# Restful API & Flask

### Q1) What is a RESTful API?

#### ANS- RESTful API is a type of web API that adheres to the principles and constraints of REST architecture, which is a way of designing networked applications. RESTful APIs support this information exchange because they follow secure, reliable, and efficient software communication standards.REST(Representational State Transfer API) is an architectural style, and an API built according to REST principles is called a RESTful API. REST APIs are stateless and rely on standard HTTP methods to perform operations on resources (e.g., users, posts, products). These methods are used to implement CRUD operations.

#### For example, to generate monthly payslips, your internal accounts system has to share data with your customer's banking system to automate invoicing and communicate with an internal timesheet application. 

### Q2) Explain the concept of API specification.

#### ANS- An API specification is a detailed, standardized description of how an API works — what it does, how to use it, and what to expect from it. It acts like a contract between the API provider and the consumer (developers), ensuring everyone understands how to interact with the API properly.

##### key roles of APIs:-
##### Real-time Predictions:
APIs allow data scientists to deploy machine learning models and expose them as services, enabling real-time predictions. This is crucial for applications such as recommendation systems, fraud detection, or dynamic pricing models.
##### Data Integration:
APIs enable seamless integration of external data sources, such as databases, cloud platforms, or third-party services (e.g., social media, weather, financial data), which is essential for gathering diverse datasets needed for analysis and model building.
##### Automation of Data Pipelines:
APIs automate the process of data retrieval, preprocessing, and feeding data into machine learning models, helping streamline workflows and save time. This ensures that the data science process is efficient and reproducible.
##### Collaboration and Sharing:
APIs enable sharing of data, models, and services across teams or organizations, promoting collaboration in data science projects. It allows easy access to shared resources and fosters innovation through shared tools and datasets.
##### Model Deployment:
APIs provide a way to deploy machine learning models in production, making them accessible via endpoints for various applications or services. This is key for deploying predictive models in real-world scenarios.

### Q3)  What is Flask, and why is it popular for building APIs?

#### ANS- Flask is a lightweight Python web framework, provides developers with the ability to map URLs to specific functions in the application. This process is known as routing. Flask also allows handling dynamic paths, redirects, and error handling seamlessly, making it a great choice for building web applications.It is popular for building APIs ,for the following reasons:-

##### 1. Lightweight and Minimalist
Flask doesn’t force structure or decisions on you. It provides just the essentials to get a web server or API up and running.
Ideal for microservices and small to medium applications.
##### 2. Easy to Learn and Use
Simple, readable syntax — especially good for beginners.
You can write a working API endpoint in just a few lines of code.

In [7]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/hello')
def hello():
    return jsonify({"message": "Hello, world!"})

##### 3. Highly Flexible
Flask doesn’t make assumptions about your project.
You can choose your:
Database (e.g., SQLite, PostgreSQL, MongoDB)
Authentication system
API design style (REST, GraphQL, etc.)

##### 4. Strong Ecosystem and Extensions
Popular extensions like:
Flask-RESTful for building REST APIs
Flask-JWT or Flask-Login for authentication
Flask-SQLAlchemy for ORM support

Large community = plenty of tutorials, plugins, and support

##### 5. Python-Based
Python is widely used in data science, backend services, automation, and education.
Flask fits seamlessly into Python environments, especially for teams already using Python.

### Q4)  What is routing in Flask?

#### ANS- Routing in Flask is the process of mapping URLs to specific functions in your Flask application. These functions are typically referred to as view functions, and they define what content should be returned to the user when a specific route (URL) is requested.Flask uses the @app.route() decorator to bind a function to a URL.

#### Static Routing
#### Static routing maps fixed URLs to specific view functions. These routes do not change and are commonly used for static pages like the home page or about page.

In [5]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return 'Welcome to the homepage!'

@app.route('/about')
def about():
    return 'This is the about page.'

#### Dynamic Routing
#### Dynamic routing enables URLs to accept variable parts (parameters) that are passed to the view function. These are useful for user-specific content or data-driven pages.

In [6]:
@app.route('/user/<username>')
def show_user_profile(username):
    return f'User {username}'

### Q5)  How do you create a simple Flask application?

#### ANS- 

In [2]:
pip install Flask

Collecting Flask
  Using cached flask-3.1.1-py3-none-any.whl.metadata (3.0 kB)
Collecting blinker>=1.9.0 (from Flask)
  Using cached blinker-1.9.0-py3-none-any.whl.metadata (1.6 kB)
Collecting click>=8.1.3 (from Flask)
  Using cached click-8.2.1-py3-none-any.whl.metadata (2.5 kB)
Collecting itsdangerous>=2.2.0 (from Flask)
  Using cached itsdangerous-2.2.0-py3-none-any.whl.metadata (1.9 kB)
Collecting werkzeug>=3.1.0 (from Flask)
  Using cached werkzeug-3.1.3-py3-none-any.whl.metadata (3.7 kB)
Using cached flask-3.1.1-py3-none-any.whl (103 kB)
Using cached blinker-1.9.0-py3-none-any.whl (8.5 kB)
Using cached click-8.2.1-py3-none-any.whl (102 kB)
Using cached itsdangerous-2.2.0-py3-none-any.whl (16 kB)
Using cached werkzeug-3.1.3-py3-none-any.whl (224 kB)
Installing collected packages: werkzeug, itsdangerous, click, blinker, Flask

