# Web API & Flask — Assignment  
**Submitter Name:** Aasif Majeed  

This notebook answers all questions from the **Web API & Flask assignment** with:
- Question number + exact question statement
- Detailed explanation + practical examples
- Flask code snippets where relevant


---
## 0) Quick Notes
- Some code cells show Flask examples. In Jupyter, you **won't run a real server** inside the notebook, but you can copy the code into `app.py` and run it locally.
---

## 1) Questions & Detailed Answers

### Q1. What is a Web API?

A **Web API (Web Application Programming Interface)** is a set of rules/endpoints that allows one software system (the **client**) to communicate with another system (the **server**) over the web (usually over HTTP/HTTPS).

**What it provides**
- A URL (endpoint) to access a resource or functionality.
- A request/response contract: what data you send and what you get back.

**Example**
- Weather app calls an API endpoint like `/weather?city=Philadelphia` and receives JSON data (temperature, humidity, etc.).


### Q2. How does a Web API differ from a web service?

A **web service** is a broad term for any service available over a network. A **Web API** is a specific type of interface exposed over the web.

Common classroom-style difference:
- **Web service**: often refers to older standards like **SOAP** services (XML-based, strict contracts, WSDL).
- **Web API**: often refers to modern **REST** or HTTP-based APIs (JSON, simpler, resource-based).

**In practice**
- Many REST APIs are also “web services,” but the term “web service” is often used for SOAP-based services in industry discussions.

**Example**
- SOAP: `POST /Service` with XML envelope.
- REST API: `GET /users/12` returning JSON.


### Q3. What are the benefits of using Web APIs in software development?

Benefits of using Web APIs:

1. **Integration & interoperability**
   - Different apps (mobile/web/desktop) can use the same backend services.
2. **Reusability**
   - One API can serve many clients (web app, mobile app, partner systems).
3. **Scalability**
   - API-based architecture supports microservices and scaling parts independently.
4. **Automation**
   - Systems can exchange data automatically (no manual file sharing).
5. **Faster development**
   - Teams can build front-end and back-end in parallel using a clear contract.
6. **Ecosystem building**
   - Public APIs enable third parties to build apps (e.g., Google Maps API).

**Example**
A company builds a payment API once; web checkout and mobile checkout both call the same endpoints.


### Q4. Explain the difference between SOAP and RESTful APIs.

**SOAP vs RESTful APIs**

### SOAP
- Protocol with strict standards.
- Uses **XML** and a structured **SOAP envelope**.
- Often uses **WSDL** for service description (contract).
- Built-in standards for security (WS-Security), reliability, transactions.

### REST
- Architectural style (not a strict protocol).
- Uses HTTP methods and **resource-based URLs**.
- Commonly uses **JSON** (can also use XML).
- Simpler and more lightweight, widely used for web/mobile apps.

**Example**
- SOAP request: XML Envelope sent via POST.
- REST request: `GET /products/10` returns JSON.


### Q5. What is JSON and how is it commonly used in Web APIs?

**JSON (JavaScript Object Notation)** is a lightweight text format for storing and exchanging data.

**Why it's common in Web APIs**
- Human-readable, compact.
- Easy to parse in most languages (Python, Java, JavaScript, etc.).
- Fits naturally with REST responses.

**Example JSON**
```json
{
  "id": 12,
  "name": "Aasif",
  "role": "student"
}
```

In APIs:
- Client sends JSON in request body (POST/PUT).
- Server responds with JSON representing resources.


### Q6. Can you name some popular Web API protocols other than REST?

Popular Web API protocols/approaches other than REST include:
- **SOAP** (XML + WSDL)
- **GraphQL** (query language for APIs; client asks exactly what it needs)
- **gRPC** (high-performance RPC using Protocol Buffers, often over HTTP/2)
- **WebSockets** (bi-directional real-time communication)
- **JSON-RPC / XML-RPC** (remote procedure calls using JSON or XML)
- **OData** (REST-based protocol with query options)

**Example**
- GraphQL: client queries `user { name, email }` in one request.
- gRPC: fast service-to-service calls in microservices.


