# **Restful API and Flask Assignment**

# **Theory Question**

# Ques 1. What is a RESTful API
- A **RESTful API** is a way of designing web services that allows different software systems to communicate over the web using **HTTP protocols**. It follows the principles of **REST (Representational State Transfer)**, which is an architectural style for designing networked applications.

- **Key Concepts of RESTful APIs**

**1. Resources**

- Everything in REST is considered a resource, identified by a URI (Uniform Resource Identifier).

- Example: /users (all users), /users/1 (user with ID 1).

**2. HTTP Methods**

- REST uses standard HTTP methods to perform operations on resources:

a. GET- Retrieve data	, Example- GET /users

b. POST- Create data, Example POST /users

c. PUT- Update data, Example- PUT /users/1

d. PATCH- Partial update, Example- PATCH /users/1

e. DELETE- Remove data, Example-DELETE /users/1

**3. Stateless**

- Each request from client to server must contain all information needed.

- Server does not store client session between requests.

**4. JSON or XML Responses**

- Data is usually sent in JSON format (lightweight and easy to parse).

- Example: { "id": 1, "name": "Ankita" }

**5. Uniform Interface**

- REST emphasizes a consistent structure for URLs, responses, and methods.

**6. Client-Server Architecture**

- The client and server are independent; the client only requests resources, the server only serves them.

# Ques 2. Explain the concept of API specification
  - An **API specification** is a formal document or blueprint that defines how an API behaves and how clients should interact with it. It acts as a contract between the API provider (server) and the consumer (client), describing endpoints, request/response formats, parameters, authentication, and error handling.

**Key Concepts of API Specification**

**1. Endpoints**

- Defines the URL paths where the API can be accessed.

- Example: /users, /users/{id}, /login.

**2. HTTP Methods**

- Specifies which methods are allowed on each endpoint:

a. GET → Retrieve data

b. POST → Create data

c. PUT/PATCH → Update data

d. DELETE → Remove data

**3. Request Parameters**

- Defines what input the API expects:

- Path parameters: /users/{id}

- Query parameters: /users?page=2

- Body parameters: JSON or form data for POST/PUT requests

**4. Response Format**

- Specifies the structure of data returned by the API (usually JSON):

           {
                  "id": 1,
                  "name": "Ankita",
                  "email": "ankita@example.com"
          }


**5. Status Codes**

- Defines possible HTTP status codes for different outcomes:

a. 200 OK → Success

b. 201 Created → Resource created

c. 400 Bad Request → Invalid input

d. 404 Not Found → Resource not found

e. 500 Internal Server Error → Server error

**6. Authentication & Authorization**

- Specifies if API requires authentication (e.g., API key, OAuth token).

**7. Error Handling**

- Describes error messages and formats, so clients know how to respond.

# Ques 3. What is Flask, and why is it popular for building APIs
   - **Flask** is a lightweight and flexible Python web framework used to build web applications and APIs. It is classified as a “microframework” because it provides the core features needed for web development without enforcing a specific project structure or including additional libraries by default.

**Key Features of Flask**

**1. Lightweight & Minimalistic**

- Provides only essential tools for routing, request handling, and templating.

- Developers can add only the extensions they need.

**2. Flexible & Modular**

- No restrictions on folder structure or project design.

- Supports Blueprints to modularize large applications.

**3. Built-in Development Server & Debugger**

- Easy to run and test applications.

- Debug mode provides automatic reloading and detailed error messages.

**4. Supports RESTful APIs**

- Works well with JSON responses, HTTP methods, and URL routing.

**5. Extensible**

- Many extensions available for databases, authentication, form validation, and more.

**6. Jinja2 Templating**

- Supports rendering dynamic HTML templates.

**Why Flask is Popular for Building APIs**

**1. Lightweight & Fast to Develop**

- Minimal boilerplate lets developers build APIs quickly.

**2. Flexible Routing**

- Easy to define endpoints for GET, POST, PUT, DELETE, etc.

**3. Supports JSON & REST**

- jsonify() makes returning JSON responses simple.

- Perfect for RESTful APIs.

**4. Extensive Community & Documentation**

- Lots of tutorials, examples, and extensions available.

**5. Scalable with Blueprints**

- APIs can be modularized into multiple components for larger projects.

**6. Easy Integration with Frontend & Mobile Apps**

- Can serve APIs consumed by web apps, mobile apps, or third-party services.



# Ques 4. What is routing in Flask

  -  **Routing in Flask**

**1. Definition**

- Routing is the process of mapping URLs to functions in a Flask application.

- Each route corresponds to a specific URL endpoint that triggers a Python function called a view function.

**2. Purpose / Significance**

**1. Directs Requests to the Right Function**

- When a client accesses a URL, Flask uses the route to determine which function should handle the request.

**2. Supports Dynamic Content**

- Routes can include variables (like user IDs) to generate dynamic responses.

**3. Enables RESTful APIs**

- Different HTTP methods (GET, POST, PUT, DELETE) can be handled at the same route URL for API endpoints.

**3. Key Points**

1. Routes are defined using the @app.route() decorator.

2. Can include static paths (fixed URLs) or dynamic paths (with variables).

3. Can handle specific HTTP methods using methods=["GET", "POST"].

4. Enables Flask to serve web pages or API endpoints based on URL patterns.

# Ques 5. How do you create a simple Flask application
   - Here’s a concise explanation of how to create a simple Flask application:

**Steps to Create a Simple Flask App**

**1. Install Flask**

                   pip install Flask

**2. Create a Python File**

- Example: app.py

**3. Basic Flask Application Code**

                       from flask import Flask

                       app = Flask(__name__)  # Create a Flask app instance

                       @app.route("/")  # Define a route for the home page
                       def home():
                          return "Hello, Flask!"  # Return response for this route

                       if __name__ == "__main__":
                             app.run(debug=True)  # Run the app in debug mode

**4. Run the Application**

                   python app.py


- Open a browser and go to http://127.0.0.1:5000/

- You should see “Hello, Flask!” displayed.

