# Restful API & Flask


1. What is a RESTful API ?
  - A RESTful API (Representational State Transfer API) is a type of web API that follows the REST architectural style to allow systems to communicate over the HTTP protocol.
  - Example:
    
    {
   
     "id": 1,
  
     "title": "Buy groceries",
  
     "completed": false
  
     }

2. Explain the concept of API specification ?
  - An API specification is a detailed description of how an API should work, defining its available endpoints, input parameters, request/response formats, and rules for communication between systems.

  - Example:

    {
   
     "city": "London",
  
     "temperature": 22,
   
      "condition": "Sunny"
    
      }

3. What is Flask, and why is it popular for building APIs ?
  - Flask is a lightweight, open-source Python web framework used to build web applications and APIs. It is a micro-framework, meaning it provides the essentials (routing, request handling, etc.) without enforcing a lot of built-in tools — giving developers flexibility to add only what they need

  - Example:

    from flask import Flask, jsonify

     app = Flask(__name__)

     Define a simple API endpoint
     
     @app.route('/hello', methods=['GET'])
     
     def hello():
    
     return jsonify({"message": "Hello, Flask API!"})

     if __name__ == '__main__':
     
     app.run(debug=True)

4. What is routing in Flask ?
  - In Flask, routing is the process of mapping a URL (like /home or /about) to a specific function in your code that handles the request and returns a response.

  - Example:

    from flask import Flask

     app = Flask(__name__)

     Route for the home page
     
     @app.route('/')
     
     def home():
    
     return "Welcome to the Home Page!"

     Route for about page
     
     @app.route('/about')
     
     def about():
     
     return "This is the About Page."

     if __name__ == '__main__':
    
     app.run(debug=True)

5.  How do you create a simple Flask application ?
  - A Flask application is just a Python script where you:

      - Import Flask.

      - Create a Flask app instance.

      - Define routes (URLs) with functions that return responses.

      - Run the app.

  - Example:
    
      from flask import Flask

      Step 1: Create Flask app instance
      
      app = Flask(__name__)

      Step 2: Define a route
      
      @app.route('/')
      
      def home():
      
      return "Hello, Flask! 🚀 This is my first Flask app."

      Step 3: Run the app
      
      if __name__ == '__main__':
      
      app.run(debug=True)

6. What are HTTP methods used in RESTful APIs ?
  - In RESTful APIs, HTTP methods define the type of action a client wants to perform on a resource (like data in a database). They map directly to CRUD operations (Create, Read, Update, Delete).

7. What is the purpose of the @app.route() decorator in Flask ?
  - In Flask, the @app.route() decorator is used to map a specific URL to a function (called a view function).

    - When a user visits that URL, Flask executes the associated function and returns its response.

    - This is the core of routing in Flask.

  - Example:

     from flask import Flask

     app = Flask(__name__)

     Home page route
     
     @app.route('/')
     
     def home():
     
     return "Welcome to the Home Page!"

     About page route
     
     @app.route('/about')
     
     def about():
    
     return "This is the About Page."

     if __name__ == '__main__':
    
     app.run(debug=True)

8. What is the difference between GET and POST HTTP methods ?
   - GET = Ask the server for data.

   - POST = Send new data to the server.

   - Example:
      - GET request
        
         GET /users/1

      - POST request
        
         POST /users
         
         Body: { "name": "Alice", "email": "alice@example.com" }

9. How do you handle errors in Flask APIs ?
  - In Flask, you can handle errors by:

       - Using the @app.errorhandler() decorator for specific HTTP error codes.

       - Returning custom error responses (usually in JSON for APIs).

     This helps provide clear messages instead of generic error pages.

  - Example:
   
    from flask import Flask, jsonify

     app = Flask(__name__)

     Normal route
     
     @app.route('/')
     
     def home():
     
     return jsonify({"message": "Welcome to the API!"})

     Handle 404 error (Not Found)
     
     @app.errorhandler(404)
     
     def not_found(error):
    
     return jsonify({"error": "Resource not found"}), 404

     Handle 500 error (Internal Server Error)
     
     @app.errorhandler(500)
     
     def server_error(error):
    
     return jsonify({"error": "Something went wrong on the server"}), 500

     if __name__ == '__main__':
  
     app.run(debug=True)

10.  How do you connect Flask to a SQL database ?
  - Flask doesn’t directly connect to databases, but it works seamlessly with libraries like SQLAlchemy (ORM) or SQLite/MySQL/PostgreSQL drivers.
The most common way is to use Flask-SQLAlchemy, which simplifies working with databases.