   ---------------------------------------- 0/5 [werkzeug]
   ---------------------------------------- 0/5 [werkzeug]
   ------------------------------------

In [None]:
#Create a Python file, e.g., app.py, 

In [3]:
from flask import Flask

app = Flask(__name__)  # Create a Flask application instance

@app.route('/')  # Define the route for the home page
def home():
    return 'Hello, Flask!'  # Return a simple response

if __name__ == '__main__':
    app.run(debug=True)  # Run the app in debug mode

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

  warn("To exit: use 'exit', 'quit', or Ctrl-D.", stacklevel=1)


In your terminal or command prompt,Run the Application
python app.py

#You should see output like this:
 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)

Open a browser and visit http://127.0.0.1:5000/ — you'll see "Hello, Flask!"

### Q6)  What are HTTP methods used in RESTful APIs?

#### ANS-  HTTP methods used in RESTful APIs are

#### 1. GET
##### Structure: GET /resource HTTP/1.1 
#####            Host: example.com 
##### Explanation: The GET method retrieves data from the server. It is used for fetching resources such as web pages, images, or data from a database. GET requests do not modify any data on the server.
##### Use Case:
##### Use GET when you want to retrieve data from the server without making any changes.
##### Example: Retrieving a list of users from a database or fetching an HTML page.

#### 2. POST
##### Structure: POST /resource HTTP/1.1 
#####            Host: example.com 
#####            Content-Type: application/json { "name": "John", "age": 30 }
##### Explanation: The POST method sends data to the server to create a new resource or trigger an action. It is often used to submit form data, create new records, or initiate server-side processes.
##### Use Case:
##### Use POST when submitting form data or creating a new resource.
##### Example: Creating a new user or posting a blog article.

#### 3. PUT
##### Structure: PUT /resource/1 HTTP/1.1 
#####            Host: example.com 
#####            Content-Type: application/json { "name": "John", "age": 31 } 
##### Explanation: The PUT method is used to update an existing resource on the server. 
##### It replaces the current representation of the resource with the provided data.
##### Use Case:
##### Use PUT when you want to update an entire resource.
##### Example: Updating a user's profile with new information, such as their age or name.

#### 4. DELETE
##### Structure: DELETE /resource/1 HTTP/1.1 
#####            Host: example.com 
##### Explanation: The DELETE method is used to remove a resource from the server. It is used to delete data or records.
##### Use Case:
##### Use DELETE when you want to remove a resource.
##### Example: Deleting a user from a database or removing a product from an online store.

#### 5. PATCH
##### Structure: PATCH /resource/1 HTTP/1.1 
#####            Host: example.com 
#####            Content-Type: application/json { "age": 32 } 

##### Explanation: The PATCH method is used to partially update a resource. Unlike PUT, which replaces the entire resource, PATCH modifies only the specified fields.
##### Use Case:
##### Use PATCH when you want to update only specific parts of a resource.
##### Example: Changing a user’s email address or updating just the price of a product.

#### 6. HEAD
##### Structure: HEAD /resource HTTP/1.1 
#####            Host: example.com 
##### Explanation: The HEAD method is similar to GET, but it only retrieves the headers of a resource, not the body. It is useful for checking metadata like content type, length, or last-modified time without downloading the entire resource.
##### Use Case:
##### Use HEAD to check if a resource exists or to retrieve metadata (like checking if a file has changed).
##### Example: Checking if a resource is available or verifying the size of a file.

#### 7. OPTIONS
##### Structure: OPTIONS /resource HTTP/1.1 
#####            Host: example.com 
##### Explanation: The OPTIONS method is used to request information about the communication options available for a resource. It returns the allowed HTTP methods (GET, POST, PUT, etc.) for a specific resource.
##### Use Case:
##### Use OPTIONS to discover what HTTP methods are supported by a resource.
##### Example: Before making a cross-origin request, checking which methods the server supports.

### Q7)  What is the purpose of the @app.route() decorator in Flask?

#### ANS- The @app.route() decorator in Flask is used to bind a specific URL path to a view function.The purpose of the @app.route() decorator in Flask is:-

##### 1.URL routing: Maps a URL (like /, /about, or /login) to a Python function that runs when that URL is accessed.
##### 2.Associates logic with URLs: The decorated function returns the response (like HTML, JSON, etc.) to be sent to the client when the route is requested.

### Q8)  What is the difference between GET and POST HTTP methods?

#### ANS- The difference between GET and POST HTTP methods are:-

#### 1. GET
##### Structure: GET /resource HTTP/1.1 
#####            Host: example.com 
##### Explanation: The GET method retrieves data from the server. It is used for fetching resources such as web pages, images, or data from a database. GET requests do not modify any data on the server.
##### Use Case:
##### Use GET when you want to retrieve data from the server without making any changes.
##### Example: Retrieving a list of users from a database or fetching an HTML page.