**Key Points**

1. Flask(__name__) creates the application object.

2. @app.route("/") defines a URL endpoint (route).

3. Functions associated with routes return HTTP responses.

4. app.run(debug=True) starts a development server with auto-reload and debugging.



# Ques 6. What are HTTP methods used in RESTful APIs  
  -  **HTTP Methods in RESTful APIs**

RESTful APIs use standard HTTP methods to perform CRUD operations on resources:

| HTTP Method | CRUD Action      | Purpose / Use Case                                                                                       |
| ----------- | ---------------- | -------------------------------------------------------------------------------------------------------- |
| **GET**     | Read             | Retrieve data or a resource without modifying the server. Example: Get a list of users or a single user. |
| **POST**    | Create           | Send data to create a new resource on the server. Example: Add a new user.                               |
| **PUT**     | Update / Replace | Update an existing resource entirely or create it if it doesn’t exist. Example: Update user details.     |
| **PATCH**   | Partial Update   | Update part of a resource without replacing the whole resource. Example: Update a user’s email.          |
| **DELETE**  | Delete           | Remove a resource from the server. Example: Delete a user.                                               |
| **OPTIONS** | Metadata         | Retrieve communication options for a resource (used in CORS preflight requests).                         |
| **HEAD**    | Metadata         | Same as GET but only retrieves headers, not the body. Useful for checking if a resource exists.          |


Ques 7. What is the purpose of the @app.route() decorator in Flask
   - **@app.route() Decorator in Flask**
**1. Definition**

- The @app.route() decorator is used to bind a URL path to a Python function (view function) in Flask.

- It tells Flask “when this URL is accessed, execute this function”.

**2. Purpose / Significance**

**1. Maps URLs to Functions**

- Each route corresponds to a specific function that handles requests to that URL.

**2. Supports Dynamic URLs**

- Can include variables in the URL, making routes flexible and dynamic.

**3. Specifies HTTP Methods**

- Can limit a route to specific methods like GET, POST, PUT, or DELETE.

**4. Enables Clean and Readable Code**

- Routes are declared directly above the view function for clarity.


**4. Key Points**

Routes are defined using @app.route("<URL>").

Supports dynamic parameters using <variable> in the URL.

Can specify allowed HTTP methods via methods=[...].

Essential for routing requests to the correct view functions.

In [None]:
# Example Usage
from flask import Flask, request

app = Flask(__name__)

# Static route
@app.route("/")
def home():
    return "Welcome to Home Page"

# Dynamic route with a URL variable
@app.route("/user/<username>")
def profile(username):
    return f"Hello, {username}!"

# Route with HTTP method specification
@app.route("/submit", methods=["POST"])
def submit():
    data = request.get_json()
    return f"Data received: {data}"


# / → calls home()

# /user/Ankita → calls profile("Ankita")

# /submit (POST) → calls submit()


# Ques 8. What is the difference between GET and POST HTTP methods
   - Here’s a clear theoretical explanation of the difference between GET and POST HTTP methods:
| Feature               | GET                                                 | POST                                                           |
| --------------------- | --------------------------------------------------- | -------------------------------------------------------------- |
| **Purpose**           | Retrieve data from the server                       | Send data to the server (create/update)                        |
| **Data Location**     | Appended to URL as query parameters (`?key=value`)  | Sent in the **request body**, not visible in URL               |
| **Visibility**        | Visible in URL (less secure)                        | Not visible in URL (more secure for sensitive data)            |
| **Length Limitation** | Limited by browser/URL length (~2000 characters)    | No significant limit (depends on server configuration)         |
| **Caching**           | Can be cached by browsers and proxies               | Not cached by default                                          |
| **Bookmarking**       | URL with parameters can be bookmarked               | Cannot bookmark POST requests                                  |
| **Idempotence**       | Yes – repeating a GET request has no side effects   | No – repeating POST may create/update resources multiple times |
| **Typical Use Cases** | Fetching data, search queries, retrieving resources | Submitting forms, uploading files, creating/updating resources |



# Ques 9. How do you handle errors in Flask APIs
   - **Error Handling in Flask API**

**1. Purpose**

- APIs can fail due to invalid requests, missing resources, or server errors.

- Proper error handling ensures:

1. Consistent and meaningful responses for clients.

2. Use of appropriate HTTP status codes.

3. Easier debugging and monitoring.

**2. Common HTTP Errors**

| Error Type            | Status Code | Example                      |
| --------------------- | ----------- | ---------------------------- |
| Bad Request           | 400         | Missing required parameters  |
| Unauthorized          | 401         | Invalid authentication token |
| Forbidden             | 403         | Access denied                |
| Not Found             | 404         | Resource does not exist      |
| Internal Server Error | 500         | Unexpected server error      |


**3. Methods of Handling Errors in Flask**

**1. abort() function**

- Immediately raises an HTTP error with a status code.

**2. Error Handlers (@app.errorhandler)**

- Define custom responses for specific HTTP errors.

- Can return JSON messages with proper status codes.

**3. Custom Exceptions**

- Create custom exception classes to handle application-specific errors.