  - Example:

       from flask import Flask
    
       from flask_sqlalchemy import SQLAlchemy

       app = Flask(__name__)

       Configure Database URI (SQLite in this case)
       
       app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///users.db'
       
       app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

       Initialize Database
       
       db = SQLAlchemy(app)

       Define a Model (table)
       
       class User(db.Model):
      
       id = db.Column(db.Integer, primary_key=True)
      
       name = db.Column(db.String(100), nullable=False)
      
       email = db.Column(db.String(120), unique=True, nullable=False)

       def __repr__(self):
       
        return f"<User {self.name}>"

       Create tables
       
       with app.app_context():
     
       db.create_all()

       @app.route('/')
       
       def home():
      
       return "Database connected with Flask!"

       if __name__ == '__main__':
      
       app.run(debug=True)

11. What is the role of Flask-SQLAlchemy ?
   - Flask-SQLAlchemy makes working with databases much easier by letting you use Python classes and objects instead of writing raw SQL queries.

   - Example:

     from flask import Flask
     
     from flask_sqlalchemy import SQLAlchemy

     app = Flask(__name__)

     Configure database (SQLite in this case)
     
     app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///students.db'
     
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

     Initialize SQLAlchemy
    
     db = SQLAlchemy(app)

     Define a model (table)
     
     class Student(db.Model):
     
     id = db.Column(db.Integer, primary_key=True)
     
     name = db.Column(db.String(100), nullable=False)
     
     age = db.Column(db.Integer, nullable=False)

     def __repr__(self):
       
       return f"<Student {self.name}>"

     Create tables
     
     with app.app_context():
    
     db.create_all()

     @app.route('/')
     
     def home():
     
      Insert a student into the database
     
     student = Student(name="Alice", age=22)
     
     db.session.add(student)
     
     db.session.commit()

      Query all students
     
     students = Student.query.all()
     
     return f"Students in DB: {students}"

      if __name__ == '__main__':
    
     app.run(debug=True)

12. What are Flask blueprints, and how are they useful ?
  - In Flask, a Blueprint is a way to organize your application into modular components.
Instead of keeping all routes and logic in a single file, Blueprints let you split your app into smaller, reusable sections.

  - Example
   
     myapp/
    
     │── app.py
     
     │── users.py  

13. What is the purpose of Flask's request object ?
   - To retrieve user input from query strings, forms, or JSON.

   - To access metadata about the request (like method, headers, cookies, IP).

   - To handle different request types (GET, POST, etc.).

     Example:

     from flask import Flask, request

     app = Flask(__name__)

     @app.route('/greet', methods=['GET'])
     
     def greet():
     
     Access query parameter ?name=...
     
     name = request.args.get('name', 'Guest')
     
     return f"Hello, {name}!"

     if __name__ == "__main__":
    
     app.run(debug=True)



14. How do you create a RESTful API endpoint using Flask ?
  - In Flask, you can create a RESTful API endpoint by defining routes (URLs) with specific HTTP methods (GET, POST, PUT, DELETE, etc.). These endpoints handle requests and return responses, often in JSON format for APIs.

  - Example:

     from flask import Flask, jsonify, request

     app = Flask(__name__)

     In-memory data (like a temporary database)
     
     books = [
     
     {"id": 1, "title": "The Alchemist", "author": "Paulo Coelho"},
     {"id": 2, "title": "1984", "author": "George Orwell"}
     ]

     GET endpoint: Fetch all books
     
     @app.route('/api/books', methods=['GET'])
     
     def get_books():
     
     return jsonify(books)

     POST endpoint: Add a new book
     
     @app.route('/api/books', methods=['POST'])
     
     def add_book():
    
     new_book = request.get_json()  # Get JSON payload from client
     
     books.append(new_book)
     
     return jsonify(new_book), 201   # Return created book with status code 201

     if __name__ == "__main__":
     
     app.run(debug=True)


15. What is the purpose of Flask's jsonify() function ?
  - Converts Python data structures into valid JSON.

  - Sets the correct Content-Type header (application/json) in the response.

