#Restful API & Flask

Q1. What is a RESTful API?

---> A RESTful API (Representational State Transfer) is a web service that uses HTTP methods like GET, POST, PUT, and DELETE to allow communication between systems. It follows REST principles, making it simple, stateless, and easy to use for accessing and manipulating resources (like data) over the web.

Q2. Explain the concept of API specification.

---> An API specification is a detailed document or blueprint that defines how an API works. It outlines:

Endpoints: The URLs used to access the API.

Methods: HTTP actions like GET, POST, PUT, DELETE.

Request format: What data the client must send (e.g., headers, parameters, body).

Response format: What data the server will return (e.g., status codes, JSON structure).

Authentication: How users or systems must prove their identity (e.g., API keys, tokens).

In short, an API specification ensures developers know how to properly interact with an API without needing to see its internal code. Examples include OpenAPI (Swagger) and RAML.

Q3. What is Flask, and why is it popular for building APIs?

---> Flask is a lightweight Python web framework used to build web applications and APIs. It is especially popular for building APIs because:

Minimal and flexible: It provides the basics, letting developers add only what they need.

Easy to learn: Simple syntax and clear structure make it great for beginners and small projects.

Built-in support for routing: Makes it easy to define API endpoints.

Extensible: Supports many extensions for databases, authentication, and more.

Good for rapid development: Ideal for quickly building and testing RESTful APIs.

In short, Flask is popular because it’s simple, powerful, and gives developers full control over how they build their APIs.

Q4. What is routing in Flask?

---> Routing in Flask is the process of mapping URLs to functions in your Python code. These functions are called view functions, and they define what should happen when a user visits a specific URL.

Q5. How do you create a simple Flask applicatio?

---> To create a simple Flask application, follow these steps:

1. Install Flask (if not already installed)


In [None]:
pip install flask


2. Create a Python file (e.g., app.py) with this code:

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return 'Hello, Flask!'

if __name__ == '__main__':
    app.run(debug=True)


3. Run the app

In [None]:
python app.py


4. Open your browser
Visit http://127.0.0.1:5000/ — you'll see "Hello, Flask!"

This is a basic Flask app with:

One route (/)

One view function (home) that returns a message


Q6. What are HTTP methods used in RESTful APIs?

---> The main HTTP methods used in RESTful APIs are:

GET – Retrieves data from the server
🔹 Example: Get user details

POST – Sends data to the server to create a new resource
🔹 Example: Create a new user

PUT – Updates an existing resource completely
🔹 Example: Update all user info

PATCH – Updates part of a resource
🔹 Example: Update only the user’s email

DELETE – Removes a resource from the server
🔹 Example: Delete a user

These methods align with CRUD operations (Create, Read, Update, Delete) in RESTful design.

Q7. What is the purpose of the @app.route() decorator in Flask?

---> The @app.route() decorator in Flask is used to link a URL path to a specific function (called a view function).

🔹 Purpose:
It tells Flask:
“When this URL is requested, run this function.”

In [None]:
@app.route('/hello')
def hello():
    return "Hello, World!"


When you visit /hello in the browser, Flask runs the hello() function and returns the response.

In short, @app.route() is how you define routes (endpoints) in a Flask app.

Q8. What is the difference between GET and POST HTTP methods?

---> The GET and POST methods are two commonly used HTTP methods in RESTful APIs. GET is used to retrieve data from the server and sends parameters in the URL, making it visible in the browser and suitable for read-only operations. It is cacheable and idempotent, meaning it doesn't change any server data. On the other hand, POST is used to send data to the server, usually to create or update resources. It sends data in the request body, making it more secure for sensitive information. POST requests are not cached and are not idempotent, as each request can result in a different change on the server.

Q9.  How do you handle errors in Flask APIs?

---> In Flask APIs, errors are handled using:

1. try-except blocks
Used inside routes to catch and manage specific exceptions.

In [None]:
@app.route('/divide')
def divide():
    try:
        result = 10 / 0
        return {'result': result}
    except ZeroDivisionError:
        return {'error': 'Cannot divide by zero'}, 400


2. Custom error handlers
Use @app.errorhandler() to define responses for common HTTP errors.

In [None]:
@app.errorhandler(404)
def not_found(e):
    return {'error': 'Resource not found'}, 404


3. Returning proper status codes and messages
Always return meaningful messages and correct HTTP status codes.

In [None]:
return {'error': 'Invalid input'}, 400


In short: Flask handles errors using try-except, custom error handlers, and proper HTTP status codes to improve API reliability and user feedback.