- Allows structured error messages and status codes.

**4. Best Practices**

- Return JSON responses for all API errors.

- Use appropriate HTTP status codes.

- Include descriptive error messages.

- Log errors for monitoring and debugging.

- Catch exceptions to prevent unhandled 500 errors.

# Ques 10. How do you connect Flask to a SQL database
    - **Connecting Flask to a SQL Database **

**1. Purpose**

- Web applications often need persistent storage for data.

- Flask can connect to SQL databases (SQLite, MySQL, PostgreSQL, etc.) to store, retrieve, and manage data.

- This connection allows Flask to serve dynamic content and support CRUD operations.

**2. Methods**

- Flask-SQLAlchemy (Recommended)

- An ORM (Object Relational Mapper) that maps Python classes to database tables.

- Simplifies CRUD operations and queries.

- Example:

- Define a Python class for a table.

-  Use db.session.add(), db.session.commit(), and Model.query.all() for database operations.

1. Raw SQL Drivers

2. Directly connect using database drivers like:

3. sqlite3 for SQLite

4. mysql-connector-python for MySQL

5. psycopg2 for PostgreSQL

- Requires writing manual SQL queries and managing connections.

**3. Steps to Connect**

- Install necessary packages (Flask-SQLAlchemy or database driver).

- Configure the database URI in Flask (app.config['SQLALCHEMY_DATABASE_URI']).

- Initialize the database (db = SQLAlchemy(app)).

- Define models representing tables.

- Perform CRUD operations (Create, Read, Update, Delete).

**4. Key Points**

- Flask alone does not provide database connectivity; extensions or drivers are needed.

- Flask-SQLAlchemy integrates SQLAlchemy with Flask for ease, maintainability, and ORM benefits.

- Application context is required when initializing and interacting with the database.


# Ques 11. What is the role of Flask-SQLAlchemy
  - **Flask-SQLAlchemy**
**1. Definition**

- Flask-SQLAlchemy is an extension for Flask that provides a high-level ORM (Object Relational Mapper) for interacting with relational databases like SQLite, MySQL, or PostgreSQL.

- It combines SQLAlchemy, a powerful Python ORM, with Flask’s application context, making database integration easier and more “Flask-friendly.”

**2. Purpose / Significance**

**1. Simplifies Database Operations**

- Allows you to interact with databases using Python classes and objects instead of writing raw SQL queries.

- Example: User.query.all() instead of SELECT * FROM users.

**2. Object-Relational Mapping (ORM)**

- Maps Python classes to database tables and instances to rows.

-  Makes CRUD operations intuitive using Python code.

**3. Integration with Flask**

- Manages database connections automatically within Flask’s application context.

- Supports transactions, sessions, and scoped queries seamlessly.

**4. Migration Support**

- Works with Flask-Migrate to handle database schema changes over time.

**5. Query Flexibility**

- Supports both ORM-style queries and raw SQL queries when needed.

# Ques 12. What are Flask blueprints, and how are they useful
    - **Flask Blueprints**

**1. Definition**

- A Blueprint in Flask is a way to organize a Flask application into modular components.

- It allows you to define routes, templates, static files, and other functionality in a reusable and organized manner.

- Essentially, a blueprint is like a mini Flask app that can be registered on the main application.

**2. Purpose / Significance**

**1. Modularization**

- Large applications can be split into logical components, e.g., auth, blog, admin.

Makes the code easier to manage and maintain.

**2. Reusability**

- Blueprints can be reused across multiple projects.

**3. Separation of Concerns**

- Keeps routes, templates, and static files related to a module together.

**4. Scalability**

- Makes it easier to scale large Flask applications without cluttering app.py.

**5. Ease of Registration**

- You can register a blueprint multiple times with different URL prefixes.

# Ques 13. What is the purpose of Flask's request object
   - **Flask’s request Object**

**1. Definition**

- The request object in Flask represents incoming HTTP requests from the client.

- It provides access to all request data, such as form data, query parameters, JSON payloads, headers, and cookies.

- It is part of Flask’s flask module and is automatically available within view functions.

**2. Purpose / Significance**

1. Access Form Data

- Retrieve data sent via HTML forms with POST or GET requests.

               username = request.form.get("username")


**2. Access Query Parameters**

- Retrieve data sent in the URL after ?.

               search_term = request.args.get("q")


**3. Access JSON Payload**

- Useful for RESTful APIs where clients send JSON data.

               data = request.get_json()


**4. Access Request Headers**

- Retrieve headers like User-Agent or Authorization.

               token = request.headers.get("Authorization")


**5. Access Cookies**

- Read cookies sent by the client.

               theme = request.cookies.get("theme")


**6. Determine Request Metadata**

- Method used (GET, POST, etc.): request.method

              Client IP: request.remote_addr



**4. Key Points**

1. The request object represents the client’s request.

2. It provides easy access to all request data: form, query, JSON, headers, and cookies.

3. Essential for handling user input in forms and APIs.

4. Works seamlessly with RESTful API endpoints in Flask.

In [None]:
# Example Usage
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route("/login", methods=["POST"])
def login():
    # Access form or JSON data
    data = request.get_json()
    username = data.get("username")
    password = data.get("password")

    if username == "admin" and password == "1234":
        return jsonify({"message": "Login successful"}), 200
    else:
        return jsonify({"error": "Invalid credentials"}), 401

@app.route("/search")
def search():
    query = request.args.get("q")  # Query parameter
    return f"Searching for: {query}"

if __name__ == "__main__":
    app.run(debug=True)

# Ques 14. How do you create a RESTful API endpoint using Flask

    - **1. RESTful API Endpoint**

- An endpoint is a URL where clients can access resources.