  - Makes it easier to build APIs that return JSON data.

     - Example:

       from flask import Flask, jsonify

       app = Flask(__name__)

       @app.route('/api/user', methods=['GET'])
       
       def get_user():
      
       user = {
       
        "id": 1,
        
        "name": "Khushbu",
        
        "email": "khushbu@example.com"
       
        }
        
         return jsonify(user)   # Convert dict → JSON response

         if __name__ == "__main__":
        
         app.run(debug=True)

        - Result:

          {
          
          "id": 1,
          
          "name": "Khushbu",
          
          "email": "khushbu@example.com"
          
           }

16.  Explain Flask’s url_for() function ?
  - Flask’s url_for() function is used to generate URLs dynamically for a given function name (endpoint). Instead of hardcoding URLs, you call url_for() with the function name, and Flask will build the correct URL for you.

  - Example:
    
       from flask import Flask, url_for, redirect

       app = Flask(__name__)

       @app.route('/')
     
       def home():
     
       return "Welcome to Home Page!"

       @app.route('/about')
       
       def about():
       
       return "This is the About Page."

       @app.route('/go-to-about')
       
       def go_to_about():
      
       Generate URL for 'about' function
       
       return redirect(url_for('about'))

       if __name__ == "__main__":
       
       app.run(debug=True)

17.  How does Flask handle static files (CSS, JavaScript, etc.) ?
  - In Flask, static files like CSS, JavaScript, and images are handled using a built-in mechanism. Flask automatically serves these files from a special directory called static inside your project folder.

  - Example:
    
     my_flask_app/
    
     │
     
     ├── app.py
     
     ├── static/
     
     │   ├── style.css
     
     │   └── script.js
     
     └── templates/
    
     └── index.html

18. What is an API specification, and how does it help in building a Flask API ?
   - An API specification is a formal document that describes how an API works.
It defines:

     - Endpoints (URLs) → where requests are sent

     - HTTP Methods → (GET, POST, PUT, DELETE, etc.)

     - Request parameters → query params, path variables, request body format

     - Response format → JSON structure, status codes, error messages

     - Authentication & security requirements

   - Example:

      [
      
      {"id": 1, "title": "Buy milk", "done": false},
     
     {"id": 2, "title": "Read a book", "done": true}
      
      ]

19. What are HTTP status codes, and why are they important in a Flask API ?
   - HTTP status codes are three-digit numbers returned by a server in response to a client’s request.
They indicate the result of the request, such as success, error, or redirection.

   - Why are they Important in a Flask API?

     ✅ Communicate clearly whether a request succeeded or failed.

     ✅ Help debugging by showing exact error reasons.

     ✅ Ensure consistency so clients (frontend, mobile apps) know how to handle responses.

   - Example:

     from flask import Flask, jsonify, request

     app = Flask(__name__)

     @app.route('/login', methods=['POST'])
     
     def login():
     
     data = request.get_json()
     
     if data.get("username") == "admin" and data.get("password") == "1234":
        return jsonify({"message": "Login successful"}), 200   # ✅ Success
     
     else:
        return jsonify({"error": "Invalid credentials"}), 401  # ❌ Unauthorized

      - 200 OK → request successful

      - 401 Unauthorized → wrong credentials

20.  How do you handle POST requests in Flask ?
   - POST requests in Flask are handled by defining routes with methods=['POST'] and accessing request data via request.form, request.get_json(), or request.files.

   - Example:

     from flask import Flask, request, jsonify

     app = Flask(__name__)

     @app.route('/submit', methods=['POST'])
     
     def submit():
    
     data = request.get_json()  # Get JSON payload
    
     name = data.get("name")
    
     age = data.get("age")
   
     return jsonify({"message": f"Hello {name}, age {age} received!"}), 201

     if __name__ == '__main__':
    
     app.run(debug=True)

     - If you send:
      
       {
       
       "name": "Alice",
      
       "age": 25
        
        }

      - You’ll get back:

        {
        
        "message": "Hello Alice, age 25 received!"
        
         }
       

21. How would you secure a Flask API ?
   - Securing a Flask API involves HTTPS, authentication/authorization, input validation, rate limiting, secure headers, proper error handling, and safe database practices.
  