Q10. How do you connect Flask to a SQL database?

---> Configure the database URI in Flask settings.

Use Flask-SQLAlchemy to define models and manage database operations.

Create tables and use the ORM to add, query, and modify data.

You can also connect to other databases like MySQL, PostgreSQL by changing the URI accordingly.

Q11. What is the role of Flask-SQLAlchemy?

---> Flask-SQLAlchemy is an extension that integrates SQLAlchemy with Flask to make working with databases easier and more Pythonic.

Role of Flask-SQLAlchemy:
Provides a simple and powerful ORM (Object-Relational Mapping) layer so you can interact with databases using Python classes instead of raw SQL queries.

Manages database connections and sessions within the Flask app context.

Simplifies configuration and setup of the database with Flask’s app settings.

Helps with creating, querying, updating, and deleting database records through Python objects.

Supports multiple databases like SQLite, MySQL, PostgreSQL, etc., by just changing the configuration.

In short, Flask-SQLAlchemy bridges Flask and SQLAlchemy for smooth and efficient database operations in Flask applications.

Q12. What are Flask blueprints, and how are they useful?

---> Flask Blueprints are a way to organize and structure a Flask application into reusable, modular components. Each blueprint can contain its own routes, templates, static files, and other code.

How they work:
You define routes inside a blueprint, then register it with the main Flask app.

In [None]:
from flask import Blueprint

user_bp = Blueprint('user', __name__)

@user_bp.route('/profile')
def profile():
    return "User Profile"

# In main app file
app.register_blueprint(user_bp, url_prefix='/user')


This way, URLs under /user are handled by the user_bp blueprint.

Q13. What is the purpose of Flask's request object?

---> Flask’s request object represents the incoming HTTP request from the client.

Purpose:
It lets you access data sent by the client, such as:

Query parameters (request.args)

Form data (request.form)

JSON payload (request.json)

Headers (request.headers)

Cookies (request.cookies)

Provides information about the request, like method (GET, POST), URL, and more.

Used inside route functions to read what the client sent and handle it accordingly.

Q14. How do you create a RESTful API endpoint using Flask?

---> To create a RESTful API endpoint using Flask, you define a route with the @app.route() decorator and write a function that handles HTTP methods like GET or POST. Here’s a simple example:

In [None]:
from flask import Flask, jsonify, request

app = Flask(__name__)

# Example data
users = [
    {'id': 1, 'name': 'Alice'},
    {'id': 2, 'name': 'Bob'}
]

# GET endpoint to fetch all users
@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users)

# POST endpoint to add a new user
@app.route('/users', methods=['POST'])
def add_user():
    new_user = request.json  # Get JSON data from request body
    users.append(new_user)
    return jsonify(new_user), 201  # 201 Created status

if __name__ == '__main__':
    app.run(debug=True)


Q15. What is the purpose of Flask's jsonify() function?

---> Flask’s jsonify() function is used to convert Python data (like dictionaries or lists) into a JSON-formatted HTTP response.

Purpose:
It serializes Python objects to JSON.

Sets the correct Content-Type header (application/json) automatically.

Makes it easy to return JSON responses from your Flask API endpoints.

Q16. Explain Flask’s url_for() function.

--->Flask’s url_for() function is used to generate URLs dynamically for a given view (function) based on its name.

Why use url_for()?
It builds URLs for your routes without hardcoding them, so if you change the route later, your links still work.

It helps keep your code clean and maintainable.

It can generate URLs with dynamic parts or query parameters.

Q17. How does Flask handle static files (CSS, JavaScript, etc.)?

---> Flask handles static files (like CSS, JavaScript, images) using a special folder named static in your project directory.

How it works:
By default, Flask serves files placed inside the static folder at the URL path /static/.

For example, a file static/style.css can be accessed in the browser at /static/style.css.

How to use in templates:
You can link static files using url_for('static', filename='style.css') in your HTML:


In [None]:
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">


Q18. What is an API specification, and how does it help in building a Flask API?

---> An API specification is a detailed, formal document or blueprint that describes how an API works — including its endpoints, request methods, input/output formats, authentication, and error handling. It defines what the API expects and returns, often using standards like OpenAPI (Swagger).

How it helps in building a Flask API:
Clear contract: Provides a clear guide for developers on how to design and implement the API endpoints.

Consistency: Ensures all routes follow a consistent structure and data format.

Collaboration: Helps front-end and back-end teams work together by agreeing on the API behavior upfront.

Validation & Testing: Enables automatic validation of requests/responses and easier automated testing.