### Q7. What role do HTTP methods (GET, POST, PUT, DELETE, etc.) play in Web API development?

HTTP methods define the **action** the client wants to perform on a resource.

Common methods:
- **GET**: read data (should not change server state)
- **POST**: create a new resource / submit data
- **PUT**: replace a resource (or create at a known URL)
- **PATCH**: partially update a resource
- **DELETE**: remove a resource

**Why important**
- Makes APIs predictable and standardized.
- Enables caching, security policies, and client expectations.

**Example**
- `GET /users/5` → fetch user
- `POST /users` → create user
- `PUT /users/5` → replace user data
- `DELETE /users/5` → delete user


### Q8. What is the purpose of authentication and authorization in Web APIs?

**Authentication** and **authorization** protect APIs.

- **Authentication (AuthN)**: *Who are you?*
  - Verifies identity (passwords, tokens, OAuth, etc.).

- **Authorization (AuthZ)**: *What are you allowed to do?*
  - After identity is known, check permissions/roles (admin vs user).

**Example**
- A valid JWT token authenticates a user.
- Authorization checks if the user can access `/admin/reports`.


### Q9. How can you handle versioning in Web API development?

API versioning is needed so you can **change the API** without breaking old clients.

Common versioning strategies:
1. **URL versioning** (most common)
   - `/api/v1/users` and `/api/v2/users`
2. **Header versioning**
   - `Accept: application/vnd.company.v2+json`
3. **Query parameter**
   - `/users?version=2` (less preferred)

Best practice:
- Keep old versions supported until clients migrate.
- Clearly document differences.

**Example**
`GET /api/v1/products` returns old structure, while `/api/v2/products` includes extra fields.


### Q10. What are the main components of an HTTP request and response in the context of Web APIs?

### HTTP Request components
- **Method**: GET/POST/PUT/DELETE
- **URL**: endpoint (path + query string)
- **Headers**: metadata (Content-Type, Authorization, Accept, etc.)
- **Body** (optional): data sent (JSON/XML/form data)

### HTTP Response components
- **Status code**: 200, 404, 500, etc.
- **Headers**: Content-Type, Cache-Control, etc.
- **Body**: returned data (JSON/XML/HTML)

**Example**
Request:
- `POST /login`
- Header: `Content-Type: application/json`
- Body: `{ "username": "...", "password": "..." }`

Response:
- Status: `200 OK`
- Body: `{ "token": "..." }`


### Q11. Describe the concept of rate limiting in the context of Web APIs.

**Rate limiting** restricts how many requests a client can make in a given time window to prevent abuse and ensure fairness.

Why it’s used:
- Protects server from overload (DoS, bots).
- Ensures fair usage across users.
- Controls costs (especially for paid APIs).

Common policies:
- 100 requests per minute per API key
- 1000 requests per day per user

Common responses:
- `429 Too Many Requests`
- Headers like `Retry-After`, `X-RateLimit-Remaining`

**Example**
If you exceed 60 requests/min, the API returns 429 and tells you when to retry.


### Q12. How can you handle errors and exceptions in Web API responses?

Handling errors/exceptions in API responses should be consistent and helpful:

Best practices:
1. Use correct **HTTP status codes** (400, 401, 403, 404, 500...)
2. Return a consistent error format (usually JSON):
```json
{
  "error": "ValidationError",
  "message": "email is required",
  "details": {"field": "email"}
}
```
3. Don’t leak sensitive internal info (stack traces) to clients.
4. Log full error details on the server.
5. Provide actionable messages for clients.

**Example**
- Invalid input → `400 Bad Request`
- Missing token → `401 Unauthorized`
- Not allowed → `403 Forbidden`


### Q13. Explain the concept of statelessness in RESTful Web APIs.

**Statelessness** in REST means:
- Each request from client to server contains **all necessary information** to understand and process it.
- The server does **not store client session state** between requests.

