# **Restful** **API & Flask** **Assignment**

# **Theory**

# 1.What is a RESTful API?
  - A **RESTful API (Representational State Transfer API)** is a way for applications to communicate with each other over the **web** using standard **HTTP methods** like:

* **GET** – to retrieve data
* **POST** – to create new data
* **PUT** – to update existing data
* **DELETE** – to remove data

### Key Features:

* **Stateless**: Each request contains all the information needed; the server doesn’t remember past requests.
* **Uses URLs (endpoints)** to access resources (like `/users`, `/products/1`).
* **Data is typically exchanged in JSON format.**

### Example:

A request like:

```
GET https://api.example.com/users/1
```

might return:

```json
{
  "id": 1,
  "name": "Alice",
  "email": "alice@example.com"
}
```

### In Short:

A RESTful API allows different software systems to exchange data using a simple, standardized approach based on web protocols.


# 2.Explain the concept of API specification.
   - ### What is an API Specification?

An **API specification** is a **detailed description** of how an API works. It defines the **rules**, **endpoints**, **methods**, and **data formats** that developers must follow to use the API correctly.

---

### Key Elements of an API Specification:

1. **Endpoints**: The URLs where the API can be accessed
   → Example: `/users`, `/products/{id}`

2. **HTTP Methods**: What action is performed
   → GET, POST, PUT, DELETE

3. **Request Structure**:

   * Required parameters (query/path/body)
   * Headers
   * Body format (usually JSON)

4. **Response Format**:

   * Data returned (fields, structure)
   * Status codes (e.g., 200 OK, 404 Not Found)

5. **Authentication Rules**:

   * API keys, tokens, etc.

6. **Error Messages**:

   * Format and meaning of errors

---

### Why It Matters:

* **Developers** understand exactly how to interact with the API.
* **Reduces confusion** and mistakes.
* Enables **automatic documentation** and **testing** using tools like **Swagger/OpenAPI**.

---

### Example:

Here’s a simplified API specification for getting user data:

```
GET /users/{id}
- Path parameter: id (integer)
- Response:
  {
    "id": 1,
    "name": "Alice",
    "email": "alice@example.com"
  }
```

---

### Summary:

An **API specification** is like a **blueprint** or **contract** for how an API works. It helps developers know exactly what to send and what to expect in return.


# 3.What is Flask, and why is it popular for building APIs?
  - ### What is Flask?

**Flask** is a **lightweight Python web framework** used for building web applications and **RESTful APIs**. It is designed to be **simple, flexible, and easy to use**, especially for small to medium-sized projects.

---

### Why is Flask Popular for Building APIs?

1. **Minimal and Lightweight**

   * Flask doesn't include unnecessary tools by default. You can add only what you need.
   * Perfect for small apps or quick prototypes.

2. **Easy to Learn and Use**

   * Simple syntax and clear structure make it ideal for beginners.

3. **Built-in Development Server**

   * Allows for quick testing and debugging.

4. **Flexible Routing System**

   * You can easily define endpoints like:

     ```python
     @app.route('/users/<int:id>')
     def get_user(id):
         return {"id": id}
     ```

5. **Supports RESTful API Design**

   * Works well with HTTP methods (GET, POST, PUT, DELETE) for API development.

6. **Good Community and Extensions**

   * Popular extensions like **Flask-RESTful**, **Flask-JWT**, and **Flask-SQLAlchemy** simplify tasks like authentication and database integration.

---

### Example Code:

```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/hello')
def hello():
    return jsonify({"message": "Hello, World!"})

if __name__ == '__main__':
    app.run(debug=True)
```

---

### Summary:

**Flask** is a simple and powerful Python framework that’s widely used for building APIs because of its **flexibility**, **ease of use**, and strong **community support**.


# 4.What is routing in Flask?
  - ### What is Routing in Flask?

**Routing in Flask** is the process of **mapping URLs (web addresses) to functions** in your code. These functions handle requests and return responses. It tells the Flask app **what to do when a specific URL is visited**.

---

### How It Works:

You use the `@app.route()` **decorator** to define a route.

#### Example:

```python
from flask import Flask
app = Flask(__name__)

@app.route('/hello')
def say_hello():
    return "Hello, World!"
```

* When someone visits `http://localhost:5000/hello`,
  the `say_hello()` function runs and returns `"Hello, World!"`.

---

### Route with Parameters:

```python
@app.route('/user/<name>')
def show_user(name):
    return f"Hello, {name}!"
```

* If you visit `/user/Ana`, it returns: `"Hello, Ana!"`

---

### HTTP Methods in Routes:

By default, routes respond to **GET** requests, but you can allow others like **POST** or **PUT**.

```python
@app.route('/submit', methods=['POST'])
def submit():
    return "Form Submitted!"
```

---

### Summary:

**Routing in Flask** connects **URLs to Python functions**. It lets you define how your web app or API should respond to different paths and actions.


# 5.How do you create a simple Flask application?
  - ### How to Create a Simple Flask Application

Here's a step-by-step guide to creating a **basic Flask app**.