- RESTful APIs use HTTP methods to perform actions on resources:

| Method | Action          |
| ------ | --------------- |
| GET    | Retrieve data   |
| POST   | Create resource |
| PUT    | Update resource |
| DELETE | Delete resource |

- In Flask, endpoints are created using routes (@app.route) and associated view functions.

**2. Steps to Create a RESTful API Endpoint in Flask**

1. Import Flask modules

2. Create a Flask app instance

3. Define routes with HTTP methods

4. Return JSON responses using jsonify()

5. Run the Flask server

**3. Key Points**

1. Routes correspond to resources (/users) and can include parameters (/users/<id>).

2. HTTP methods define actions (GET, POST, DELETE, etc.).

3. jsonify() is used to return structured JSON responses.

4. HTTP status codes indicate success or failure (200, 201, 404).

5. Can be extended to use databases, authentication, and validation for production-ready APIs.

# Ques 15. What is the purpose of Flask's jsonify() function
   -  **Flask’s jsonify() Function**

**1. Definition**

- jsonify() is a Flask function that converts Python data structures (like dictionaries, lists, or tuples) into JSON format.

- It also sets the proper HTTP headers (Content-Type: application/json) so the client knows the response is JSON.

**2. Purpose / Significance**

**1. Simplifies JSON Responses**

- Automatically converts Python objects to JSON, avoiding manual serialization.

**2. Proper Content-Type Header**

- Ensures the response is interpreted correctly by browsers or API clients.

**3. Supports RESTful APIs**

- Essential for building APIs that communicate using JSON.

**4. Easy to Use with Status Codes**

- You can return both JSON data and HTTP status codes:

             return jsonify({"message": "Created"}), 201

**3. Key Points**

- Converts Python dicts/lists/tuples to JSON.

- Sets Content-Type: application/json automatically.

- Often used in API endpoints for JSON responses.

- Supports optional HTTP status codes.


In [None]:
# Example
from flask import Flask, jsonify

app = Flask(__name__)

@app.route("/api/users")
def users():
    data = [
        {"id": 1, "name": "Ankita"},
        {"id": 2, "name": "Rahul"}
    ]
    return jsonify(data)  # Converts Python list of dicts to JSON

if __name__ == "__main__":
    app.run(debug=True)


# Ques 16. Explain Flask’s url_for() function
   - **Flask’s url_for() Function**

**1. Definition:**

- url_for() is a Flask function used to dynamically generate URLs for routes or static files.

- Instead of hardcoding URLs, you provide the name of the view function or 'static' for static files.

**2. Purpose / Significance:**

- Ensures URLs remain correct even if the route path changes.

- Avoids errors from hardcoding URLs in templates or redirect functions.

- Simplifies passing dynamic parameters to routes.

- Helps link static resources (CSS, JS, images) reliably.

**3. Basic Usage:**

- For a route:

               url_for("home")  # Generates URL for the 'home' function


- For routes with parameters:

              url_for("profile", username="Ankita")  # Generates '/user/Ankita'


- For static files:

             url_for("static", filename="style.css")  # Generates '/static/style.css'


**4. Advantages:**

- Maintainability: No need to update URLs everywhere if routes change.

- Dynamic: Automatically handles route parameters.

- Consistent Linking: Ensures templates, redirects, and static files are correctly linked.

# Ques 17. How does Flask handle static files (CSS, JavaScript, etc.)

   - In Flask, static files like CSS, JavaScript, images, and fonts are served from a special folder called static. Flask provides a built-in mechanism to serve these files efficiently, so you don’t have to manually handle file requests.

**1. Default Static Folder**

- By default, Flask looks for a folder named static in your project root.

- **Example project structure:**

                    my_flask_app/
                    │── app.py
                    │── static/
                    │   ├── style.css
                    │   ├── script.js
                    │   └── logo.png
                    │── templates/
                        └── index.html

**2. Accessing Static Files**

- Use the url_for function to generate URLs for static files:

            <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
            <script src="{{ url_for('static', filename='script.js') }}"></script>
            <img src="{{ url_for('static', filename='logo.png') }}" alt="Logo">


- url_for('static', filename='...') → Flask automatically maps to /static/....

**3. Serving Static Files in Flask**

- Flask automatically serves files in the static folder when accessed via /static/<filename> URL.

- **Example:**

- /static/style.css → serves static/style.css

- /static/images/logo.png → serves static/images/logo.png

**4. Custom Static Folder (Optional)**

- You can change the default folder name or URL prefix:

           app = Flask(__name__, static_folder="assets", static_url_path="/assets")


- Now Flask serves files from assets/ folder at /assets/....

**5. Key Points**

1. Use url_for('static', filename='...') in templates for correct URL generation.

2. Static files are served directly by Flask in development; in production, a web server (like Nginx) is recommended for efficiency.

3. Keeps templates clean and separates frontend resources from Python code.

# Ques 18. What is an API specification, and how does it help in building a Flask API What are HTTP status codes, and

**1. API Specification**

**Definition:**
An API specification is a formal document or blueprint that defines how an API behaves. It describes the endpoints, request/response formats, parameters, authentication, and possible errors. Essentially, it is a contract between the API provider and the client.