Documentation: Can be used to generate API docs for users.

Q19. What are HTTP status codes, and why are they important in a Flask API?

---> HTTP status codes are standardized numeric codes sent by a server in response to a client’s request, indicating the result of that request.

Why are they important in a Flask API?
Communicate outcome: They tell the client if the request was successful, failed, or needs further action (e.g., 200 OK, 404 Not Found, 500 Internal Server Error).

Help clients handle responses: Clients can decide what to do based on the status code (retry, show error, etc.).

Improve API clarity: Clear status codes make APIs easier to understand and debug.

Support RESTful principles: Using proper status codes is a key part of REST API design.

Q20. How do you handle POST requests in Flask?

--->To handle POST requests in Flask, you:

Define a route with methods=['POST'] in the @app.route() decorator.

Use Flask’s request object to access the data sent by the client (e.g., form data or JSON).

In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])
def submit():
    data = request.json  # Get JSON payload sent in the request body
    # Process data here
    return jsonify({'message': 'Data received', 'data': data}), 201


Q21. How would you secure a Flask API?

--->Securing a Flask API involves multiple layers of protection. Here are key ways to secure it:

Authentication & Authorization
Use methods like API keys, OAuth, or JWT (JSON Web Tokens) to verify and control who can access your API.

Use HTTPS
Always serve your API over HTTPS to encrypt data in transit and prevent eavesdropping.

Input Validation & Sanitization
Validate and sanitize all incoming data to prevent injection attacks (SQL injection, XSS).

Rate Limiting
Implement rate limiting (e.g., with Flask-Limiter) to prevent abuse and DDoS attacks.

Error Handling
Avoid exposing sensitive information in error messages.

Q22. What is the significance of the Flask-RESTful extension?

--->The Flask-RESTful extension is designed to simplify building RESTful APIs with Flask by providing useful tools and abstractions.

Significance of Flask-RESTful:
Resource-based routing: Lets you define API endpoints as classes (resources) instead of just functions, making code more organized.

Built-in request parsing: Provides easy ways to parse and validate input data with reqparse.

Automatic HTTP method handling: Supports methods like GET, POST, PUT, DELETE within resource classes cleanly.

Better response formatting: Helps return JSON responses easily with proper status codes.

Error handling: Simplifies handling and customizing API errors.

Q23. What is the role of Flask’s session object?

--->Flask’s session object is used to store data specific to a user’s session between requests. It allows you to keep information (like user login status, preferences, or temporary data) across multiple requests without needing a database for short-term storage.

Key points about session:
Data is stored client-side in a secure cookie (signed to prevent tampering).

You can save small amounts of data, such as user IDs or flags.

Useful for implementing features like user authentication, shopping carts, or flash messages.

#Practical
Q1.  How do you create a basic Flask application?

Creating a basic Flask application is simple. Here’s how you do it step-by-step:

Install Flask (if not already installed):




In [None]:
pip install flask


Create a Python file (e.g., app.py) with this code:

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)


Run the application:

In [None]:
python app.py


Open your browser and go to http://127.0.0.1:5000/ to see the message "Hello, Flask!"

Q2. How do you serve static files like images or CSS in Flask?

---> In Flask, static files like images, CSS, and JavaScript are served from a special folder named static by default.

How to serve static files:
Place your files inside a folder called static in your project directory. For example:

In [None]:
/static/style.css
/static/logo.png


Access them in your app via the URL path /static/filename. For example:

http://localhost:5000/static/style.css

http://localhost:5000/static/logo.png


Use url_for in templates to link static files safely:




In [None]:
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
<img src="{{ url_for('static', filename='logo.png') }}" alt="Logo">


Q3.  How do you define different routes with different HTTP methods in Flask?

--->In Flask, you define routes with different HTTP methods by specifying the methods parameter in the @app.route() decorator.

In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/item', methods=['GET'])
def get_item():
    return "This is a GET request"

@app.route('/item', methods=['POST'])
def create_item():
    data = request.json
    return f"Received data: {data}", 201


Q4. How do you render HTML templates in Flask?

--->

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == '__main__':
    app.run(debug=True)


Q5. How can you generate URLs for routes in Flask using url_for?

In [None]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/user/<username>')
def profile(username):
    return f"User: {username}"

with app.test_request_context():
    print(url_for('profile', username='alice'))  # Output: /user/alice

if __name__ == '__main__':
    app.run(debug=True)


Q6. How do you handle forms in Flask?

