# **Restful API & Flask**

1. What is a RESTful API?

->>

A RESTful API (Representational State Transfer API) is an architectural style for building web services that communicate over HTTP using standard methods. It is designed around resources—things like users, products, or data—which are accessed and manipulated using a predefined set of operations.

A RESTful API is:

* Based on standard HTTP methods
* Resource-oriented
* Stateless
* Often uses JSON for communication

2. Explain the concept of API specification.

->>

An API specification is a detailed, formal description of how an API works—what endpoints it provides, what data it expects, what it returns, and how clients should interact with it. It's like a contract between the API provider and its consumers.

An API specification is like a blueprint for how an API works. It describes what the API does, how it should be used, and what responses to expect—allowing humans and machines to understand and work with it effectively.

3. What is Flask, and why is it popular for building APIs?

->>

Flask is a lightweight, open-source web framework written in Python. It's designed to make it easy to build web applications and RESTful APIs with minimal setup. Flask is often described as a "micro" framework because it provides the core features you need and leaves the rest to you, giving you full control over your app's structure and components.

Flask is a simple, powerful, and flexible Python framework that's ideal for building APIs. Its lightweight design, ease of use, and rich ecosystem make it a favorite choice for developers—from beginners to professionals.

 1. Lightweight and Minimalistic.
 2. Easy to Learn and Use.   
 3. Flexible and Extensible.
 4. Large Ecosystem.
 5. Great for RESTful APIs.

4. What is routing in Flask?

->>

Routing in Flask refers to the process of mapping a URL path to a specific function in your application. This allows Flask to determine what code to run when a user accesses a particular URL.

Each route is defined using the @app.route() decorator, which connects a URL pattern to a Python function.

* Maps URLs to Python functions.
* Supports dynamic and type-specific routes.
* Can handle different HTTP methods.
* Is central to building web pages and RESTful APIs.

5. How do you create a simple Flask application?

->>

*  Install Flask

       pip install flask

* Create the App File

      file named-  app.py

    add the code

      from flask import Flask

      app = Flask(__name__)

      @app.route('/')
      def home():
          return 'Hello, World!'

      if __name__ == '__main__':
          app.run(debug=True)

* Run the Flask App

6. What are HTTP methods used in RESTful APIs?

->>

In RESTful APIs, HTTP methods define the type of action the client wants to perform on a resource. These methods map directly to CRUD operations—Create, Read, Update, and Delete.

7. What is the purpose of the @app.route() decorator in Flask?

->>

The @app.route() decorator in Flask is used to bind a URL path to a Python function—effectively telling Flask which function should run when a specific route is accessed in the browser.

It defines a route in your web application. When a user visits the specified URL, Flask calls the corresponding view function and returns its response.

The @app.route() decorator:
* Connects URL paths to functions.
* Enables dynamic routing with URL variables.
* Supports multiple HTTP methods like GET, POST, etc.

8. What is the difference between GET and POST HTTP methods?

->>

GET Method
* Purpose: Retrieve data from the server.
* Data Location: Sent in the URL query string (e.g., ?name=John).
* Safe: Yes — it doesn’t modify server data.
* Idempotent: Yes — same request = same result every time.
* Caching: Often cached by browsers.
* Visible Data: Data is visible in the URL (not secure for sensitive info).


POST Method
* Purpose: Submit data to the server to create or update a resource.
* Data Location: Sent in the request body, not visible in the URL.
* Safe: No — it can modify server state.
* Idempotent: No — sending the same POST multiple times may have side effects.
* Caching: Typically not cached.
* Used For: Forms, file uploads, authentication, etc.

9.  How do you handle errors in Flask APIs?

->>

In Flask APIs, error handling is important for returning clear, consistent, and user-friendly responses when something goes wrong (like missing data or invalid input).

Flask provides several ways to handle errors gracefully:

1. Using abort() for Common HTTP Errors
2. Custom Error Handlers with @app.errorhandler
3. Handling Unexpected Exceptions
4. Return Custom JSON Responses in Your Logic

10. How do you connect Flask to a SQL database?

->>

Connecting Flask to a SQL database typically involves using an ORM (Object-Relational Mapper) like SQLAlchemy, which lets you interact with the database using Python objects instead of raw SQL queries.

