How does Flask handle static files (CSS, JavaScript, etc.)?
    - Flask handles static files like CSS, JavaScript, and images using a special folder named static/.
    - Flask automatically serves files from the static/ folder.
    - We can reference static files in HTML using the url_for() function.

18. What is an API specification, and how does it help in building a Flask API?
    - An API specification is a detailed blueprint that describes how an API works. It includes information such as:
       - Endpoints (URLs)
       - HTTP methods (GET, POST, etc.)
       - Request parameters and data formats
       - Expected responses and status codes
       - Authentication requirements
   - Clarity & Communication: It serves as a contract between the frontend and backend teams, helping everyone understand what data to send and expect.
   - Faster Development: Developers can build Flask routes more easily by following the spec as a guide.
       - Testing & Validation: The spec helps automate testing and ensures consistent responses.
       - Documentation: Tools like Swagger or Postman can read the API spec and generate interactive documentation.
       - Avoids Errors: It reduces miscommunication and errors by clearly stating what the API should do.

19. What are HTTP status codes, and why are they important in a Flask API?
    - HTTP status codes are 3-digit numbers sent by the server in response to a client's request. They indicate whether a request was successful, failed, or requires further action.
    - 1xx - Informational Responses: 100 Continue - Request received; continue sending the rest. 101 Switching Protocols - Client requested protocol switch; server agrees.
    - 2xx - Success: 200 OK - Request was successful. 201 Created - Resource created (commonly used after POST). 202 Accepted - Request accepted but not yet processed. 204 No Content - Request successful, but no content to return.
    - 3xx - Redirection: 301 Moved Permanently - Resource has a new permanent URL. 302 Found - Resource temporarily resides at a different URL. 304 Not Modified - Resource not changed since last request (used for caching).
    - 4xx - Client Errors: 400 Bad Request - Invalid request due to syntax or data. 401 Unauthorized - Authentication required or failed. 403 Forbidden - Access denied, even if authenticated. 404 Not Found - Resource doesn't exist. 405 Method Not Allowed - HTTP method not supported for this URL. 429 Too Many Requests - Client has sent too many requests in a given time.
    - 5xx - Server Errors: 500 Internal Server Error - Generic server error. 501 Not Implemented - Server does not support the request method. 502 Bad Gateway - Server got an invalid response from another server. 503 Service Unavailable - Server is overloaded or down for maintenance. 504 Gateway Timeout - Server didn't get a timely response from another server.
    - It is important because of the following reasons:
        - Communicate Results Clearly - Help the client understand what happened (success, client error, server error).
        - Error Handling - Allow clients to handle errors more effectively, like showing a "Not Found" message for a 404.
        - Debugging - Make it easier to identify issues in communication between client and server.

20. How do you handle POST requests in Flask?
    - In Flask, POST requests are used when we want to send data to the server, such as submitting a form or sending JSON data.
    - Steps to Handle a POST Request are as follows:
         - Import necessary modules
         - Create a Flask app
         - Define a route that accepts POST requests
         - Run the Flask app

21. How would you secure a Flask API?
    - Securing a Flask API is crucial to protect sensitive data and prevent unauthorized access. Here are key ways to do it:
    - 1. Use Authentication and Authorization - Token-based authentication (like JWT): Only allow users with valid tokens. OAuth2: For more complex user access control.
    - 2. Use HTTPS - Encrypt communication between client and server to prevent data leaks. Deploy the API behind SSL certificates.
    - 3. Input Validation - Validate all inputs using libraries like Flask-Inputs, Marshmallow, or built-in request checks. Prevent SQL injection and XSS attacks.
    - 4. Rate Limiting - Limit the number of API requests per user using tools like Flask-Limiter to avoid abuse.
    - 5. Use Flask Extensions - Flask-JWT-Extended: For JWT-based security. Flask-Login: For managing user sessions securely.
    - 6. Hide Sensitive Info - Don't expose passwords, keys, or detailed error messages. Use .env files to store environment variables securely.
    - 7. Enable CORS Securely - Use Flask-CORS to control which domains can access the API.

22. What is the significance of the Flask-RESTful extension?
    - Flask-RESTful is an extension for Flask that simplifies the creation of RESTful APIs.
    - Key significance are as follows:
           - Simplifies API development: Provides a clean and organized structure for building APIs.
           - Class-based resources: Lets us define endpoints as Python classes, making code reusable and modular.
           - Automatic HTTP method routing: Easily map HTTP verbs like GET, POST, PUT, and DELETE to class methods.
           - Built-in request parsing: Includes reqparse for easy handling and validation of incoming request data.
           - Integrates well with Flask: Works seamlessly with other Flask extensions like Flask-SQLAlchemy and Flask-Marshmallow.

23. What is the role of Flask's session object?
    - Flask's session object is used to store information about a user across different requests in a web application. It allows temporary data (like user login status or preferences) to be stored on the server-side, but a session ID is stored in the user's browser via a secure cookie.
    - Key points are as follows:
         - Stores user-specific data between HTTP requests.
         - Data is stored securely using a secret key.
         - Commonly used for login sessions, preferences, and temporary settings.