In [None]:
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form.get('name')
        return f"Hello, {name}!"
    return render_template('form.html')

if __name__ == '__main__':
    app.run(debug=True)


Q7.  How can you validate form data in Flask?

--->

In [None]:
from flask import Flask, request, render_template, flash, redirect, url_for
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired, Length

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Needed for Flask-WTF CSRF protection and flashing

class NameForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired(), Length(min=2, max=20)])
    submit = SubmitField('Submit')

@app.route('/form', methods=['GET', 'POST'])
def form():
    form = NameForm()
    if form.validate_on_submit():
        name = form.name.data
        flash(f'Hello, {name}!', 'success')
        return redirect(url_for('form'))
    return render_template('form.html', form=form)

if __name__ == '__main__':
    app.run(debug=True)


And the templates/form.html:

In [None]:
<!doctype html>
<html>
  <body>
    {% with messages = get_flashed_messages(with_categories=true) %}
      {% if messages %}
        <ul>
          {% for category, message in messages %}
            <li class="{{ category }}">{{ message }}</li>
          {% endfor %}
        </ul>
      {% endif %}
    {% endwith %}

    <form method="POST">
      {{ form.hidden_tag() }}
      {{ form.name.label }} {{ form.name(size=20) }}
      {% for error in form.name.errors %}
        <span style="color: red;">[{{ error }}]</span>
      {% endfor %}
      {{ form.submit() }}
    </form>
  </body>
</html>


Q8. How do you manage sessions in Flask?

--->

In [None]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Required to use sessions

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    session['username'] = username  # Store username in session
    return f"Logged in as {username}"

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Welcome, {session['username']}!"
    return redirect(url_for('login'))

@app.route('/logout')
def logout():
    session.pop('username', None)  # Remove username from session
    return "You have been logged out."

if __name__ == '__main__':
    app.run(debug=True)


Q9. How do you redirect to a different route in Flask?



In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "Home Page"

@app.route('/go-to-home')
def go_to_home():
    return redirect(url_for('home'))

if __name__ == '__main__':
    app.run(debug=True)


Q10. How do you handle errors in Flask (e.g., 404)?



In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
<!doctype html>
<html>
  <body>
    <h1>404 Error</h1>
    <p>Sorry, the page you requested was not found.</p>
  </body>
</html>


Q11.  How do you structure a Flask app using Blueprints?



In [None]:
# app.py
from flask import Flask
from user_routes import user_bp

app = Flask(__name__)
app.register_blueprint(user_bp, url_prefix='/users')

@app.route('/')
def home():
    return "Home Page"

if __name__ == '__main__':
    app.run(debug=True)


In [None]:
# user_routes.py
from flask import Blueprint

user_bp = Blueprint('user', __name__)

@user_bp.route('/')
def user_home():
    return "User Home"

@user_bp.route('/profile')
def profile():
    return "User Profile"


Q12. How do you define a custom Jinja filter in Flask?



In [None]:
from flask import Flask

app = Flask(__name__)

# Define a custom filter function
def reverse_string(s):
    return s[::-1]

# Register the custom filter with Flask
app.jinja_env.filters['reverse'] = reverse_string

@app.route('/')
def home():
    sample_text = "Hello Flask"
    return f"Original: {sample_text} | Reversed: {{ sample_text | reverse }}"

if __name__ == '__main__':
    app.run(debug=True)


To use the filter in a template (templates/index.html):

In [None]:
<!doctype html>
<html>
  <body>
    <p>Original: {{ sample_text }}</p>
    <p>Reversed: {{ sample_text | reverse }}</p>
  </body>
</html>


And update the route to render the template:

In [None]:
from flask import render_template

@app.route('/')
def home():
    sample_text = "Hello Flask"
    return render_template('index.html', sample_text=sample_text)


Q13. How can you redirect with query parameters in Flask?



In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/search')
def search():
    # Imagine this shows search results based on query parameter 'q'
    return "Search results page"

@app.route('/go-search')
def go_search():
    # Redirect to /search with query parameter q=flask
    return redirect(url_for('search', q='flask'))

if __name__ == '__main__':
    app.run(debug=True)


Q14. How do you return JSON responses in Flask?


In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def data():
    response = {
        'name': 'Alice',
        'age': 30,
        'city': 'New York'
    }
    return jsonify(response)

if __name__ == '__main__':
    app.run(debug=True)


Q15. How do you capture URL parameters in Flask?

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def user_profile(username):
    return f"Profile page of {username}"

@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Showing post with ID: {post_id}"

if __name__ == '__main__':
    app.run(debug=True)