---

### ✅ Step 1: Install Flask

If it's not already installed, use:

```bash
pip install Flask
```

---

### ✅ Step 2: Create a Python File (e.g., `app.py`)

```python
from flask import Flask

app = Flask(__name__)  # Create Flask app instance

@app.route('/')         # Define a route for the homepage
def home():
    return "Welcome to my Flask app!"

if __name__ == '__main__':
    app.run(debug=True)  # Start the Flask development server
```

---

### ✅ Step 3: Run the App

In your terminal, run:

```bash
python app.py
```

---

### ✅ Step 4: Open in Browser

Go to [http://localhost:5000](http://localhost:5000)
You’ll see:

```
Welcome to my Flask app!
```

---

### Summary:

A simple Flask app includes:

* Importing `Flask`
* Creating an app instance
* Defining routes with `@app.route()`
* Running the app with `app.run()`

It's that easy to get started with Flask!


# 6.What are HTTP methods used in RESTful APIs?
  - ### HTTP Methods Used in RESTful APIs

RESTful APIs use standard **HTTP methods** to perform operations on resources. Here are the main ones:

---

### 1. **GET**

* **Purpose**: Retrieve data from the server
* **Example**:

  ```http
  GET /users/1
  ```

  → Returns user with ID 1

---

### 2. **POST**

* **Purpose**: Create a new resource on the server
* **Example**:

  ```http
  POST /users
  ```

  → Creates a new user (usually with data in the request body)

---

### 3. **PUT**

* **Purpose**: Update an existing resource (replace all fields)
* **Example**:

  ```http
  PUT /users/1
  ```

  → Updates user with ID 1

---

### 4. **PATCH**

* **Purpose**: Update part of a resource (only specific fields)
* **Example**:

  ```http
  PATCH /users/1
  ```

  → Updates selected fields of user with ID 1

---

### 5. **DELETE**

* **Purpose**: Remove a resource
* **Example**:

  ```http
  DELETE /users/1
  ```

  → Deletes user with ID 1

---

### Summary:

| Method | Action           | Use Case                  |
| ------ | ---------------- | ------------------------- |
| GET    | Read             | Fetch data                |
| POST   | Create           | Add new data              |
| PUT    | Update (replace) | Modify existing data      |
| PATCH  | Update (partial) | Modify part of a resource |
| DELETE | Delete           | Remove data               |

These methods help RESTful APIs handle **Create, Read, Update, Delete (CRUD)** operations effectively.


# 7.What is the purpose of the @app.route() decorator in Flask?
  - ### What is the Purpose of the `@app.route()` Decorator in Flask?

The `@app.route()` decorator in Flask is used to **bind a URL path to a Python function**. It tells Flask **which function should run** when a user visits a specific URL.

---

### ✅ Purpose:

* Maps a **URL** to a **view function**
* Defines **routes** (URLs) for your web app or API

---

### ✅ Example:

```python
from flask import Flask

app = Flask(__name__)

@app.route('/hello')
def greet():
    return "Hello, World!"
```

* When someone visits `/hello`, Flask calls the `greet()` function and shows `"Hello, World!"`.

---

### ✅ Key Points:

* Acts as a **URL handler**
* You can define **multiple routes**
* You can use variables in the route:

  ```python
  @app.route('/user/<name>')
  def show_user(name):
      return f"Hello, {name}!"
  ```

---

### 🔁 Summary:

The `@app.route()` decorator in Flask connects a **URL path** to a specific **function**, allowing your app to respond to web requests at that path.


# 8.What is the difference between GET and POST HTTP methods?
  - ### Difference Between GET and POST HTTP Methods

| Feature            | **GET**                             | **POST**                             |
| ------------------ | ----------------------------------- | ------------------------------------ |
| **Purpose**        | Retrieve data                       | Send (create) data to the server     |
| **Data Location**  | Data sent in **URL (query string)** | Data sent in **request body**        |
| **Visible in URL** | Yes                                 | No                                   |
| **Use Case**       | Fetch info (e.g., view a profile)   | Submit forms, login, create records  |
| **Idempotent**     | Yes (safe to repeat)                | No (repeating may create duplicates) |
| **Security**       | Less secure (data exposed in URL)   | More secure (data hidden in body)    |
| **Length Limit**   | Limited by URL length               | No practical limit                   |

---

### ✅ Example of GET:

```http
GET /search?query=apple
```

Used to **fetch** data.

---

### ✅ Example of POST:

```http
POST /users
Body: {
  "name": "Alice",
  "email": "alice@example.com"
}
```

Used to **create** a new user.