#### 2. POST
##### Structure: POST /resource HTTP/1.1 
#####            Host: example.com 
#####            Content-Type: application/json { "name": "John", "age": 30 }
##### Explanation: The POST method sends data to the server to create a new resource or trigger an action. It is often used to submit form data, create new records, or initiate server-side processes.
##### Use Case:
##### Use POST when submitting form data or creating a new resource.
##### Example: Creating a new user or posting a blog article.

### Q9)  How do you handle errors in Flask APIs?

#### ANS- Error Handling- Error handling ensures the application gracefully responds to invalid requests or internal errors. Flask allows defining custom error pages using @app.errorhandler.

In [8]:
from flask import jsonify

@app.errorhandler(404)
def not_found(error):
    return jsonify({'error': 'Resource not found'}), 404

@app.errorhandler(400)
def bad_request(error):
    return jsonify({'error': 'Bad request'}), 400

@app.errorhandler(500)
def internal_error(error):
    return jsonify({'error': 'Internal server error'}), 500

#### Using Flask Extensions for Better Error Handling

##### flask-restful has built-in error handling with custom exception classes.
##### flask-marshmallow can help validate and handle schema errors.

In [10]:
pip install flask flask-restful marshmallow

Collecting flask-restful
  Downloading Flask_RESTful-0.3.10-py2.py3-none-any.whl.metadata (1.0 kB)
Collecting marshmallow
  Downloading marshmallow-4.0.0-py3-none-any.whl.metadata (7.4 kB)
Collecting aniso8601>=0.82 (from flask-restful)
  Downloading aniso8601-10.0.1-py2.py3-none-any.whl.metadata (23 kB)
Downloading Flask_RESTful-0.3.10-py2.py3-none-any.whl (26 kB)
Downloading marshmallow-4.0.0-py3-none-any.whl (48 kB)
Downloading aniso8601-10.0.1-py2.py3-none-any.whl (52 kB)
Installing collected packages: aniso8601, marshmallow, flask-restful

   ---------------------------------------- 0/3 [aniso8601]
   ---------------------------------------- 0/3 [aniso8601]
   ---------------------------------------- 0/3 [aniso8601]
   ---------------------------------------- 0/3 [aniso8601]
   ------------- -------------------------- 1/3 [marshmallow]
   ------------- -------------------------- 1/3 [marshmallow]
   -------------------------- ------------- 2/3 [flask-restful]
   ------------------

In [11]:
from flask import Flask, request
from flask_restful import Resource, Api
from marshmallow import Schema, fields, ValidationError

app = Flask(__name__)
api = Api(app)

class UserSchema(Schema):
    name = fields.String(required=True)
    age = fields.Integer(required=True)

user_schema = UserSchema()

class UserResource(Resource):
    def post(self):
        try:
        
            data = user_schema.load(request.get_json())
            return {"message": "User created", "data": data}, 201
        except ValidationError as err:
            
            return {"errors": err.messages}, 400

api.add_resource(UserResource, '/users')

# Global error handler for unexpected exceptions
@app.errorhandler(Exception)
def handle_generic_exception(e):
    return {"error": "An unexpected error occurred", "message": str(e)}, 500

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

### Q10) How do you connect Flask to a SQL database?

#### ANS- To connect Flask to a SQL database, you typically use SQLAlchemy or Flask-SQLAlchemy (a Flask extension that integrates SQLAlchemy more easily). 

In [None]:
#1. Install Flask-SQLAlchemy
pip install Flask-SQLAlchemy

In [None]:
#2. Basic Project Structure
myapp/
├── app.py
└── app.db  # SQLite database (or connect to PostgreSQL/MySQL)

In [None]:
#3. Set Up Your Flask App and Database Configuration
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)

app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///app.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

db = SQLAlchemy(app)

In [None]:
#4. Define a Model (Table)
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)

    def __repr__(self):
        return f'<User {self.username}>'

In [None]:
#5. Create the Database
with app.app_context():
    db.create_all()

In [None]:
#6. Add and Query Data
with app.app_context():
    new_user = User(username='alice', email='alice@example.com')
    db.session.add(new_user)
    db.session.commit()

with app.app_context():
    users = User.query.all()
    print(users)

### Q11)  What is the role of Flask-SQLAlchemy?

#### ANS- SQLAlchemy is a popular ORM (Object-Relational Mapping) library that allows you to interact with databases using Python objects instead of writing raw SQL queries. Flask-SQLAlchemy integrates SQLAlchemy with Flask, making it easier to work with databases.
#### Main functionality(role):
##### Database integration: Allows Flask to work with relational databases like MySQL, PostgreSQL, SQLite, etc.
##### Model creation: You define Python classes as models that represent your database tables.
##### Querying: You can perform database operations (CRUD - Create, Read, Update, Delete) using Python objects instead of raw SQL.
##### Session management: It handles database connections and sessions for you.