**Components of an API Specification:**

- **Endpoints/Routes:** /users, /users/<id>

- **HTTP Methods:** GET, POST, PUT, DELETE

- **Request Parameters:** Query, path, or body parameters

- **Response Format:** Usually JSON with defined fields

- **Authentication & Authorization:** API keys, tokens, OAuth

- **Error Handling:** Standard error messages and codes

**Benefits for Flask API Development:**

**1. Consistency:** Ensures all endpoints behave predictably.

**2. Documentation:** Serves as a reference for developers.

**3. Validation:** Helps in testing requests and responses.

**4. Automation:** Tools like Swagger/OpenAPI can generate Flask routes, docs, and client SDKs automatically.

**Example in Flask:**

    from flask import Flask, jsonify

    app = Flask(__name__)

    @app.route("/users", methods=["GET"])
    def get_users():
        """API endpoint to return list of users"""
     return jsonify([{"id": 1, "name": "Ankita"}])


- The API spec would describe that /users supports GET, returns JSON with id and name, and may return status 200 OK.

**2. HTTP Status Codes**

**Definition:**
HTTP status codes indicate the result of an HTTP request. They help the client understand whether the request was successful, failed, or requires further action.

**Common Status Codes:**
| Code | Meaning               | Use Case in Flask API             |
| ---- | --------------------- | --------------------------------- |
| 200  | OK                    | Request succeeded, return data    |
| 201  | Created               | New resource created (POST)       |
| 400  | Bad Request           | Invalid input or parameters       |
| 401  | Unauthorized          | Authentication required or failed |
| 403  | Forbidden             | Access denied                     |
| 404  | Not Found             | Resource does not exist           |
| 500  | Internal Server Error | Unexpected server error           |


**Using Status Codes in Flask:**

    from flask import Flask, jsonify

    app = Flask(__name__)

    @app.route("/create-user", methods=["POST"])
    def create_user():
       # Example: Suppose input is invalid
       return jsonify({"error": "Invalid data"}), 400


- The 400 informs the client that the request was bad.

# Ques 19. why are they important in a Flask API
   - Both API specifications and HTTP status codes are crucial in a Flask API because they ensure that your API is consistent, predictable, and user-friendly. Here’s why:

**1. Importance of API Specifications in Flask**

**1. Defines a Clear Contract**

- Specifies how clients should interact with your API.

- Example: What endpoints exist, what data to send, what responses to expect.

**2. Ensures Consistency**

- Makes sure all routes follow a uniform structure and response format.

- Helps when multiple developers are working on the same API.

**3. Simplifies Development & Testing**

- Allows developers to know exactly what to implement and test.

- Tools like Swagger/OpenAPI can auto-generate docs and test cases from the spec.

**4. Improves Maintainability**

- Changes to the API can be tracked in the spec, preventing unexpected behavior for clients.

**5. Supports Automation**

- Can generate client SDKs, documentation, or server stubs directly from the specification.

**2. Importance of HTTP Status Codes in Flask**

**1. Communicates Result of Requests**

- Clients immediately know whether a request succeeded, failed, or requires action.

**2. Helps in Error Handling**

- Using standard codes like 404 or 400 helps clients handle errors gracefully.

**3. Improves API Usability**

- Clear feedback reduces confusion and prevents misuse of the API.

**4. Supports RESTful Design Principles**

- REST APIs rely on stateless communication and standard HTTP status codes to indicate outcomes.

** Example in Flask**
                   from flask import Flask, jsonify, request

                   app = Flask(__name__)

                   @app.route("/users/<int:id>")
                   def get_user(id):
                         users = {1: "Ankita", 2: "Rahul"}
                         if id in users:
                             return jsonify({"id": id, "name": users[id]}), 200  # Success
                         else:
                             return jsonify({"error": "User not found"}), 404  # Not Found


- API spec would describe /users/<id> endpoint, expected response fields, and possible status codes (200 or 404).

- Clients know exactly how to interact and handle success or failure.

# Ques 20. How do you handle POST requests in Flask
   - **POST Requests in Flask**

**1. Definition:**

- A POST request is an HTTP method used to send data from a client to a server, usually for creating or updating resources.

- Unlike GET requests, POST requests send data in the request body, not in the URL.

**2. Handling POST Requests in Flask:**

- In Flask, you define a route with methods=["POST"].

- You use the request object to access the submitted data.

**3. Accessing Data:**

- Form data: request.form.get("field_name")

- JSON data: request.get_json()

**4. Typical Use Cases:**

- Submitting forms from web pages

- Creating new records in a database via an API

- Sending JSON data to RESTful endpoints

**5. Returning a Response:**

- After processing, the server returns a response, often in JSON format for APIs.

- Commonly used HTTP status codes:

a. 200 OK → Successful processing

b. 201 Created → Resource created successfully

c. 400 Bad Request → Invalid input



# Ques 21. How would you secure a Flask API
   - Securing a Flask API is crucial to protect your application and user data from unauthorized access, attacks, or misuse. Security involves multiple layers: authentication, authorization, data protection, and best practices in coding. Here’s a detailed theoretical overview:

**1. Authentication**

Authentication verifies who the user is. Common methods:

1. **API Keys**

- Simple token included in requests, e.g., Authorization: Bearer <API_KEY>

- Useful for server-to-server APIs.

2. **Token-Based Authentication (JWT)**

- JSON Web Tokens (JWT) carry user info and expiration in a signed token.

- The server validates the token instead of storing sessions.

3. **OAuth / OAuth2**

- Standard for secure delegated access.

- Common for third-party integrations (Google, Facebook login).

**2. Authorization**

Authorization determines what the authenticated user can access:

- Role-based access control (RBAC) → e.g., admin vs regular user endpoints

- Endpoint restrictions based on user permissions

**3. Secure Data Transmission**

- Always use HTTPS to encrypt data in transit.