---

### 🔁 Summary:

* **GET** = Retrieve data (safe, visible, used for reading)
* **POST** = Send data (used for creation or updates, not shown in URL)


# 9.How do you handle errors in Flask APIs?
  - ### How Do You Handle Errors in Flask APIs?

In Flask APIs, you can handle errors by using:

---

### ✅ 1. **`abort()` Function**

Used to return a specific HTTP status code and stop the request.

```python
from flask import Flask, abort

app = Flask(__name__)

@app.route('/item/<int:id>')
def get_item(id):
    if id != 1:
        abort(404)  # Return 404 Not Found
    return {"id": id, "name": "Item One"}
```

---

### ✅ 2. **Custom Error Handlers**

Use `@app.errorhandler()` to define custom responses for error codes.

```python
from flask import jsonify

@app.errorhandler(404)
def not_found(e):
    return jsonify({"error": "Resource not found"}), 404

@app.errorhandler(500)
def server_error(e):
    return jsonify({"error": "Internal server error"}), 500
```

---

### ✅ 3. **Try–Except Blocks**

Catch and handle exceptions in routes.

```python
@app.route('/divide')
def divide():
    try:
        result = 10 / 0
        return {"result": result}
    except ZeroDivisionError:
        return {"error": "Division by zero is not allowed"}, 400
```

---

### ✅ 4. **Use `make_response()` (Optional)**

To create detailed custom responses.

```python
from flask import make_response

@app.route('/unauthorized')
def unauthorized():
    return make_response(jsonify({"error": "Unauthorized"}), 401)
```

---

### 🔁 Summary:

| Method              | Purpose                            |
| ------------------- | ---------------------------------- |
| `abort()`           | Quickly return HTTP errors         |
| `@app.errorhandler` | Customize error messages/responses |
| `try–except`        | Handle exceptions in code          |
| `make_response()`   | Manually build HTTP responses      |

Flask provides flexible ways to handle errors cleanly and return helpful messages to API users.


# 10.How do you connect Flask to a SQL database?
  - ### How Do You Connect Flask to a SQL Database?

To connect Flask to a SQL database, the most common and powerful way is by using **Flask-SQLAlchemy**, an extension that integrates SQLAlchemy (a popular ORM) with Flask.

---

### ✅ Steps to Connect Flask with a SQL Database

---

### 1. **Install Flask-SQLAlchemy**

```bash
pip install Flask-SQLAlchemy
```

---

### 2. **Set Up Your Flask App**

```python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)

# Example: SQLite database
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///mydatabase.db'

# For MySQL: 'mysql://username:password@localhost/dbname'
# For PostgreSQL: 'postgresql://username:password@localhost/dbname'

db = SQLAlchemy(app)
```

---

### 3. **Define Your Models (Tables)**

```python
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(100))
    email = db.Column(db.String(100), unique=True)
```

---

### 4. **Create the Database**

```python
with app.app_context():
    db.create_all()  # This creates the tables based on models
```

---

### 5. **Use the Database in Your Routes**

```python
@app.route('/add_user')
def add_user():
    new_user = User(name="Alice", email="alice@example.com")
    db.session.add(new_user)
    db.session.commit()
    return "User added!"
```

---

### 🔁 Summary:

| Step            | Action                                |
| --------------- | ------------------------------------- |
| Install         | `pip install Flask-SQLAlchemy`        |
| Configure       | Set `SQLALCHEMY_DATABASE_URI`         |
| Define Models   | Create classes for your tables        |
| Create DB       | Use `db.create_all()`                 |
| Perform Actions | Add, query, update, or delete records |

Using **Flask-SQLAlchemy** makes it easy to work with SQL databases in a clean and Pythonic way.


# 11.What is the role of Flask-SQLAlchemy?
  - ### What is the Role of Flask-SQLAlchemy?

**Flask-SQLAlchemy** is a Flask extension that **integrates SQLAlchemy with Flask** to make working with databases easier and more Python-friendly.

---

### Key Roles of Flask-SQLAlchemy:

1. **Simplifies Database Setup**

   * Manages database connections and configurations within Flask apps.

2. **Provides ORM (Object Relational Mapping)**

   * Allows you to interact with the database using Python classes and objects instead of raw SQL queries.
   * Example: Create, read, update, and delete records by working with Python objects.

3. **Handles Database Sessions**

   * Manages transactions and sessions, making sure changes are committed or rolled back safely.

4. **Supports Multiple Databases**

   * Works with many SQL databases like SQLite, MySQL, PostgreSQL, etc.

5. **Integrates Smoothly with Flask Context**

   * Works well with Flask’s app context and request lifecycle.

---

### Summary:

Flask-SQLAlchemy acts as a **bridge between Flask and SQL databases**, providing an easy-to-use ORM and managing database connections and transactions, so you can focus on writing clean Python code for your data models and queries.


# 12.What are Flask blueprints, and how are they useful?
  - ### What Are Flask Blueprints?

**Flask Blueprints** are a way to **organize and structure** a Flask application by grouping related routes, templates, and static files into reusable components or modules.

---

### Why Use Blueprints?

* **Modularity:** Break your app into smaller, manageable parts (e.g., user management, blog posts).
* **Reusability:** Easily reuse blueprints across multiple apps.
* **Collaboration:** Teams can work on different blueprints independently.
* **Cleaner Code:** Keeps your main application file clean and organized.