In [13]:
pip install flask_sqlalchemy

Collecting flask_sqlalchemy
  Downloading flask_sqlalchemy-3.1.1-py3-none-any.whl.metadata (3.4 kB)
Collecting sqlalchemy>=2.0.16 (from flask_sqlalchemy)
  Downloading sqlalchemy-2.0.41-cp313-cp313-win_amd64.whl.metadata (9.8 kB)
Collecting greenlet>=1 (from sqlalchemy>=2.0.16->flask_sqlalchemy)
  Downloading greenlet-3.2.2-cp313-cp313-win_amd64.whl.metadata (4.2 kB)
Downloading flask_sqlalchemy-3.1.1-py3-none-any.whl (25 kB)
Downloading sqlalchemy-2.0.41-cp313-cp313-win_amd64.whl (2.1 MB)
   ---------------------------------------- 0.0/2.1 MB ? eta -:--:--
   ---------------------------------------- 0.0/2.1 MB ? eta -:--:--
   ---- ----------------------------------- 0.3/2.1 MB ? eta -:--:--
   --------- ------------------------------ 0.5/2.1 MB 950.1 kB/s eta 0:00:02
   -------------- ------------------------- 0.8/2.1 MB 935.9 kB/s eta 0:00:02
   -------------- ------------------------- 0.8/2.1 MB 935.9 kB/s eta 0:00:02
   ------------------- -------------------- 1.0/2.1 MB 927.2 kB/

In [14]:
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db'
db = SQLAlchemy(app)

class Product(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(50), nullable=False)

@app.route('/create')
def create():
    db.create_all()
    new_product = Product(name="Coffee")
    db.session.add(new_product)
    db.session.commit()
    return "Product added!"

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

### Q12)  What are Flask blueprints, and how are they useful?

#### ANS- Flask Blueprints are a way to organize your Flask application into modular components. They allow you to split your application into multiple parts, each with its own routes, templates, static files, and other functionality.Blueprints in Flask allow you to structure your application in a modular way. Instead of placing all the routes, models, and configurations in a single file (such as app.py), you can split them into smaller, reusable components called blueprints. Each blueprint handles a specific functionality or section of your application. 

#### Modular Code Structure
Blueprints let you split your app into logical sections (e.g., auth, blog, admin), making your code easier to manage and maintain.
#### Improved Scalability
As your app grows, blueprints help scale the project by keeping related routes, templates, and static files organized.
#### Reusability
You can create blueprints (like an auth system) and reuse them across multiple Flask projects.
#### Team Collaboration
Developers can work on different parts of the app independently by assigning different blueprints to different team members.
#### Cleaner Integration with App Factory Pattern
Blueprints work seamlessly with the app factory pattern, making it easier to configure and test your app in different environments.

### Q13) What is the purpose of Flask's request object?

#### ANS- The Purpose of Flask's request Object
#### Access Form Data
##### Get data from HTML forms submitted via POST.
##### → request.form['username']

#### Read Query Parameters (GET data)
##### Get data from the URL (e.g., /search?term=flask).
##### → request.args.get('term')

#### Handle JSON Input
##### Read JSON payloads from API requests.
##### → request.get_json()

#### Check Request Method
##### Detect if the request is GET, POST, etc.
##### → request.method

#### Access Headers and Cookies
##### Get request headers or cookies sent by the client.
##### → request.headers['User-Agent']
##### → request.cookies.get('session_id')

### Q14) How do you create a RESTful API endpoint using Flask?

#### ANS-  Creating a RESTful API endpoint using Flask involves:
##### Defining routes using @app.route
##### Supporting HTTP methods like GET, POST, PUT, and DELETE
##### Using request to access incoming data
##### Returning JSON responses with jsonify
##### Using appropriate status codes

#1. Install Flask
pip install Flask

#2. Create a Flask App (app.py)
from flask import Flask, request, jsonify
app = Flask(__name__)
users = [
    {"id": 1, "name": "Alice"},
    {"id": 2, "name": "Bob"}
]

##### 3. Define RESTful API Endpoints
#GET: Retrieve all users
@app.route('/users', methods=['GET'])
def get_users():
    return jsonify(users), 200

##### DELETE: Remove a user
@app.route('/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
    global users
    users = [u for u in users if u['id'] != user_id]
    return jsonify({'message': 'User deleted'}), 204

##### 4. Run the App
if __name__ == '__main__':
    app.run(debug=True)

### Q15) What is the purpose of Flask's jsonify() function?

#### ANS- The purpose of Flask's jsonify() function is used to convert Python data structures such as dictionaries or lists into a valid JSON response. It automatically handles JSON encoding and returns a Response object with the appropriate Content-Type header set to application/json.It also supports proper character encoding and can handle complex data types more gracefully.

In [17]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {'name': 'Alice', 'age': 30}
    return jsonify(data)


This will return:

Body: {"name":"Alice","age":30}

Header: Content-Type: application/json

### Q16) Explain Flask’s url_for() function.

#### ANS- Flask’s url_for() function is a built-in utility that helps generate URLs for your application dynamically. Instead of hardcoding URLs directly into your templates or code, you can use url_for() to build URLs based on the name of the view function and any arguments it needs. This makes your code more maintainable and flexible.