Implications:
- Every request includes authentication info (token) if needed.
- Makes scaling easier (any server instance can handle the request).

**Example**
A client sends `Authorization: Bearer <token>` in every request instead of relying on a stored session in server memory.


### Q14. What are the best practices for designing and documenting Web APIs?

Best practices for designing & documenting Web APIs:

### Design best practices
- Use clear, consistent **resource naming** (`/users`, `/orders/123`).
- Use correct HTTP methods and status codes.
- Validate inputs; return helpful errors.
- Use pagination for large lists (`?page=1&limit=50`).
- Use filtering/sorting (`?status=active&sort=-created_at`).
- Version the API for breaking changes.
- Secure endpoints (HTTPS, auth).
- Ensure idempotency where appropriate (PUT/DELETE).

### Documentation best practices
- Provide endpoint descriptions, parameters, example requests/responses.
- Include auth instructions.
- Provide error formats + status code meanings.
- Tools: Swagger / OpenAPI, Postman collections.

**Example**
A well-documented `/api/v1/users` endpoint includes request JSON sample, response sample, and error cases.


### Q15. What role do API keys and tokens play in securing Web APIs?

**API keys** and **tokens** help secure APIs by identifying and controlling access.

- **API Key**
  - Simple credential tied to an app/client.
  - Often used for rate limiting and identifying the client.
  - Usually sent in header: `X-API-Key: ...`

- **Tokens (e.g., JWT, OAuth access token)**
  - Represent user/app authorization.
  - Often short-lived and revocable.
  - Sent as: `Authorization: Bearer <token>`

Security tips:
- Use HTTPS so keys/tokens aren’t exposed.
- Rotate keys, expire tokens, and use scopes/roles.

**Example**
Google APIs often use API keys for basic access; user-specific actions typically require OAuth tokens.


### Q16. What is REST, and what are its key principles?

**REST (Representational State Transfer)** is an architectural style for designing networked applications.

Key principles:
1. **Client–server separation**
2. **Statelessness**
3. **Cacheability**
4. **Uniform interface** (standard methods, resources, representations)
5. **Layered system**
6. (Optional) **Code on demand**

REST uses HTTP methods to operate on **resources** identified by URIs.

**Example**
`GET /books/10` returns a JSON representation of book #10.


### Q17. Explain the difference between RESTful APIs and traditional web services.

RESTful APIs vs traditional web services (often SOAP):

### RESTful APIs
- Resource-based URLs
- HTTP methods (GET/POST/PUT/DELETE)
- Typically JSON
- Lightweight, flexible, easy to consume

### Traditional web services (SOAP)
- Operation-based (function calls)
- XML envelopes + strict schema
- Uses WSDL contracts
- Heavier but can offer strong enterprise features

**Example**
- REST: `GET /customers/5`
- SOAP: `GetCustomerById` operation with XML request/response


### Q18. What are the main HTTP methods used in RESTful architecture, and what are their purposes?

Main HTTP methods in RESTful architecture and purposes:

- **GET**: Retrieve a resource or list of resources (safe, idempotent)
- **POST**: Create a resource or trigger an action (not idempotent)
- **PUT**: Replace a resource entirely (idempotent)
- **PATCH**: Update part of a resource (often not strictly idempotent, but can be)
- **DELETE**: Remove a resource (idempotent)

**Example**
- `POST /orders` creates an order.
- `PUT /orders/99` replaces order 99 details.


### Q19. Describe the concept of statelessness in RESTful APIs.

Statelessness in RESTful APIs (again, emphasized):

- Server does not store client session context.
- Each request includes everything needed (auth token, request data).

Benefits:
- Easier scaling and load balancing
- Fewer server-side memory/session issues

Downside:
- Client must send auth token each time.
- Some workflows need tokens or client-side state management.