---

### How Blueprints Work:

Instead of registering all routes directly on the main `app` object, you register them on a **blueprint**, then register the blueprint with the app.

---

### Example:

```python
from flask import Flask, Blueprint

# Create a blueprint
user_bp = Blueprint('user', __name__, url_prefix='/user')

@user_bp.route('/profile')
def profile():
    return "User Profile"

app = Flask(__name__)

# Register blueprint with the app
app.register_blueprint(user_bp)

if __name__ == '__main__':
    app.run(debug=True)
```

* The `/user/profile` URL will now be handled by the `profile` function inside the blueprint.

---

### Summary:

| Feature       | Explanation                             |
| ------------- | --------------------------------------- |
| **Blueprint** | A modular collection of routes and code |
| **Purpose**   | Organize large apps into components     |
| **Benefits**  | Reusability, maintainability, clarity   |

Blueprints help keep Flask apps **scalable and easy to maintain** as they grow bigger.


# 13.What is the purpose of Flask's request object?
  - ### What is the Purpose of Flask's `request` Object?

The **`request` object** in Flask provides all the information about the **current HTTP request** made by a client to your Flask app.

---

### What Does It Do?

* **Accesses data sent by the client**, such as:

  * URL parameters (query strings)
  * Form data (POST data)
  * JSON payload
  * Headers
  * Cookies
* Helps you understand **how the request was made** (method, URL, etc.)

---

### Common Uses:

```python
from flask import request

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form.get('name')          # Form data
    age = request.args.get('age')             # URL query parameter
    data = request.get_json()                  # JSON body
    user_agent = request.headers.get('User-Agent')  # Headers

    return f"Name: {name}, Age: {age}, Agent: {user_agent}"
```

---

### Summary:

| Purpose                 | Description                          |
| ----------------------- | ------------------------------------ |
| **Access Request Data** | Get form fields, JSON, query params  |
| **Check Request Info**  | HTTP method, headers, cookies        |
| **Control Flow**        | Decide how to respond based on input |

The `request` object is essential for **reading client input** and handling requests dynamically in Flask.


# 14.How do you create a RESTful API endpoint using Flask?
  - ### How to Create a RESTful API Endpoint Using Flask

Creating a RESTful API endpoint in Flask involves defining a route that handles HTTP requests (GET, POST, etc.) and returns data, usually in JSON format.

---

### Step-by-step Example:

```python
from flask import Flask, jsonify, request

app = Flask(__name__)

# Sample data (like a database)
users = [
    {"id": 1, "name": "Alice"},
    {"id": 2, "name": "Bob"}
]

# RESTful GET endpoint to fetch all users
@app.route('/api/users', methods=['GET'])
def get_users():
    return jsonify(users)

# RESTful POST endpoint to add a new user
@app.route('/api/users', methods=['POST'])
def add_user():
    new_user = request.get_json()  # Get JSON data from request body
    users.append(new_user)
    return jsonify(new_user), 201  # 201 Created status code

if __name__ == '__main__':
    app.run(debug=True)
```

---

### Explanation:

* `@app.route('/api/users', methods=['GET'])` — Handles GET requests to return a list of users.
* `@app.route('/api/users', methods=['POST'])` — Handles POST requests to add a new user.
* `request.get_json()` — Parses incoming JSON data.
* `jsonify()` — Converts Python data (like dictionaries or lists) to JSON responses.
* Return status codes like `201` for successful resource creation.

---

### Summary:

To create a RESTful API endpoint in Flask:

* Define routes with `@app.route()`
* Specify HTTP methods (GET, POST, etc.)
* Use `request` to get input data
* Use `jsonify` to return JSON responses


# 15.What is the purpose of Flask's jsonify() function?
   - ### What is the Purpose of Flask's `jsonify()` Function?

The `jsonify()` function in Flask is used to **convert Python data structures (like dictionaries or lists) into a JSON-formatted HTTP response**.

---

### Key Points:

* **Creates a Response** with `application/json` content type.
* Automatically **serializes** Python objects to JSON.
* Adds the correct **HTTP headers** for JSON response.
* Simplifies returning JSON from your API endpoints.

---

### Example:

```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/data')
def data():
    info = {"name": "Alice", "age": 30}
    return jsonify(info)
```

* This returns JSON:

  ```json
  {"name": "Alice", "age": 30}
  ```
* And sets the response header `Content-Type: application/json`.

---

### Summary:

| Purpose                   | Description                        |
| ------------------------- | ---------------------------------- |
| Convert data to JSON      | Serialize Python dict/list to JSON |
| Create JSON HTTP response | Send JSON with proper headers      |

`jsonify()` is the standard way to **send JSON responses** from Flask APIs.


# 16.Explain Flask’s url_for() function.
  - ### What is Flask’s `url_for()` Function?

The `url_for()` function is used to **build a URL for a specific function (route) in your Flask app** dynamically.