@app.route('/user/<username>')
def profile(username):
    return f"User: {username}"


url_for('profile', username='john')


#This will return:
'/user/john'


#### url_for() is used for:-
##### Avoid hardcoding: Prevents broken links if your route changes.
##### Handles URL encoding: Automatically escapes special characters.
##### Supports blueprints and static files:

url_for('static', filename='style.css')

### Q17) How does Flask handle static files (CSS, JavaScript, etc.)?

#### ANS- 

In [1]:
#app.py
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

  warn("To exit: use 'exit', 'quit', or Ctrl-D.", stacklevel=1)


In [None]:
#templates/index.html
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Static File Example</title>
    <link rel="stylesheet" href="{{ url_for('static', filename='css/styles.css') }}">
</head>
<body>
    <h1>Hello from Flask!</h1>
    <button onclick="showMessage()">Click Me</button>

    <script src="{{ url_for('static', filename='js/script.js') }}"></script>
</body>
</html>

In [None]:
#static/css/styles.css

body {
    background-color: #f0f8ff;
    font-family: Arial, sans-serif;
    text-align: center;
    padding-top: 50px;
}

h1 {
    color: #333;
}

In [None]:
#static/js/script.js

function showMessage() {
    alert("Button clicked! JavaScript is working.");
}

Run It by Save all files in the correct directory structure.In your terminal, navigate to the my_flask_app directory.
#Run:python app.py
Open http://127.0.0.1:5000/ in your browser.

### Q18) What is an API specification, and how does it help in building a Flask API?

#### ANS- An API specification details the functional and expected behavior of an API, as well as the fundamental design philosophy and supported data types. It contains both documentation and API definitions to create a contract that people and software can read.An API specification provides a broad understanding of how an API behaves and how the API links with other APIs. It explains how the API functions and the results to expect when using the API. A good example of an API specification is the OpenAPI Specification.An API specification is a detailed blueprint or contract that describes how an API works. It outlines:
#### The available endpoints (e.g., /users, /login)
#### The HTTP methods used (GET, POST, PUT, DELETE)
#### The request parameters (path, query, headers, body)
#### The response structure and status codes
#### Any authentication requirements
#### Supported data formats (e.g., JSON, XML)
#### The most common format for API specifications is OpenAPI

#### In the following ways API Specification Helps When Building a Flask API :-

| Benefit               | Description                                                               |
| --------------------- | ------------------------------------------------------------------------- |
| ✅ **Documentation**   | Automatically generate user-friendly docs using tools like Swagger UI     |
| ✅ **Clear Contract**  | Ensures backend and frontend (or client) teams agree on the interface     |
| ✅ **Validation**      | You can automatically validate input/output against the spec              |
| ✅ **Mocking**         | Generate fake data or endpoints to test without writing full backend code |
| ✅ **Code Generation** | Generate Flask route skeletons or client SDKs from the spec               |
| ✅ **Testing**         | Use the spec to write automated tests or check conformance                |


### Q19) What are HTTP status codes, and why are they important in a Flask API?

#### ANS- HTTP status codes are three-digit numbers returned by a web server (or a web application like a Flask API) in response to a client request (usually from a browser or another app). They indicate the result of the request — whether it was successful, failed, redirected, etc.
#### Common Status Codes in Flask APIs:

| Code | Meaning               | When to Use                                               |
| ---- | --------------------- | --------------------------------------------------------- |
| 200  | OK                    | Request was successful                                    |
| 201  | Created               | New resource successfully created (e.g., after POST)      |
| 204  | No Content            | Request successful, no response body (e.g., after DELETE) |
| 400  | Bad Request           | Client sent invalid data                                  |
| 401  | Unauthorized          | Authentication required                                   |
| 403  | Forbidden             | User is not allowed to access the resource                |
| 404  | Not Found             | Resource does not exist                                   |
| 500  | Internal Server Error | Unexpected error on the server                            |


#### In a Flask API,  Importantance of Status Codes are:-
##### Communicate Clearly with Clients: APIs often interact with other programs, not people. Status codes provide a standard way to communicate success or failure.
##### Enable Better Error Handling: Client applications can react appropriately based on the status code (e.g., retry on 500, show login form on 401).
##### Improve Debugging and Logging: Helps developers understand what's going wrong by looking at logs or response codes.

### Q20) How do you handle POST requests in Flask?

#### ANS- In Flask, handling POST requests involves creating a route that allows the POST method and then accessing the submitted data using Flask's request object.

In [None]:
from flask import Flask, request, jsonify
app = Flask(__name__)

In [2]:
#### 2. Create a POST Route

##### a) Handling JSON Data
@app.route('/submit', methods=['POST'])
def handle_post():
    data = request.get_json()  
    name = data.get('name')
    return jsonify({'message': f'Hello, {name}!'}), 200

In [None]:
#####b) Handling Form Data (e.g., from HTML forms)
@app.route('/submit', methods=['POST'])
def submit_form():
    name = request.form.get('name')
    return f"Hello, {name}!"

In [None]:
#### 3. Example HTML Form
<form action="/submit" method="POST">
  <input type="text" name="name">
  <button type="submit">Submit</button>
</form>

In [None]:
#### 4. Testing with curl or Postman
curl -X POST -H "Content-Type: application/json" \
    -d '{"name": "Alice"}' http://localhost:5000/api/data

### Q21) How would you secure a Flask API?

#### ANS-To secure a Flask API, several methods can be employed, focusing on authentication, authorization, and general security practices.
#### HTTPS:
It is crucial to enforce HTTPS to encrypt communication between the client and server, protecting sensitive data during transmission.