# **Practical Questions**

In [None]:
# 1. How do you create a basic Flask application?
!pip install flask

from flask import Flask

app = Flask(__name__)  # Create Flask app

@app.route('/')  # Define route
def home():
    return "Hello, Flask!"  # Response

if __name__ == '__main__':
    app.run(debug=True)  # Run the app


In [None]:
# 2. How do you serve static files like images or CSS in Flask?
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')  # index.html will reference static files

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
# 3. How do you define different routes with different HTTP methods in Flask?
from flask import Flask, request

app = Flask(__name__)

# Route that handles GET requests (default)
@app.route('/get-example')
def get_example():
    return "This is a GET request"

# Route that handles POST requests
@app.route('/post-example', methods=['POST'])
def post_example():
    data = request.form.get('data')  # get data from POST form
    return f"Received POST data: {data}"

# Route that handles both GET and POST requests
@app.route('/both', methods=['GET', 'POST'])
def both_methods():
    if request.method == 'POST':
        return "Handling POST request"
    else:
        return "Handling GET request"

if __name__ == "__main__":
    app.run(debug=True)

In [None]:
# 4. How do you render HTML templates in Flask?
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == "__main__":
    app.run(debug=True)

In [None]:
# 5. How can you generate URLs for routes in Flask using url_for?
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return 'Home Page'

@app.route('/about')
def about():
    return 'About Page'

@app.route('/go')
def go():
    return f"Go to about: {url_for('about')}"

In [None]:
# 6. How do you handle forms in Flask?
from flask import Flask, request

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form['name']
        return f'Hello, {name}!'
    return '''
        <form method="post">
            Name: <input type="text" name="name">
            <input type="submit">
        </form>
    '''

In [None]:
# 7. How can you validate form data in Flask?
from flask import Flask, request, render_template_string

app = Flask(__name__)

@app.route('/submit', methods=['GET', 'POST'])
def submit():
    if request.method == 'POST':
        name = request.form.get('name')
        age = request.form.get('age')

        if not name:
            return "Name is required!"
        if not age.isdigit():
            return "Age must be a number!"

        return f"Received: {name}, {age}"

    return '''
        <form method="post">
            Name: <input type="text" name="name"><br>
            Age: <input type="text" name="age"><br>
            <input type="submit">
        </form>
    '''

In [None]:
# 8. How do you manage sessions in Flask?
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Required for using sessions

@app.route('/login', methods=['POST', 'GET'])
def login():
    if request.method == 'POST':
        session['username'] = request.form['username']  # Save to session
        return redirect(url_for('profile'))
    return '''
        <form method="post">
            <input type="text" name="username">
            <input type="submit" value="Login">
        </form>
    '''

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Welcome, {session['username']}!"
    return redirect(url_for('login'))

@app.route('/logout')
def logout():
    session.pop('username', None)
    return redirect(url_for('login'))

In [None]:
# 9. How do you redirect to a different route in Flask?
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the Home Page"

@app.route('/login')
def login():
    return "This is the Login Page"

@app.route('/go-to-login')
def go_to_login():
    # Redirect to the login page
    return redirect(url_for('login'))

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
# 10. How do you handle errors in Flask (e.g., 404)?
from flask import Flask, render_template

app = Flask(__name__)

# Example route
@app.route('/')
def home():
    return "Welcome to Home Page"

# Error handler for 404
@app.errorhandler(404)
def page_not_found(e):
    return "<h1>404 - Page Not Found</h1>", 404

if __name__ == '__main__':
    app.run(debug=True)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

In [None]:
# 11. How do you structure a Flask app using Blueprints?
from flask import Blueprint

home_bp = Blueprint('home', __name__)

@home_bp.route('/')
def home():
    return "Welcome to Home!"

from .routes import home_bp
from flask import Blueprint

auth_bp = Blueprint('auth', __name__)

@auth_bp.route('/login')
def login():
    return "Login Page"

In [None]:
# 12. How do you define a custom Jinja filter in Flask?
from flask import Flask, render_template_string

app = Flask(__name__)

# Step 1: Define the custom filter
def reverse_string(s):
    return s[::-1]

# Step 2: Register the filter
app.template_filter('reverse')(reverse_string)

@app.route('/')
def home():
    name = "Flask"
    html = "{{ name | reverse }}"  # Using custom filter in template
    return render_template_string(html, name=name)

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
# 13. How can you redirect with query parameters in Flask?
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def home():
    # Redirecting with query parameters
    return redirect(url_for('greet_user', name='Sita', age=25))

@app.route('/greet')
def greet_user():
    # Accessing query parameters
    name = request.args.get('name')
    age = request.args.get('age')
    return f"Hello {name}, you are {age} years old!"

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
# 14. How do you return JSON responses in Flask?
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        "name": "Sita",
        "age": 25,
        "city": "Ayodhya"
    }
    return jsonify(data)

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
# 15. How do you capture URL parameters in Flask?
from flask import Flask

app = Flask(__name__)

@app.route('/user/<name>')
def greet_user(name):
    return f"Hello, {name}!"

if __name__ == '__main__':
    app.run(debug=True)