---

### Why Use `url_for()`?

* Generates URLs **based on the function name**, not hard-coded strings.
* Helps avoid errors if routes change.
* Automatically handles URL building, including query parameters and URL prefixes.
* Useful for **redirects, templates, and links** inside your app.

---

### How It Works:

```python
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Home Page"

@app.route('/user/<username>')
def profile(username):
    return f"User: {username}"

with app.test_request_context():
    print(url_for('home'))                # Output: '/'
    print(url_for('profile', username='Alice'))  # Output: '/user/Alice'
```

---

### Usage in Templates:

```html
<a href="{{ url_for('profile', username='Bob') }}">Bob's Profile</a>
```

---

### Summary:

| Purpose                   | Description                            |
| ------------------------- | -------------------------------------- |
| Generate URLs dynamically | Create URLs using route function names |
| Avoid hardcoding URLs     | Prevent bugs when routes change        |
| Supports variable parts   | Pass parameters for dynamic URLs       |

`url_for()` makes your Flask app more maintainable and flexible by **centralizing URL building**.


# 17.How does Flask handle static files (CSS, JavaScript, etc.)?
  - ### How Does Flask Handle Static Files (CSS, JavaScript, etc.)?

Flask has a built-in way to serve **static files** like CSS, JavaScript, images, and other assets.

---

### Default Behavior:

* Flask expects static files to be placed in a folder named **`static`** inside your project directory.
* These files can be accessed via the URL path `/static/<filename>`.

---

### Example:

If your project structure is:

```
/project
  /static
    style.css
    script.js
  app.py
```

You can access `style.css` in your HTML as:

```html
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
```

This will generate the URL `/static/style.css`.

---

### Serving Static Files:

Flask automatically serves files under `/static` when you run the app, no extra setup needed.

---

### Custom Static Folder:

You can customize the static folder name or path when creating the Flask app:

```python
app = Flask(__name__, static_folder='assets')
```

Then, static files are served from `/assets`.

---

### Summary:

| Feature                 | Explanation                              |
| ----------------------- | ---------------------------------------- |
| **Default folder**      | `static` directory                       |
| **Access URL pattern**  | `/static/<filename>`                     |
| **Use in templates**    | Use `url_for('static', filename='file')` |
| **Customizable folder** | Can specify a different static folder    |

Flask’s static file handling makes it easy to serve front-end assets alongside your web app.


# 18.What is an API specification, and how does it help in building a Flask API?
  - ### What is an API Specification?

An **API specification** is a formal, structured document that defines how an API behaves. It describes:

* **Endpoints** (URLs)
* **HTTP methods** (GET, POST, etc.)
* **Request parameters** and **body formats**
* **Response formats** and status codes
* **Authentication methods**
* Other rules and behaviors

---

### How Does It Help in Building a Flask API?

1. **Clear Contract:**
   It provides a clear blueprint for what the API should do, helping developers implement the API correctly.

2. **Consistency:**
   Ensures all endpoints follow the same structure and rules, improving maintainability.

3. **Documentation:**
   Acts as self-explanatory documentation for API users and developers.

4. **Validation:**
   You can use the spec to validate incoming requests and outgoing responses to ensure they meet the defined rules.

5. **Collaboration:**
   Helps front-end and back-end teams work in sync since both know exactly how the API behaves.

6. **Tooling Support:**
   Enables automatic generation of code, tests, and documentation using tools like Swagger/OpenAPI.

---

### Summary:

| What it is               | Why it helps                        |
| ------------------------ | ----------------------------------- |
| Formal API blueprint     | Guides API development              |
| Defines endpoints & data | Ensures consistency and correctness |
| Acts as documentation    | Improves collaboration              |
| Enables tooling          | Automates code generation and tests |

In Flask API development, having a clear API specification speeds up development, reduces errors, and improves communication between teams.


# 19.What are HTTP status codes, and why are they important in a Flask API?
  - ### What Are HTTP Status Codes?

**HTTP status codes** are standardized three-digit codes sent by a server in response to a client’s HTTP request. They indicate **whether the request was successful, encountered an error, or requires further action**.

---

### Common Categories of Status Codes:

| Code Range | Meaning       | Example Codes                  |
| ---------- | ------------- | ------------------------------ |
| 1xx        | Informational | 100 Continue                   |
| 2xx        | Success       | 200 OK, 201 Created            |
| 3xx        | Redirection   | 301 Moved Permanently          |
| 4xx        | Client Error  | 400 Bad Request, 404 Not Found |
| 5xx        | Server Error  | 500 Internal Server Error      |

---

### Why Are HTTP Status Codes Important in a Flask API?

1. **Communicate Outcome:**
   They tell the client if the request succeeded, failed, or needs further steps.

2. **Error Handling:**
   Clients can react appropriately (e.g., show error messages, retry requests) based on the status code.

3. **Standards Compliance:**
   Following HTTP standards ensures your API works well with tools, browsers, and clients.

4. **Debugging:**
   Help developers quickly understand what went wrong when something fails.