- Avoid sending sensitive data (passwords, tokens) over HTTP.

**4. Input Validation & Sanitization**

- Validate incoming data to prevent:

a. SQL Injection

b. Cross-Site Scripting (XSS)

c. Invalid or malformed requests

- Use Flask libraries like WTForms or Marshmallow for structured validation.

**5. Rate Limiting**

-  Prevent abuse and denial-of-service attacks.

-  Flask extensions: Flask-Limiter

                  from flask_limiter import Limiter
                  limiter = Limiter(app, key_func=get_remote_address)

**6. CORS (Cross-Origin Resource Sharing)**

- Restrict which domains can access your API.

- Flask extension: Flask-CORS

               from flask_cors import CORS
               CORS(app, resources={r"/api/*": {"origins": "https://example.com"}})

**7. Secure Storage of Secrets**

- Never hardcode API keys, passwords, or tokens.

- Use environment variables or secret managers.

**8. Logging & Monitoring**

- Track requests, errors, and unusual activity.

- Helps detect and respond to security incidents.

# Ques 22. What is the significance of the Flask-RESTful extension
     - The **Flask-RESTful extension** is a powerful toolkit that simplifies building RESTful APIs with Flask. It provides a structured way to define resources, endpoints, and HTTP methods, making API development cleaner, more maintainable, and closer to REST principles.

- **Significance of Flask-RESTful**

**1. Resource-Based Structure**

- Encourages resource-oriented design rather than route-oriented.

- Each resource is represented as a Python class, which clearly separates concerns.

                from flask_restful import Resource

                class User(Resource):
                    def get(self, user_id):
                        return {"user_id": user_id, "name": "Ankita"}


This is cleaner than using multiple route functions in Flask.

**2. Automatic HTTP Method Handling**

- You can define methods like get(), post(), put(), delete() inside the resource class.

- Flask-RESTful automatically maps them to the correct HTTP method.

                from flask_restful import Api

                api = Api(app)
                api.add_resource(User, "/user/<int:user_id>")

**3. Request Parsing & Validation**

- Comes with reqparse to parse and validate incoming request arguments.

- Helps handle missing or invalid parameters gracefully.

                  from flask_restful import reqparse

                  parser = reqparse.RequestParser()
                  parser.add_argument("name", required=True, help="Name cannot be blank")
                  args = parser.parse_args()

**4. Clean JSON Responses**

- Automatically converts Python dictionaries to JSON.

- Returns proper HTTP status codes easily:

         return {"message": "User created"}, 201

**5. Easy Error Handling**

- Centralized error handling for API exceptions.

- Can raise custom errors with messages and status codes.

**6. Integration with Flask Ecosystem**

- Works seamlessly with extensions like Flask-JWT, Flask-CORS, and SQLAlchemy.

- Makes it easy to scale small Flask APIs into full-fledged REST services.

**Ques 23. What is the role of Flask’s session object?**
  - In Flask, the session object provides a way to store data specific to a user across multiple requests. It’s used to maintain stateful information between the client and server, such as login status, user preferences, or shopping cart items.

**1. Key Characteristics**

**1. Server-Side Storage (with Signed Cookies)**

- Data is stored on the client in a cookie, but signed with a secret key to prevent tampering.

- Flask automatically encrypts and verifies the session cookie.

**2. Per-User Data**

- Each user gets their own session data; it is not shared across users.

**3. Temporary Storage**

- Session data persists only until the cookie expires or is cleared.

**2. Common Use Cases**

- **User Authentication:** Store login status and user ID.

- **Shopping Cart:** Keep track of items added by a user.

- **Preferences:** Store language, theme, or other settings.

- F**lash Messages:** Temporary messages displayed to the user.



**3. Key Points**

session is a dictionary-like object → session["key"] = value.

Requires app.secret_key for signing cookies.

Automatic handling of cookies → no need to manually set them.

Useful for stateful features in otherwise stateless HTTP.

In [None]:
# Basic Example
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = "your_secret_key"  # Required for session signing

@app.route("/login", methods=["POST"])
def login():
    username = request.form.get("username")
    session["username"] = username  # Store user info in session
    return redirect(url_for("profile"))

@app.route("/profile")
def profile():
    if "username" in session:
        return f"Hello, {session['username']}! Welcome to your profile."
    else:
        return redirect(url_for("login"))

@app.route("/logout")
def logout():
    session.pop("username", None)  # Remove session data
    return "You have been logged out."

# **Practical Question**


# Ques 1. How do you create a basic Flask application


In [None]:
from flask import Flask

# Create a Flask instance
app = Flask(__name__)

# Define a route
@app.route("/")
def home():
    return "Hello, Flask! 🚀"

# Run the app
if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with watchdog (inotify)


# Ques 2. How do you serve static files like images or CSS in Flask


In [None]:
!pip install flask flask-ngrok



Collecting flask-ngrok
  Downloading flask_ngrok-0.0.25-py3-none-any.whl.metadata (1.8 kB)
Downloading flask_ngrok-0.0.25-py3-none-any.whl (3.1 kB)
Installing collected packages: flask-ngrok
Successfully installed flask-ngrok-0.0.25


In [None]:
from flask import Flask, render_template_string
from flask_ngrok import run_with_ngrok