#### Authentication:
##### Token-based authentication (JWT): After a user logs in, the server sends a token that the user must include in subsequent requests. The server validates this token to authenticate the user. Libraries like Flask-JWT-Extended can be used to implement JWT authentication.
##### API Keys: Assign unique keys to clients, which they include in their requests. This method is simpler but less secure than token-based authentication.
##### OAuth 2.0: Implement OAuth 2.0 for more complex authorization scenarios, especially when third-party access is involved.

#### Authorization:
Role-Based Access Control (RBAC): Assign roles to users and grant permissions based on these roles. Libraries like Flask-Security can help implement RBAC.
#### Input Validation:
Sanitize and validate all user inputs to prevent injection attacks.
Use Flask-RESTful for request parsing and validation.
#### Error Handling and Logging:
Implement proper error handling to avoid exposing sensitive information.
Use logging to monitor and debug the API, but ensure logs do not contain sensitive data.
#### Security Headers:
Set HTTP security headers to protect against common web vulnerabilities like XSS and CSRF.
#### Rate Limiting:
Implement rate limiting to prevent brute-force attacks and DoS attacks.
#### Dependency Management:
Keep all dependencies updated to avoid security vulnerabilities in third-party libraries.

#### Disable Debug Mode:
Ensure debug mode is disabled in production to prevent exposing sensitive information and potential vulnerabilities.
#### Regular Security Audits:
Conduct regular security audits and penetration testing to identify and address potential vulnerabilities

### Q22) What is the significance of the Flask-RESTful extension?

#### ANS- The Flask-RESTful extension significantly simplifies the development of RESTful APIs within Flask applications. It provides a structured way to define resources, manage HTTP methods, and handle data serialization/deserialization, leading to cleaner, more maintainable code. By leveraging the Resource class, it enables developers to define HTTP methods as class methods, making it easier to organize and manage API endpoints. 
#### Key Significance:
##### Simplified API Development:
Flask RESTful abstracts away the complexities of defining and handling API endpoints, making the process more straightforward and efficient. 
##### Resource-Oriented Approach:
The Resource class encourages a well-structured approach to API design, promoting reusability and maintainability. 
##### Best Practice Adherence:
It encourages the use of RESTful principles, resulting in APIs that are easier to scale, maintain, and integrate with other services. 
##### Object-Oriented Programming:
It allows developers to write cleaner, more object-oriented code for API development. 
##### Data Serialization/Deserialization:
It provides built-in mechanisms for serializing and deserializing data, simplifying the process of handling data formats like JSON.

### Q23) What is the role of Flask’s session object?

#### ANS-Flask’s session object plays a key role in managing user-specific data across multiple requests. It's essentially used for storing data on a per-client basis during a browsing session.Key Roles of session in Flask:
#### State Management:
HTTP is a stateless protocol, so session helps preserve state (e.g., login status, user preferences) across requests.
#### Client-Side Storage:
Flask stores session data on the client side using a securely signed cookie. The data is serialized (using JSON) and cryptographically signed to prevent tampering.The cookie is stored in the user’s browser, and Flask verifies the signature to ensure the data hasn't been modified.
#### Storing Temporary Data:
It's commonly used to store temporary data such as User authentication status,Shopping cart contents,Flash messages (in conjunction with Flask’s flash() and get_flashed_messages()) etc.
#### Security:
Flask uses the SECRET_KEY config variable to sign the session cookie. Without this key, Flask can’t verify the session data

In [1]:
#In this example, the session tracks the logged-in user across different routes.

from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'your_secret_key_here'  # Required for session to work

@app.route('/login', methods=['POST'])
def login():
    session['username'] = request.form['username']
    return redirect(url_for('profile'))

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Welcome, {session['username']}!"
    return "You are not logged in."

@app.route('/logout')
def logout():
    session.pop('username', None)
    return "You have been logged out."

# Practical

### Q1) How do you create a basic Flask application?

#### ANS- 

In [6]:
pip install Flask

Note: you may need to restart the kernel to use updated packages.


In [10]:
#Create a Python file, e.g., app.py, with the following contents:
from flask import Flask

app = Flask(__name__)  

@app.route('/')
def home():
    return "Hello, Flask!"  

if __name__ == '__main__':
    app.run(debug=True) 

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

  warn("To exit: use 'exit', 'quit', or Ctrl-D.", stacklevel=1)


#Run the App
python app.py

You should see output like:
 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)

Open that URL in your browser, and you'll see:
Hello, Flask!

### Q2) How do you serve static files like images or CSS in Flask?

#### ANS- 

In [None]:
#templates/index.html:
<!DOCTYPE html>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='css/style.css') }}">
</head>
<body>
    <h1>Hello, Flask!</h1>
    <img src="{{ url_for('static', filename='images/logo.png') }}" alt="Logo">
</body>
</html>

In [1]:
#app.py:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def index():
    return render_template('index.html')

### Q3) How do you define different routes with different HTTP methods in Flask?

#### ANS- In Flask, you define different routes and handle different HTTP methods using the @app.route() decorator with the methods argument. Here's how you can do it:

In [12]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/example', methods=['GET'])
def get_example():
    return "This is a GET request"

@app.route('/example', methods=['POST'])
def post_example():
    return "This is a POST request"

@app.route('/example', methods=['PUT'])
def put_example():
    return "This is a PUT request"

@app.route('/example', methods=['DELETE'])
def delete_example():
    return "This is a DELETE request"

In [13]:
#You can also define a single function to handle multiple methods and distinguish between them using request.method:
from flask import Flask, request

app = Flask(__name__)

@app.route('/item', methods=['GET', 'POST'])
def handle_item():
    if request.method == 'GET':
        return "Handling GET"
    elif request.method == 'POST':
        return "Handling POST"

### Q4) How do you render HTML templates in Flask?

#### ANS- In Flask, you render HTML templates using the render_template() function, which loads an HTML file from the templates/ directory and injects data into it if needed.