**Example**
Mobile app stores JWT token and sends it in every API call.


### Q20. What is the significance of URIs (Uniform Resource Identifiers) in RESTful API design?

URIs are important because they uniquely identify **resources** in REST.

Good URI design:
- Use nouns (resources), not verbs (actions).
- Use hierarchical structure.
- Keep it consistent.

Examples:
- Good: `/users/12/orders`
- Avoid: `/getUserOrders?userId=12` (verb-based)

URIs make APIs predictable and self-descriptive, which improves developer experience.


### Q21. Explain the role of hypermedia in RESTful APIs. How does it relate to HATEOAS?

**Hypermedia** means the API response includes links that guide the client to related actions/resources.

**HATEOAS** (Hypermedia As The Engine Of Application State) is a REST constraint where:
- The client discovers what to do next via links returned by the server.

Example response:
```json
{
  "id": 12,
  "name": "Aasif",
  "links": [
    {"rel": "self", "href": "/users/12"},
    {"rel": "orders", "href": "/users/12/orders"}
  ]
}
```

Benefit:
- Client relies less on hardcoded URL rules and can follow links dynamically.


### Q22. What are the benefits of using RESTful APIs over other architectural styles?

Benefits of RESTful APIs:
- **Simplicity**: uses standard HTTP methods
- **Lightweight**: JSON is compact and fast
- **Scalable**: stateless design supports horizontal scaling
- **Cacheable**: GET responses can be cached
- **Wide compatibility**: works with browsers, mobile, and many languages
- **Easy to test**: curl/Postman

**Example**
A mobile app can call REST endpoints easily without heavy SOAP tooling.


### Q23. Discuss the concept of resource representations in RESTful APIs.

A **resource representation** is the data format used to represent a resource in an API response.

- Same resource can be represented in different formats:
  - JSON, XML, HTML, etc.
- Client typically requests representation using the `Accept` header.

Example:
- Resource: User #12
- Representation (JSON):
```json
{"id": 12, "name": "Aasif"}
```

This is why REST is called *Representational* State Transfer: clients transfer representations of resources.


### Q24. How does REST handle communication between clients and servers?

REST handles communication using a client–server model over HTTP/HTTPS:

- Client sends HTTP request to a resource URI.
- Server returns an HTTP response with status code + representation.

REST relies on a **uniform interface**:
- Standard HTTP methods
- Standard status codes
- Content negotiation (Accept header)

**Example**
Client: `GET /products/10`
Server: `200 OK` with JSON describing product 10.


### Q25. What are the common data formats used in RESTful API communication?

Common data formats for RESTful API communication:
- **JSON** (most common)
- **XML**
- **Form-encoded data** (`application/x-www-form-urlencoded`)
- **Multipart/form-data** (file uploads)
- **Plain text**
- Sometimes: **Protocol Buffers** (less common in pure REST, more in gRPC)

**Example**
A POST request often uses JSON body with `Content-Type: application/json`.


### Q26. Explain the importance of status codes in RESTful API responses.

Status codes tell the client the result of the request in a standard way.

Important categories:
- **2xx Success**
  - 200 OK, 201 Created, 204 No Content
- **3xx Redirect**
  - 301, 302
- **4xx Client errors**
  - 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 409 Conflict, 429 Too Many Requests
- **5xx Server errors**
  - 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable

**Example**
If a user tries to access a missing resource:
- `GET /users/9999` → `404 Not Found`


### Q27. Describe the process of versioning in RESTful API development.

Process of versioning in RESTful API development:

1. Decide when versioning is needed:
   - **breaking change** (response field removed/renamed, behavior changes)
2. Choose versioning strategy:
   - URL-based `/api/v1/...` (common)
   - Header-based (media type)
3. Maintain backwards compatibility when possible:
   - Add new fields instead of removing old ones
4. Deprecate old versions:
   - Communicate timeline
   - Provide migration guide
5. Monitor usage and remove old versions safely.