5. **Control Flow:**
   Guide clients on next actions (e.g., redirect, authentication).

---

### Example in Flask:

```python
from flask import jsonify

@app.route('/resource')
def resource():
    data = {"message": "Success"}
    return jsonify(data), 200  # 200 OK status
```

If an error occurs:

```python
@app.route('/resource/<int:id>')
def get_resource(id):
    if id != 1:
        return jsonify({"error": "Resource not found"}), 404
```

---

### Summary:

| Role                  | Description                                 |
| --------------------- | ------------------------------------------- |
| Indicate success      | 2xx codes (e.g., 200 OK)                    |
| Indicate client error | 4xx codes (e.g., 400 Bad Request)           |
| Indicate server error | 5xx codes (e.g., 500 Internal Server Error) |

HTTP status codes are essential for clear, reliable communication between your Flask API and its clients.


# 20.How do you handle POST requests in Flask?
  - ### How to Handle POST Requests in Flask

To handle **POST** requests in Flask, you need to:

1. **Specify the POST method** in your route using the `methods` parameter.
2. **Access the data sent by the client** (usually form data or JSON).
3. **Process the data** and return a response.

---

### Example: Handling JSON Data in a POST Request

```python
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit():
    # Get JSON data from the request body
    data = request.get_json()

    # Example: Extract fields from data
    name = data.get('name')
    age = data.get('age')

    # Process or save data (dummy example)
    response = {
        "message": "Data received",
        "name": name,
        "age": age
    }

    # Return JSON response
    return jsonify(response), 201  # 201 Created status

if __name__ == '__main__':
    app.run(debug=True)
```

---

### Key Points:

* Use `methods=['POST']` in `@app.route()` to allow POST requests.
* Access JSON data via `request.get_json()`.
* Access form data via `request.form`.
* Return a response, often with a status code like `201` for resource creation.

---

### Summary:

| Step                | Action                                  |
| ------------------- | --------------------------------------- |
| Enable POST method  | `@app.route('/path', methods=['POST'])` |
| Access request data | `request.get_json()` or `request.form`  |
| Return response     | Usually with JSON using `jsonify()`     |

This lets your Flask app receive and handle POST data from clients effectively.


# 21.How would you secure a Flask API?
  - Securing a Flask API involves several best practices and techniques to protect it from unauthorized access, attacks, and data breaches. Here’s how you can secure a Flask API:

---

### 1. **Use Authentication and Authorization**

* **Token-based authentication** like **JWT (JSON Web Tokens)** to verify users.
* Use **OAuth2** for more advanced, standardized access control.
* Example libraries: `Flask-JWT-Extended`, `Flask-OAuthlib`.

### 2. **Use HTTPS**

* Always serve your API over **HTTPS** to encrypt data in transit.
* Use SSL/TLS certificates (e.g., via Let’s Encrypt).

### 3. **Validate and Sanitize Input**

* Validate incoming data to prevent injection attacks.
* Use schemas with libraries like **Marshmallow** or **Pydantic**.

### 4. **Rate Limiting**

* Prevent abuse by limiting the number of requests per IP/user.
* Use extensions like **Flask-Limiter**.

### 5. **Handle Errors Gracefully**

* Avoid exposing sensitive info in error messages.
* Return generic error messages to clients.

### 6. **Use Secure Headers**

* Add headers like `Content-Security-Policy`, `X-Content-Type-Options`, and `Strict-Transport-Security`.
* Can use libraries like **Flask-Talisman**.

### 7. **Keep Dependencies Updated**

* Regularly update Flask and extensions to patch security vulnerabilities.

### 8. **Protect Against CSRF**

* For APIs used with browsers, use **CSRF tokens**.
* Use **Flask-WTF** or other CSRF protection tools if applicable.

### 9. **Limit Data Exposure**

* Only expose necessary fields in API responses.
* Avoid sending sensitive info like passwords.

---

### Quick Example: JWT Authentication Setup

```python
from flask import Flask, jsonify, request
from flask_jwt_extended import JWTManager, create_access_token, jwt_required

app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'your-secret-key'
jwt = JWTManager(app)

@app.route('/login', methods=['POST'])
def login():
    username = request.json.get('username')
    password = request.json.get('password')
    # Validate user credentials (simplified)
    if username == 'admin' and password == 'password':
        access_token = create_access_token(identity=username)
        return jsonify(access_token=access_token)
    return jsonify({"msg": "Bad credentials"}), 401

@app.route('/protected', methods=['GET'])
@jwt_required()
def protected():
    return jsonify(message="This is a protected endpoint.")

if __name__ == '__main__':
    app.run()
```

---

### Summary:

| Security Aspect                | Purpose                            |
| ------------------------------ | ---------------------------------- |
| Authentication & Authorization | Control who accesses your API      |
| HTTPS                          | Encrypt data in transit            |
| Input Validation               | Prevent injections & bad data      |
| Rate Limiting                  | Stop abuse & DoS attacks           |
| Secure Headers                 | Protect against common web attacks |
| CSRF Protection                | Protect browser-based requests     |

Following these steps helps you build a **secure and robust Flask API**.