# Create app
app = Flask(__name__)
run_with_ngrok(app)  # start ngrok when app.run() is called

# Example route with HTML + CSS
@app.route("/")
def home():
    return render_template_string("""
    <!DOCTYPE html>
    <html>
    <head>
        <title>Flask in Colab</title>
        <style>
            body { background-color: #f4f4f9; text-align: center; font-family: Arial; }
            h1 { color: darkblue; }
        </style>
    </head>
    <body>
        <h1>Hello from Flask in Colab 🚀</h1>
        <p>This page is served with Flask + Ngrok.</p>
        <img src="https://flask.palletsprojects.com/en/2.3.x/_static/flask-icon.png" width="120">
    </body>
    </html>
    """)

if __name__ == "__main__":
    app.run()


 * Serving Flask app '__main__'
 * Debug mode: off


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
Exception in thread Thread-4:
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/dist-packages/urllib3/connection.py", line 198, in _new_conn
    sock = connection.create_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/urllib3/util/connection.py", line 85, in create_connection
    raise err
  File "/usr/local/lib/python3.12/dist-packages/urllib3/util/connection.py", line 73, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.12/dist-packages/urllib3/connectionpool.py", line 787, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/urllib3/connectionpool.py", line 493, in _make_reques

# Ques 3. How do you define different routes with different HTTP methods in Flask


In [None]:
from flask import Flask, request

app = Flask(__name__)

# Default GET request
@app.route("/")
def home():
    return "Welcome to Flask Home Page 🚀"

# GET and POST on the same route
@app.route("/submit", methods=["GET", "POST"])
def submit():
    if request.method == "POST":
        data = request.form.get("name")
        return f"Form submitted with name: {data}"
    return '''
        <form method="POST">
            <input type="text" name="name" placeholder="Enter your name">
            <input type="submit" value="Submit">
        </form>
    '''

# Only GET
@app.route("/about", methods=["GET"])
def about():
    return "This is the About Page 📖"

# Only POST
@app.route("/api/data", methods=["POST"])
def api_data():
    return {"message": "Data received via POST ✅"}

# GET and DELETE
@app.route("/delete", methods=["GET", "DELETE"])
def delete():
    if request.method == "DELETE":
        return {"status": "Deleted"}
    return "Send a DELETE request to remove something ❌"

if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with watchdog (inotify)


# Ques 4. How do you render HTML templates in Flask


In [None]:
from flask import Flask, render_template_string
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)  # Automatically create public URL

# Home route using template
@app.route("/")
def home():
    html_template = """
    <!DOCTYPE html>
    <html>
    <head>
        <title>Flask Template in Colab</title>
        <style>
            body { font-family: Arial; text-align: center; background-color: #f4f4f9; }
            h1 { color: darkblue; }
        </style>
    </head>
    <body>
        <h1>Welcome to Flask Templates in Colab 🚀</h1>
        <p>This page uses render_template_string()</p>
    </body>
    </html>
    """
    return render_template_string(html_template)

if __name__ == "__main__":
    app.run()


# Ques 5. How can you generate URLs for routes in Flask using url_for


In [None]:
# Basic Usage
from flask import Flask, url_for

app = Flask(__name__)

@app.route("/")
def home():
    return "Home Page 🚀"

@app.route("/about")
def about():
    return "About Page 📖"

@app.route("/redirect-demo")
def redirect_demo():
    # Generate URLs for 'home' and 'about'
    home_url = url_for('home')
    about_url = url_for('about')
    return f"Home URL: {home_url} <br> About URL: {about_url}"

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
# Dynamic Routes with Parameters
@app.route("/user/<username>")
def user_profile(username):
    return f"Profile page of {username}"

@app.route("/user-link")
def user_link():
    # Generate URL for user_profile with parameter
    profile_url = url_for('user_profile', username='Ankita')
    return f"Profile URL: {profile_url}"


# Ques 6. How do you handle forms in Flask


In [None]:
from flask import Flask, request, render_template_string
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)  # starts ngrok automatically

# Home route with form
@app.route("/", methods=["GET", "POST"])
def home():
    if request.method == "POST":
        username = request.form.get("username")
        return f"<h2>Hello, {username}! 👋</h2>"

    # HTML form
    form_html = """
    <!DOCTYPE html>
    <html>
    <head>
        <title>Flask Form in Colab</title>
    </head>
    <body>
        <h1>Enter Your Name</h1>
        <form method="POST">
            <input type="text" name="username" placeholder="Your name">
            <input type="submit" value="Submit">
        </form>
    </body>
    </html>
    """
    return render_template_string(form_html)

if __name__ == "__main__":
    app.run()


# Ques 7. How can you validate form data in Flask


In [None]:
from flask import Flask, render_template_string, redirect
from flask_wtf import FlaskForm
from wtforms import StringField, EmailField, SubmitField
from wtforms.validators import DataRequired, Email

app = Flask(__name__)
app.secret_key = "secret-key"  # Required for CSRF protection

# Define a form class
class RegistrationForm(FlaskForm):
    username = StringField("Username", validators=[DataRequired()])
    email = EmailField("Email", validators=[DataRequired(), Email()])
    submit = SubmitField("Submit")

@app.route("/", methods=["GET", "POST"])
def home():
    form = RegistrationForm()
    if form.validate_on_submit():  # Checks validators automatically
        return f"<h2>Welcome, {form.username.data}! Your email is {form.email.data}</h2>"

    # Render the form
    form_html = """
    <form method="POST">
        {{ form.hidden_tag() }}
        {{ form.username.label }} {{ form.username(size=20) }}<br><br>
        {{ form.email.label }} {{ form.email(size=20) }}<br><br>
        {{ form.submit() }}
    </form>
    """
    return render_template_string(form_html, form=form)

if __name__ == "__main__":
    app.run(debug=True)