**Example**
Introduce `/api/v2/users` where `fullName` replaces `firstName` + `lastName` (breaking change).


### Q28. How can you ensure security in RESTful API development? What are common authentication methods?

Security in RESTful APIs:

**Core practices**
- Use **HTTPS** always.
- Validate and sanitize input (prevent injection).
- Use strong authentication + authorization.
- Rate limit and throttle.
- Log and monitor suspicious activity.
- Apply least privilege (roles/scopes).

**Common authentication methods**
- **API keys** (app-level)
- **JWT tokens** (stateless auth)
- **OAuth 2.0** (delegated authorization)
- Basic Auth (only over HTTPS; less ideal for modern apps)

**Example**
A typical secure API uses OAuth/JWT + role checks:
- Only admins can call `DELETE /users/{id}`.


### Q29. What are some best practices for documenting RESTful APIs?

Best practices for documenting RESTful APIs:
- Use **OpenAPI/Swagger** to define endpoints, params, schemas.
- Provide examples for requests and responses.
- Document authentication requirements.
- Document error formats and status codes.
- Provide pagination/filter/sort documentation.
- Keep docs versioned along with API versions.
- Provide quick-start guide + Postman collection if possible.

**Example**
Swagger UI lets developers try endpoints interactively and see schemas.


### Q30. What considerations should be made for error handling in RESTful APIs?

Error handling considerations for RESTful APIs:

- Use consistent JSON error structure:
  - `error`, `message`, `details`, `request_id`
- Use correct status codes:
  - 400 for validation errors
  - 401/403 for auth issues
  - 404 for missing resources
  - 409 for conflicts
  - 500 for unexpected server errors
- Don’t expose stack traces to clients.
- Log errors with correlation IDs for debugging.
- Handle edge cases (invalid JSON, missing fields, type errors).

**Example**
For invalid email input:
- Response: `400 Bad Request` with `{ "error": "ValidationError", "message": "Invalid email" }`


### Q31. What is SOAP, and how does it differ from REST?

**SOAP (Simple Object Access Protocol)** is a protocol for exchanging structured information in web services.

SOAP vs REST:
- SOAP is a **protocol** with strict rules; REST is an **architectural style**.
- SOAP uses **XML envelope** always; REST can use JSON/XML.
- SOAP often uses **WSDL** to define operations and message formats.
- SOAP supports enterprise standards like WS-Security, transactions, reliability.

**Example**
SOAP request is always wrapped in an XML envelope, while REST can be a simple GET request returning JSON.


### Q32. Describe the structure of a SOAP message.

SOAP message structure (XML) typically has:

1. **Envelope** (root element)  
2. **Header** (optional): metadata like security, auth, transaction info  
3. **Body**: actual request/response payload  
4. **Fault** (optional): error info

Simplified example:
```xml
<soap:Envelope>
  <soap:Header>
    <!-- security/auth/etc -->
  </soap:Header>
  <soap:Body>
    <GetUser>
      <UserId>12</UserId>
    </GetUser>
  </soap:Body>
</soap:Envelope>
```


### Q33. How does SOAP handle communication between clients and servers?

SOAP communication is typically:
- Client sends a **SOAP XML message** (usually via HTTP POST) to a service endpoint.
- Server processes the request and returns a SOAP XML response.

SOAP is operation-based:
- You call defined operations like `GetUser`, `CreateOrder` (like remote functions).

SOAP is often used with WSDL:
- WSDL defines the operations and message schemas, allowing auto-generated client stubs.