# 22.What is the significance of the Flask-RESTful extension?
  - ### Significance of the Flask-RESTful Extension

**Flask-RESTful** is an extension for Flask that simplifies building RESTful APIs by providing useful tools and abstractions.

---

### Why Flask-RESTful is Important:

1. **Resource-Based Routing**
   Allows you to define API endpoints as classes called **Resources**, organizing code cleanly.

2. **Built-in Request Parsing**
   Provides easy tools (`reqparse`) to handle and validate incoming request data.

3. **Automatic Response Formatting**
   Handles serialization and returns JSON responses by default, reducing boilerplate.

4. **Error Handling**
   Simplifies error response management.

5. **Cleaner and More Maintainable Code**
   Encourages best practices and structure for REST APIs.

---

### Basic Example:

```python
from flask import Flask
from flask_restful import Resource, Api, reqparse

app = Flask(__name__)
api = Api(app)

class HelloWorld(Resource):
    def get(self):
        return {'message': 'Hello, World!'}

api.add_resource(HelloWorld, '/')

if __name__ == '__main__':
    app.run(debug=True)
```

---

### Summary:

| Feature               | Benefit                            |
| --------------------- | ---------------------------------- |
| Resource classes      | Organize endpoints as classes      |
| Request parsing       | Simplify input validation          |
| JSON responses        | Automatic serialization            |
| Cleaner API structure | Easier maintenance and readability |

Flask-RESTful speeds up REST API development with **structured, readable, and maintainable code**.


# 23.What is the role of Flask’s session object?
  - ### What is the Role of Flask’s `session` Object?

The `session` object in Flask is used to **store data specific to a user across multiple requests**. It enables you to keep information like login status, user preferences, or other temporary data on a per-user basis.

---

### Key Points:

* **Client-side sessions:**
  Flask stores session data in a **secure cookie** sent to the client, signed to prevent tampering.

* **Persistent across requests:**
  Data stored in `session` remains available between requests until the session expires or is cleared.

* **Used for user-specific data:**
  Commonly used for things like user authentication state, shopping carts, or flash messages.

---

### Example Usage:

```python
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Required for signing session cookies

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    session['username'] = username  # Store username in session
    return redirect(url_for('profile'))

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Logged in as {session['username']}"
    return "You are not logged in."

@app.route('/logout')
def logout():
    session.pop('username', None)  # Remove username from session
    return "Logged out."
```

---

### Summary:

| Role                        | Description                           |
| --------------------------- | ------------------------------------- |
| Store user-specific data    | Keeps info like login status per user |
| Data stored client-side     | Saved securely in signed cookies      |
| Persistent between requests | Available until cleared or expired    |

The `session` object is essential for managing user state in Flask web applications.


# **Practical**

In [None]:
# 1. How do you create a basic Flask application?
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run()


In [None]:
# 2. How do you serve static files like images or CSS in Flask?
!pip install flask-ngrok

from flask import Flask, render_template_string, url_for
from flask_ngrok import run_with_ngrok

app = Flask(__name__, static_folder='static')
run_with_ngrok(app)

# Create a basic HTML page with static CSS and image
@app.route('/')
def home():
    html = """
    <!DOCTYPE html>
    <html>
    <head>
        <title>Flask Static Example</title>
        <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
    </head>
    <body>
        <h1>Hello from Flask in Colab!</h1>
        <img src="{{ url_for('static', filename='flask.png') }}" width="200">
    </body>
    </html>
    """
    return render_template_string(html)

# Save static files
import os
os.makedirs('static', exist_ok=True)

with open('static/style.css', 'w') as f:
    f.write("""
    body {
        background-color: #f0f0f0;
        text-align: center;
        font-family: Arial, sans-serif;
    }
    h1 {
        color: #333;
    }
    """)

from PIL import Image, ImageDraw
img = Image.new('RGB', (200, 200), color='blue')
d = ImageDraw.Draw(img)
d.text((20, 90), "Flask", fill=(255,255,255))
img.save('static/flask.png')

# Run the app
app.run()


In [None]:
# 3.How do you define different routes with different HTTP methods in Flask?
from flask import Flask, request

app = Flask(__name__)

# GET method
@app.route('/')
def home():
    return "Welcome to the home page (GET)"

# POST method
@app.route('/submit', methods=['POST'])
def submit():
    return "Data submitted (POST)"

# GET and POST together
@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        return "Form submitted (POST)"
    else:
        return "Form page (GET)"

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 4. How do you render HTML templates in Flask?
!pip install flask-ngrok

from flask import Flask, render_template_string
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)  # exposes the app via public URL

@app.route('/')
def home():
    html = """
    <!DOCTYPE html>
    <html>
    <head>
        <title>Flask Template in Colab</title>
    </head>
    <body>
        <h1>Hello from Flask in Google Colab!</h1>
    </body>
    </html>
    """
    return render_template_string(html)

app.run()