# Ques 8. How do you manage sessions in Flask


In [None]:
# Enable Session in Flask
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)

# Secret key is required for session management
app.secret_key = "my_secret_key"


In [None]:
# Storing Data in Session
@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        username = request.form.get("username")
        session["username"] = username  # Store data in session
        return redirect(url_for("profile"))

    return '''
    <form method="POST">
        <input type="text" name="username" placeholder="Enter your name">
        <input type="submit" value="Login">
    </form>
    '''


In [None]:
# Accessing Session Data
@app.route("/profile")
def profile():
    if "username" in session:
        username = session["username"]
        return f"Hello, {username}! Welcome to your profile."
    else:
        return redirect(url_for("login"))


In [None]:
# Removing Session Data
@app.route("/logout")
def logout():
    session.pop("username", None)  # Remove specific key
    # or session.clear() to remove all session data
    return "You have been logged out."


# Ques 9. How do you redirect to a different route in Flask


In [None]:
# Basic Redirect Example
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route("/")
def home():
    return "Welcome to Home Page 🚀"

@app.route("/go-to-about")
def go_to_about():
    # Redirect to the 'about' route
    return redirect(url_for("about"))

@app.route("/about")
def about():
    return "This is the About Page 📖"

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
# Redirect After Form Submission
from flask import Flask, request, redirect, url_for

app = Flask(__name__)

@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        username = request.form.get("username")
        # Redirect to profile page after login
        return redirect(url_for("profile", username=username))

    return '''
    <form method="POST">
        <input type="text" name="username" placeholder="Enter your name">
        <input type="submit" value="Login">
    </form>
    '''

@app.route("/profile/<username>")
def profile(username):
    return f"Hello, {username}! Welcome to your profile."

if __name__ == "__main__":
    app.run(debug=True)


# Ques 10. How do you handle errors in Flask (e.g., 404)


In [None]:
from flask import Flask, render_template_string

app = Flask(__name__)

@app.route("/")
def home():
    return "Welcome to Home Page 🚀"

# Custom 404 error handler
@app.errorhandler(404)
def page_not_found(e):
    return render_template_string("""
        <h1>404 - Page Not Found</h1>
        <p>Oops! The page you are looking for does not exist.</p>
        <a href="/">Go to Home</a>
    """), 404

if __name__ == "__main__":
    app.run(debug=True)


# Ques 11. How do you structure a Flask app using Blueprints


In [None]:
flask_app/
│── app.py
│── auth/
│   ├── __init__.py
│   └── routes.py
│── blog/
│   ├── __init__.py
│   └── routes.py
│── templates/
│   ├── auth/
│   │   └── login.html
│   └── blog/
│       └── home.html
│── static/


In [None]:
# Create a blueprint
# auth/routes.py
 from flask import Blueprint, render_template, request, redirect, url_for

auth_bp = Blueprint("auth", __name__, template_folder="templates")

@auth_bp.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        username = request.form.get("username")
        return f"Hello, {username}! You are logged in."
    return render_template("auth/login.html")


In [None]:
# blog/routes.py
from flask import Blueprint, render_template

blog_bp = Blueprint("blog", __name__, template_folder="templates")

@blog_bp.route("/")
def home():
    return render_template("blog/home.html")

In [None]:
# app.py
from flask import Flask
from auth.routes import auth_bp
from blog.routes import blog_bp

app = Flask(__name__)

# Register blueprints
app.register_blueprint(auth_bp, url_prefix="/auth")
app.register_blueprint(blog_bp, url_prefix="/blog")

if __name__ == "__main__":
    app.run(debug=True)


# Ques 12. How do you define a custom Jinja filter in Flask


In [None]:
# Basic Example: Custom Filter
from flask import Flask, render_template_string

app = Flask(__name__)

# Define a custom filter
@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]

@app.route("/")
def home():
    name = "Flask"
    html = """
    <h1>Original: {{ name }}</h1>
    <h2>Reversed using custom filter: {{ name|reverse }}</h2>
    """
    return render_template_string(html, name=name)

if __name__ == "__main__":
    app.run(debug=True)



# Ques 13. How can you redirect with query parameters in Flask


In [None]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route("/")
def home():
    # Get query parameter
    name = request.args.get("name", "Guest")
    return f"Hello, {name}!"

@app.route("/redirect-me")
def redirect_me():
    # Redirect with query parameter
    return redirect(url_for("home", name="Ankita"))

if __name__ == "__main__":
    app.run(debug=True)


# Ques 14. How do you return JSON responses in Flask


In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route("/api")
def api():
    data = {
        "name": "Ankita",
        "age": 25,
        "city": "Delhi"
    }
    return jsonify(data)  # Converts Python dict to JSON

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
# Returning JSON with Status Code
@app.route("/api-status")
def api_status():
    data = {"message": "Resource created successfully"}
    return jsonify(data), 201  # 201 = Created


# Ques 15. How do you capture URL parameters in Flask

In [None]:
# Path Parameters (Dynamic Routes)
from flask import Flask

app = Flask(__name__)

@app.route("/user/<username>")
def user_profile(username):
    return f"Profile page of {username}"

@app.route("/post/<int:post_id>")
def post_detail(post_id):
    return f"Details of post with ID: {post_id}"

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
# Query Parameters
from flask import request

@app.route("/search")
def search():
    keyword = request.args.get("q", "")  # Default value = ""
    page = request.args.get("page", 1)
    return f"Search results for '{keyword}', page {page}"