**Example**
A Java client can generate SOAP client classes directly from WSDL and call methods like normal functions.


### Q34. What are the advantages and disadvantages of using SOAP-based web services?

Advantages of SOAP:
- Strong formal contract with **WSDL**
- Built-in enterprise features: WS-Security, reliable messaging, transactions
- Strict schemas → good for large enterprise integration
- Works well in regulated environments needing strict standards

Disadvantages of SOAP:
- Verbose XML (large payloads, slower)
- More complex tooling and setup
- Less “web-friendly” for lightweight mobile/web apps compared to REST
- Usually harder to debug manually than REST + JSON

**Example**
Banking/legacy enterprise systems may use SOAP due to strong standards and contracts.


### Q35. How does SOAP ensure security in web service communication?

SOAP supports security mainly through **WS-Security**, which can provide:
- Message integrity (digital signatures)
- Message confidentiality (encryption)
- Authentication tokens embedded in headers
- End-to-end security even if message passes through intermediaries

Additionally:
- SOAP services often run over **HTTPS** too.
- SOAP headers can carry security credentials and signatures.

**Example**
A SOAP message can be signed and encrypted so that even if it passes through proxies, it remains protected.


### Q36. What is Flask, and what makes it different from other web frameworks?

**Flask** is a lightweight Python **micro web framework** used to build web applications and APIs.

Why it’s different:
- Minimal and flexible: you add only what you need.
- Uses Werkzeug (WSGI toolkit) + Jinja2 templates.
- Great for small to medium apps, prototypes, and APIs.

Compared to larger frameworks (like Django):
- Flask gives you more freedom; Django includes many built-in features (ORM, admin, etc.).

**Example**
You can create a simple Flask app in ~10 lines and build routes that return JSON.


### Q37. Describe the basic structure of a Flask application.

Basic structure of a Flask app:

- Create a Flask application object.
- Define routes with decorators (`@app.route(...)`).
- Run the app (development server).

Common structure:
```
project/
  app.py
  templates/
    index.html
  static/
    style.css
```
- `templates/` for HTML templates (Jinja2)
- `static/` for CSS/JS/images

Below is the minimum Flask app (see code cell).


### Q38. How do you install Flask on your local machine?

Installing Flask locally (common ways):

### Option 1: Using pip (recommended)
1. Create a virtual environment:
```bash
python -m venv venv
```
2. Activate it:
- macOS/Linux: `source venv/bin/activate`
- Windows: `venv\Scripts\activate`
3. Install Flask:
```bash
pip install flask
```

### Option 2: Using conda
```bash
conda create -n flaskenv python=3.11
conda activate flaskenv
conda install -c conda-forge flask
```

Verify:
```bash
python -c "import flask; print(flask.__version__)"
```


### Q39. Explain the concept of routing in Flask.

**Routing** maps a URL path to a Python function (view). In Flask, routing is done using decorators like:

```python
@app.route("/hello")
def hello():
    return "Hello"
```

Routing supports:
- Variables in the path:
  - `/users/<int:id>`
- Different methods:
  - `methods=["GET", "POST"]`
- Query parameters:
  - `/search?q=flask` accessed via `request.args.get("q")`

**Example**
- `GET /users/12` calls a function that returns user 12.


### Q40. What are Flask templates, and how are they used in web development?

**Flask templates** are HTML files (usually in a `templates/` folder) rendered using **Jinja2**, Flask’s templating engine.

Why templates are used:
- Generate dynamic HTML pages using variables and control structures.
- Avoid repeating HTML by using template inheritance (base layout).

Example template usage:
- Python passes data to template:
```python
return render_template("profile.html", name="Aasif")
```
- Template uses variable:
```html
<h1>Hello {{ name }}</h1>
```

Templates are mainly for building web pages; for APIs you often return JSON with `jsonify()`.