In [None]:
# 5. How can you generate URLs for routes in Flask using url_for?
!pip install flask-ngrok

from flask import Flask, render_template_string, url_for
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

@app.route('/')
def home():
    # Dynamically generate link to /about using url_for
    html = """
    <!DOCTYPE html>
    <html>
    <head><title>Home</title></head>
    <body>
        <h1>Home Page</h1>
        <a href="{{ url_for('about') }}">Go to About Page</a>
    </body>
    </html>
    """
    return render_template_string(html)

@app.route('/about')
def about():
    html = """
    <!DOCTYPE html>
    <html>
    <head><title>About</title></head>
    <body>
        <h1>About Page</h1>
        <a href="{{ url_for('home') }}">Go back Home</a>
    </body>
    </html>
    """
    return render_template_string(html)

app.run()


In [None]:
# 6. How do you handle forms in Flask?
from flask import Flask, request, render_template_string

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form.get('name')
        return f"Hello, {name}!"

    html = """
    <!DOCTYPE html>
    <html>
    <head><title>Form Example</title></head>
    <body>
        <form method="POST">
            Enter your name: <input type="text" name="name">
            <input type="submit" value="Submit">
        </form>
    </body>
    </html>
    """
    return render_template_string(html)

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 7.How can you validate form data in Flask?
from flask import Flask, request, render_template_string

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def form():
    message = ''
    if request.method == 'POST':
        name = request.form.get('name')
        if not name:
            message = "Name is required!"
        else:
            message = f"Hello, {name}!"

    html = """
    <form method="POST">
        Name: <input type="text" name="name">
        <input type="submit" value="Submit">
    </form>
    <p>{{ message }}</p>
    """
    return render_template_string(html, message=message)

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 8.How do you manage sessions in Flask?
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'supersecretkey'  # Required to sign session cookies

@app.route('/')
def index():
    if 'username' in session:
        return f"Logged in as {session['username']} <br><a href='/logout'>Logout</a>"
    return "You are not logged in <br><a href='/login'>Login</a>"

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        session['username'] = request.form['username']
        return redirect(url_for('index'))
    return '''
        <form method="post">
            Username: <input type="text" name="username">
            <input type="submit" value="Login">
        </form>
    '''

@app.route('/logout')
def logout():
    session.pop('username', None)
    return redirect(url_for('index'))

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 9.How do you redirect to a different route in Flask?
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return 'This is the home page. <a href="/go">Click to redirect</a>'

@app.route('/go')
def go():
    return redirect(url_for('about'))

@app.route('/about')
def about():
    return 'You were redirected to the about page.'

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 10.How do you handle errors in Flask (e.g., 404)?
from flask import Flask, render_template_string

app = Flask(__name__)

@app.route('/')
def home():
    return 'Welcome to the homepage! <a href="/not-here">Broken Link</a>'

@app.errorhandler(404)
def page_not_found(e):
    return render_template_string("<h1>404 - Page Not Found</h1><p>Sorry, that page doesn’t exist.</p>"), 404

@app.errorhandler(500)
def internal_server_error(e):
    return render_template_string("<h1>500 - Internal Server Error</h1><p>Something went wrong.</p>"), 500

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 11.How do you structure a Flask app using Blueprints?
!pip install flask-ngrok

from flask import Flask, Blueprint
from flask_ngrok import run_with_ngrok

# Create a blueprint
home_bp = Blueprint('home_bp', __name__)

@home_bp.route('/')
def home():
    return '<h2>Welcome to the Home Page (via Blueprint)</h2>'

# Create the Flask app
app = Flask(__name__)
run_with_ngrok(app)  # run the app with public URL in Colab

# Register the blueprint
app.register_blueprint(home_bp)

# Run the app
app.run()


In [None]:
# 12.How do you define a custom Jinja filter in Flask?
!pip install flask-ngrok

from flask import Flask, render_template_string
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

# Define a custom Jinja filter
@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

@app.route('/')
def index():
    html = """
    <!DOCTYPE html>
    <html>
    <head><title>Jinja Filter</title></head>
    <body>
        <h2>Original: {{ msg }}</h2>
        <h2>Reversed: {{ msg|reverse }}</h2>
    </body>
    </html>
    """
    return render_template_string(html, msg="Flask with Colab")

app.run()


In [None]:
# 13.How can you redirect with query parameters in Flask?
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def index():
    # Redirect to /greet with a query parameter
    return redirect(url_for('greet', name='Ahana'))

@app.route('/greet')
def greet():
    name = request.args.get('name', 'Guest')
    return f"Hello, {name}!"

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 14. How do you return JSON responses in Flask?
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def data():
    response = {
        "name": "Ahana",
        "status": "active",
        "score": 95
    }
    return jsonify(response)

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# 15.How do you capture URL parameters in Flask?
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def show_user(username):
    return f"Hello, {username}!"

@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"

if __name__ == '__main__':
    app.run(debug=True)


# **Thank** **You**