   - Example:
     
     from flask import Flask, request, jsonify

     app = Flask(__name__)

     API_KEY = "mysecretkey123"

     @app.route('/secure-data', methods=['GET'])
     
     def secure_data():
    
     key = request.headers.get("x-api-key")  # Check API key in request header
    
     if key == API_KEY:
        return jsonify({"data": "This is secure data"}), 200
   
     else:
        return jsonify({"error": "Unauthorized"}), 401

     if __name__ == '__main__':
        app.run(debug=True)

    


22. What is the significance of the Flask-RESTful extension ?
  - Flask-RESTful is an extension that makes building REST APIs in Flask simpler and cleaner.
    
    It provides:

     - A Resource-based structure (instead of plain functions)

     - Easy handling of HTTP methods (GET, POST, etc.)

     - Built-in request parsing and error handling   

   - Example:

     from flask import Flask
     
     from flask_restful import Api, Resource

     app = Flask(__name__)
     
     api = Api(app)

     class Hello(Resource):
     
     def get(self):
        return {"message": "Hello, Flask-RESTful!"}

     api.add_resource(Hello, '/hello')

     if __name__ == '__main__':
      app.run(debug=True)

23. What is the role of Flask’s session object?
   - Flask’s session object is used to store data for a user across requests (like login state or preferences).
It uses signed cookies, meaning data is stored in the browser but protected with a secret key so it can’t be tampered with.

   - example
     
     from flask import Flask, session, redirect, url_for, request

     app = Flask(__name__)
     
     app.secret_key = "supersecretkey"  # Needed for session security

     @app.route('/login', methods=['POST'])
     
     def login():
     
     session['user'] = request.form['username']   # Store user in session
    
     return f"Logged in as {session['user']}"

     @app.route('/logout')
     
     def logout():
     
     session.pop('user', None)  # Remove user from session
     
     return "Logged out"

     if __name__ == '__main__':
     
     app.run(debug=True)

# Practical Questions

1. How do you create a basic Flask application ?
  

In [None]:
1. Install Flask
   pip install flask

2. Create a Python file (e.g., app.py).

3. Write minimal Flask code

   from flask import Flask

   # Create a Flask app instance
   app = Flask(__name__)

   # Define a route (URL endpoint)
   @app.route('/')
   def home():
    return "Hello, Flask!"

   # Run the app
   if __name__ == '__main__':
    app.run(debug=True)

4. You’ll see:
   Hello, Flask!


2. How do you serve static files like images or CSS in Flask ?

In [None]:
1. Project Structure
   my_flask_app/
│
├── app.py
├── static/
│   ├── style.css
│   ├── script.js
│   └── logo.png
└── templates/
    └── index.html

2. Access Static Files in HTML
   <!DOCTYPE html>
<html>
<head>
    <title>Static Files Example</title>
    <!-- CSS -->
    <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
</head>
<body>
    <h1>Hello Flask with CSS & Image!</h1>
    <!-- Image -->
    <img src="{{ url_for('static', filename='logo.png') }}" alt="Logo">
    <!-- JavaScript -->
    <script src="{{ url_for('static', filename='script.js') }}"></script>
</body>
</html>

3. Flask App (app.py)
   from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template("index.html")

if __name__ == '__main__':
    app.run(debug=True)

3.  How do you define different routes with different HTTP methods in Flask ?
  

In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/user', methods=['GET', 'POST'])
def user():
    if request.method == 'GET':
        return "You sent a GET request"
    elif request.method == 'POST':
        data = request.get_json()
        return f"You sent a POST request with data: {data}"

if __name__ == '__main__':
    app.run(debug=True)

     Here:

     GET /user → returns a message

     POST /user → accepts JSON data

4. How do you render HTML templates in Flask ?
  

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template("index.html", name="Flask User")

if __name__ == '__main__':
    app.run(debug=True)

templates/index.html:

  <!DOCTYPE html>
<html>
<head><title>Flask Template</title></head>
<body>
    <h1>Hello, {{ name }}!</h1>
</body>
</html>

5. How can you generate URLs for routes in Flask using url_for ?

In [None]:
from flask import Flask, url_for, redirect

app = Flask(__name__)

@app.route('/')
def home():
    return "This is the Home Page"