In [None]:
#In templates/hello.html
<!doctype html>
<html>
  <head><title>Hello</title></head>
  <body>
    <h1>Hello, {{ name }}!</h1>
  </body>
</html>

In [10]:
# app.py
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/<name>')
def hello(name):
    return render_template('hello.html', name=name)

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

### Q5) How can you generate URLs for routes in Flask using url_for?

#### ANS- 

In [18]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/hello')
def hello():
    return "Hello!"

@app.route('/')
def index():
    # Generate URL for the 'hello' view function
    return f"Go to the hello page: {url_for('hello')}"

Output in browser:
Go to the hello page: /hello 

### Q6) How do you handle forms in Flask?

#### ANS- 

#Create the HTML Form
<!doctype html>
<html>
  <body>
    <form method="POST">
      <label>Name:</label>
      <input type="text" name="name">
      <input type="submit" value="Submit">
    </form>
  </body>
</html>

In [8]:
#Handle the Form in Your Flask App
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form['name']
        return f'Hello, {name}!'
    return render_template('form.html')

In [9]:
#Use WTForms for Validation
from flask import Flask, render_template, redirect
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired

app = Flask(__name__)
app.secret_key = 'your-secret-key'

class NameForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired()])
    submit = SubmitField('Submit')

@app.route('/', methods=['GET', 'POST'])
def form():
    form = NameForm()
    if form.validate_on_submit():
        return f'Hello, {form.name.data}!'
    return render_template('form_with_wtforms.html', form=form)

#And in templates/form_with_wtforms.html:
<form method="POST">
    {{ form.hidden_tag() }}
    {{ form.name.label }} {{ form.name() }}
    {{ form.submit() }}
</form>

### Q7) How can you validate form data in Flask?

#### ANS- 

In [3]:
#1. Manual Validation (Basic Flask) using request.form.
from flask import Flask, request, render_template, redirect, url_for

app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def form():
    error = None
    if request.method == 'POST':
        name = request.form.get('name')
        age = request.form.get('age')

        if not name:
            error = 'Name is required.'
        elif not age.isdigit():
            error = 'Age must be a number.'
        else:
            return f'Hello {name}, you are {age} years old.'

    return render_template('form.html', error=error)


#HTML (templates/form.html):
<form method="post">
    Name: <input type="text" name="name"><br>
    Age: <input type="text" name="age"><br>
    <input type="submit" value="Submit">
</form>
{% if error %}
    <p style="color:red;">{{ error }}</p>
{% endif %}


#2. Using Flask-WTF 

In [6]:
pip install flask-wtf

Collecting flask-wtf
  Downloading flask_wtf-1.2.2-py3-none-any.whl.metadata (3.4 kB)
Collecting wtforms (from flask-wtf)
  Downloading wtforms-3.2.1-py3-none-any.whl.metadata (5.3 kB)
Downloading flask_wtf-1.2.2-py3-none-any.whl (12 kB)
Downloading wtforms-3.2.1-py3-none-any.whl (152 kB)
Installing collected packages: wtforms, flask-wtf

   ---------------------------------------- 0/2 [wtforms]
   ---------------------------------------- 0/2 [wtforms]
   -------------------- ------------------- 1/2 [flask-wtf]
   ---------------------------------------- 2/2 [flask-wtf]

Successfully installed flask-wtf-1.2.2 wtforms-3.2.1
Note: you may need to restart the kernel to use updated packages.


In [7]:
from flask import Flask, render_template, redirect
from flask_wtf import FlaskForm
from wtforms import StringField, IntegerField, SubmitField
from wtforms.validators import DataRequired, NumberRange

app = Flask(__name__)
app.secret_key = 'secretkey' 

class MyForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired()])
    age = IntegerField('Age', validators=[DataRequired(), NumberRange(min=1, max=120)])
    submit = SubmitField('Submit')

@app.route('/', methods=['GET', 'POST'])
def form():
    form = MyForm()
    if form.validate_on_submit():
        name = form.name.data
        age = form.age.data
        return f'Hello {name}, you are {age} years old.'
    return render_template('form.html', form=form)


#templates/form.html
<form method="post">
    {{ form.hidden_tag() }}
    {{ form.name.label }} {{ form.name() }}<br>
    {{ form.age.label }} {{ form.age() }}<br>
    {{ form.submit() }}
</form>

{% for field, errors in form.errors.items() %}
    {% for error in errors %}
        <p style="color:red;">{{ error }}</p>
    {% endfor %}
{% endfor %}

### Q8) How do you manage sessions in Flask?

#### ANS- 

In [2]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'my_secret_key'  # Needed for session to work