---
# Flask Code Examples (Copy-Paste Ready)
---

## Example 1: Minimal Flask app (Hello World)

In [2]:
# app.py
from flask import Flask

app = Flask(__name__)

@app.route("/")
def home():
    return "Hello, Flask!"

if __name__ == "__main__":
    # Debug=True auto-reloads in development
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with watchdog (fsevents)
Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/opt/anaconda3/lib/python3.12/site-packages/ipykernel_launcher.py", line 18, in <module>
    app.launch_new_instance()
  File "/opt/anaconda3/lib/python3.12/site-packages/traitlets/config/application.py", line 1074, in launch_instance
    app.initialize(argv)
  File "/opt/anaconda3/lib/python3.12/site-packages/traitlets/config/application.py", line 118, in inner
    return method(app, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/anaconda3/lib/python3.12/site-packages/ipykernel/kernelapp.py", line 692, in initialize
    self.init_sockets()
  File "/opt/anaconda3/lib/python3.12/site-packages/ipykernel/kernelapp.py", line 331, in init_sockets
    self.shell_port = self._bind_socket(self.shell_socket, self.shell_port)
       

SystemExit: 1

## Example 2: REST-style JSON API with GET/POST/PUT/DELETE

In [None]:
# app.py
from flask import Flask, request, jsonify, abort

app = Flask(__name__)

# In-memory data store (for demo)
USERS = {
    1: {"id": 1, "name": "Aasif"},
    2: {"id": 2, "name": "Alex"}
}

@app.get("/api/v1/users")
def list_users():
    return jsonify(list(USERS.values()))

@app.get("/api/v1/users/<int:user_id>")
def get_user(user_id):
    user = USERS.get(user_id)
    if not user:
        abort(404, description="User not found")
    return jsonify(user)

@app.post("/api/v1/users")
def create_user():
    data = request.get_json(silent=True) or {}
    name = data.get("name")
    if not name:
        abort(400, description="Field 'name' is required")
    new_id = max(USERS.keys()) + 1 if USERS else 1
    USERS[new_id] = {"id": new_id, "name": name}
    return jsonify(USERS[new_id]), 201

@app.put("/api/v1/users/<int:user_id>")
def replace_user(user_id):
    if user_id not in USERS:
        abort(404, description="User not found")
    data = request.get_json(silent=True) or {}
    name = data.get("name")
    if not name:
        abort(400, description="Field 'name' is required")
    USERS[user_id] = {"id": user_id, "name": name}
    return jsonify(USERS[user_id])

@app.delete("/api/v1/users/<int:user_id>")
def delete_user(user_id):
    if user_id not in USERS:
        abort(404, description="User not found")
    USERS.pop(user_id)
    return "", 204

# Consistent error responses
@app.errorhandler(400)
@app.errorhandler(404)
@app.errorhandler(500)
def handle_error(err):
    code = getattr(err, "code", 500)
    return jsonify({
        "error": err.__class__.__name__,
        "message": getattr(err, "description", "Unexpected error")
    }), code

if __name__ == "__main__":
    app.run(debug=True)


## Example 3: Authentication with a simple Bearer token check (demo)

In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

# Demo token (never hardcode in real apps)
VALID_TOKEN = "MY_DEMO_TOKEN"

def require_token():
    auth = request.headers.get("Authorization", "")
    # Expected format: "Bearer <token>"
    if not auth.startswith("Bearer "):
        return False
    token = auth.split(" ", 1)[1].strip()
    return token == VALID_TOKEN

@app.get("/api/v1/secure-data")
def secure_data():
    if not require_token():
        return jsonify({"error": "Unauthorized", "message": "Missing/invalid token"}), 401
    return jsonify({"secret": "This is protected data"})

if __name__ == "__main__":
    app.run(debug=True)


## Example 4: Flask templates (Jinja2)

In [None]:
# app.py
from flask import Flask, render_template

app = Flask(__name__)

@app.route("/profile/<name>")
def profile(name):
    # profile.html should be inside templates/ folder
    return render_template("profile.html", name=name)

if __name__ == "__main__":
    app.run(debug=True)



### templates/profile.html

In [None]:
<!doctype html>
<html>
  <head>
    <title>Profile</title>
  </head>
  <body>
    <h1>Hello {{ name }}!</h1>
    <p>This page was rendered using a Flask template (Jinja2).</p>
  </body>
</html>