@app.route('/about')
def about():
    return "This is the About Page"

@app.route('/go-to-about')
def go_to_about():
    # Generate URL for 'about' route dynamically
    return redirect(url_for('about'))

if __name__ == '__main__':
    app.run(debug=True)

How it works:

   @app.route('/user/<username>')
def profile(username):
    return f"Profile of {username}"

# Generates /user/John
url_for('profile', username='John')

6. How do you handle forms in Flask ?

In [None]:
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/')
def index():
    return render_template("form.html")

@app.route('/submit', methods=['POST'])
def submit():
    username = request.form.get("username")  # Get form data
    return f"Hello, {username}!"

if __name__ == '__main__':
    app.run(debug=True)

7.  How can you validate form data in Flask ?

In [None]:
from flask import Flask, render_template, request
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, SubmitField
from wtforms.validators import DataRequired, Length

app = Flask(__name__)
app.secret_key = "secret123"  # Needed for CSRF protection

class LoginForm(FlaskForm):
    username = StringField("Username", validators=[DataRequired(), Length(min=3)])
    password = PasswordField("Password", validators=[DataRequired()])
    submit = SubmitField("Login")

@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():   # ✅ Validation happens here
        return f"Welcome, {form.username.data}!"
    return render_template("login.html", form=form)

if __name__ == '__main__':
    app.run(debug=True)



8. How do you manage sessions in Flask ?

In [None]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = "supersecretkey"  # Required for session security

@app.route('/login', methods=['POST'])
def login():
    session['user'] = request.form['username']   # Save data in session
    return f"Logged in as {session['user']}"

@app.route('/logout')
def logout():
    session.pop('user', None)   # Remove data from session
    return "Logged out"

if __name__ == '__main__':
    app.run(debug=True)

9.  How do you redirect to a different route in Flask ?

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "This is the Home Page"

@app.route('/about')
def about():
    return "This is the About Page"

@app.route('/go-to-about')
def go_to_about():
    return redirect(url_for('about'))  # Redirects to /about

if __name__ == '__main__':
    app.run(debug=True)

10. How do you handle errors in Flask (e.g., 404) ?

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to Flask!"

# Handle 404 error
@app.errorhandler(404)
def page_not_found(e):
    return render_template("404.html"), 404

if __name__ == '__main__':
    app.run(debug=True)

11.  How do you structure a Flask app using Blueprints ?

In [None]:
myapp/
│
├── app.py
└── user/
    ├── __init__.py
    └── routes.py

user/routes.py
  from flask import Blueprint

user_bp = Blueprint('user', __name__)

@user_bp.route('/profile')
def profile():
    return "This is the user profile page"

app.py
  from flask import Flask
from user.routes import user_bp

app = Flask(__name__)
app.register_blueprint(user_bp, url_prefix='/user')

@app.route('/')
def home():
    return "Home Page"

if __name__ == '__main__':
    app.run(debug=True)

12.  How do you define a custom Jinja filter in Flask ?
   

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

# Define custom filter
@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]

@app.route('/')
def home():
    return render_template("index.html", name="Flask")

if __name__ == '__main__':
    app.run(debug=True)

Visiting / will show:
   Original: Flask
   Reversed: kslaF

13. How can you redirect with query parameters in Flask ?

In [None]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def home():
    return "Home Page"

@app.route('/profile')
def profile():
    user = request.args.get('user')
    return f"Welcome, {user}!"

@app.route('/go-to-profile')
def go_to_profile():
    # Redirect with query parameter ?user=Alice
    return redirect(url_for('profile', user="Alice"))

if __name__ == '__main__':
    app.run(debug=True)

Visiting /go-to-profile will redirect to:
  /profile?user=Alice

And display:
  Welcome, Alice!

14. How do you return JSON responses in Flask ?

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        "name": "Alice",
        "age": 25,
        "city": "New York"
    }
    return jsonify(data)   # Converts dict → JSON

if __name__ == '__main__':
    app.run(debug=True)

Visiting /api/data will return
 {
  "name": "Alice",
  "age": 25,
  "city": "New York"
}


15. How do you capture URL parameters in Flask ?

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def profile(username):
    return f"Profile page of {username}"

@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"

if __name__ == '__main__':
    app.run(debug=True)