# Home page
@app.route('/')
def home():
    if 'username' in session:
        return f"Hello, {session['username']}! <br><a href='/logout'>Logout</a>"
    return "You are not logged in. <br><a href='/login'>Login</a>"

# Login page
@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        session['username'] = request.form['username']  # Store username in session
        return redirect(url_for('home'))
    return '''
        <form method="post">
            Username: <input type="text" name="username">
            <input type="submit" value="Login">
        </form>
    '''

# Logout
@app.route('/logout')
def logout():
    session.pop('username', None)  # Remove user from session
    return redirect(url_for('home'))

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

  warn("To exit: use 'exit', 'quit', or Ctrl-D.", stacklevel=1)


#User visits home page (/):
If logged in (username in session), show greeting.If not, show link to login.

#User goes to login page (/login):
If form is submitted, Flask saves the username to the session using session['username'].

#Session keeps the user logged in:
Even when navigating back to /, Flask remembers the user.

#User logs out (/logout):
Flask removes the username from the session using session.pop().

### Q9) How do you redirect to a different route in Flask?

#### ANS- 

In [34]:
#using the redirect() function along with url_for():
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return 'Home Page'

@app.route('/redirect-me')
def redirect_me():
    return redirect(url_for('new_route'))

@app.route('/new-route')
def new_route():
    return 'You have been redirected!'

In [35]:
#Redirect with Parameters:
@app.route('/user/<username>')
def user_profile(username):
    return f'User: {username}'

@app.route('/go-to-user')
def go_to_user():
    return redirect(url_for('user_profile', username='john'))

### Q10) How do you handle errors in Flask (e.g., 404)?

#### ANS- 

In [33]:
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

In [None]:
#templates/404.html:
<h1>404 - Page Not Found</h1>
<p>Sorry, that page does not exist.</p>

### Q11) How do you structure a Flask app using Blueprints?

#### ANS-

In [16]:
#Create a Blueprint
##main/routes.py:
from flask import Blueprint, render_template

main = Blueprint('main', __name__, template_folder='templates')

@main.route('/')
def index():
    return render_template('main/index.html')

In [None]:
#Register Blueprint in the Main App
##app.py:
from flask import Flask
from main import main

app = Flask(__name__)
app.register_blueprint(main)

if __name__ == '__main__':
    app.run(debug=True)

In [None]:
#Create a Template
##main/templates/main/index.html:
<!doctype html>
<html>
  <head><title>Home</title></head>
  <body>
    <h1>Hello from Blueprint!</h1>
  </body>
</html>

When you run app.py and navigate to http://127.0.0.1:5000/, you’ll see the output from main/index.html.

### Q12) How do you define a custom Jinja filter in Flask?

#### ANS- 

In [3]:
# app.py
from flask import Flask, render_template
app = Flask(__name__)

@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]
@app.route('/')
def home():
    return render_template('hello.html', name="Flask")

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with stat


SystemExit: 1

In [None]:
#templates/hello.html
<!DOCTYPE html>
<html>
<head>
    <title>Custom Jinja Filter</title>
</head>
<body>
    <h1>Custom Jinja Filter Example</h1>
    <p>Original Name: {{ name }}</p>
    <p>Reversed Name: {{ name | reverse }}</p>
</body>
</html>

Save the files (app.py and hello.html inside a templates folder).
Run the Flask app:python app.py
Open your browser and go to http://127.0.0.1:5000.

In [None]:
Open your browser and go to http://127.0.0.1:5000.
Original Name: Flask
Reversed Name: ksalF

### Q13) How can you redirect with query parameters in Flask?

#### ANS- 

In Flask, you can redirect with query parameters using redirect() and url_for() by passing additional keyword arguments to url_for()—these get converted into query parameters.

In [2]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def index():
    # Redirect to /search with query parameters
    return redirect(url_for('search', q='flask', page=2))

@app.route('/search')
def search():
    query = request.args.get('q')
    page = request.args.get('page', type=int)
    return f"Search query: {query}, Page: {page}"

#Output: Visiting / will redirect you to:

/search?q=flask&page=2

### Q14) How do you return JSON responses in Flask?

#### ANS- In Flask, you can return JSON responses easily using the jsonify() function, which converts Python dictionaries (or other serializable data structures) into a proper JSON response with the correct Content-Type.

In [19]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        "name": "Alice",
        "age": 30,
        "location": "Wonderland"
    }
    return jsonify(data)

#Response Output:

{
  "name": "Alice",
  "age": 30,
  "location": "Wonderland"
}

### Q15) How do you capture URL parameters in Flask?

#### ANS- In Flask, you can capture URL parameters (also called route parameters or path variables) by including them in the route using angle brackets < >, and then using them as arguments in your view function.

In [20]:
from flask import Flask

app = Flask(__name__)

@app.route('/user/<username>')
def show_user(username):
    return f"User: {username}"

Visiting: /user/alice
Returns: User: alice

In [23]:
#You can specify a type in the URL:
@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"

In [24]:
#Multiple Parameters:
@app.route('/user/<username>/post/<int:post_id>')
def user_post(username, post_id):
    return f"User: {username}, Post: {post_id}"