Here’s a step-by-step overview to connect Flask with a SQL database using Flask-SQLAlchemy:
1. Install Dependencies


    pip install flask sqlalchemy flask-sqlalchemy

2. Basic Flask App Setup with SQLAlchemy


    from flask import Flask
    from flask_sqlalchemy import SQLAlchemy

    app = Flask(__name__)

    app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///mydatabase.db'

    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

    db = SQLAlchemy(app)

    class User(db.Model):
        id = db.Column(db.Integer, primary_key=True)
        username = db.Column(db.String(80), unique=True, nullable=False)
        email = db.Column(db.String(120), unique=True,nullable=False)

        def __repr__(self):
            return f'<User {self.username}>'

    @app.route('/')
    def index():
        return 'Hello, Flask with SQL!'

    if __name__ == '__main__':
        with app.app_context():
            db.create_all()
        app.run(debug=True)


3. Using the Database
  * Add records


    with app.app_context():
        new_user = User(username='alice',email='alice@example.com')
        db.session.add(new_user)
        db.session.commit()
  * Query records


    with app.app_context():
        user = User.query.filter_by(username='alice').first()
        print(user.email)



* Use Flask-SQLAlchemy to easily integrate SQL databases with Flask.
* Define models as Python classes.
* Use db.session to add, update, delete, and query records.
* Configure the database URI in app.config.

11. What is the role of Flask-SQLAlchemy?

->>

Flask-SQLAlchemy is an extension for Flask that integrates the powerful SQLAlchemy ORM (Object-Relational Mapper) with Flask applications, making it much easier to work with databases in a Flask project.

Flask-SQLAlchemy acts as a bridge between Flask and SQLAlchemy, simplifying database operations and enabling you to work with databases in a more Pythonic, maintainable way.

1. Simplifies Database Integration

    It provides a convenient way to set up and use SQLAlchemy within Flask, managing configuration and the application context automatically.

2. Object-Relational Mapping (ORM)

    Allows you to interact with your database using Python classes and objects instead of writing raw SQL queries. This makes your code cleaner, more readable, and easier to maintain.

3. Session Management

    Handles database sessions and connections under the hood, so you don’t have to manage those manually.

4. Model Definition

    Lets you define your database tables as Python classes (called models) with attributes representing columns.

5. Querying Made Easy

    Provides an intuitive query API to fetch, filter, update, and delete records.

12. What are Flask blueprints, and how are they useful?

->>

Flask Blueprints are a way to organize a Flask application into smaller, reusable components or modules. They help you structure your app more cleanly, especially as it grows bigger.

* A blueprint is like a mini Flask app.
* It can define its own routes, error handlers, static files, templates, and more.
* You register blueprints on the main Flask application to include their routes and functionality.

Useful


1. Modularity

    Break your app into logical pieces (e.g., auth, admin, blog).

2. Reusability

    Blueprints can be packaged and reused across multiple projects.

3. Team Collaboration

    Different teams or developers can work on different blueprints independently.

4. Cleaner Codebase

    Keeps the main app file smaller and more maintainable.

13. What is the purpose of Flask's request object?

->>

The Flask request object represents the incoming HTTP request from a client. It gives your Flask app access to all the data sent by the client so you can read and process it.

* Access request data: headers, query parameters, form data, JSON payloads, cookies, files, etc.
* Understand the request: method (GET, POST, etc.), URL, user agent, IP address, etc.
* Control flow: Make decisions based on what the client sent.

14. How do you create a RESTful API endpoint using Flask?

->>

Creating a RESTful API endpoint in Flask involves defining routes that respond with JSON data and handle different HTTP methods like GET, POST, PUT, DELETE. Here’s a simple example of how to create a RESTful API endpoint:


    from flask import Flask, jsonify, request, abort

    app = Flask(__name__)

    tasks = [
        {"id": 1, "title": "Buy groceries", "done": False},
        {"id": 2, "title": "Read a book", "done": True},
    ]

    @app.route('/tasks', methods=['GET'])
    def get_tasks():
        return jsonify(tasks)

    @app.route('/tasks/<int:task_id>', methods=['GET'])
    def get_task(task_id):
        task = next((task for task in tasks if task['id'] == task_id), None)
        if task is None:
            abort(404)
        return jsonify(task)

    @app.route('/tasks', methods=['POST'])
    def create_task():
        if not request.json or 'title' not in request.json:
            abort(400, description="Title is required")
        new_task = {
            'id': tasks[-1]['id'] + 1 if tasks else 1,
            'title': request.json['title'],
            'done': False
        }
        tasks.append(new_task)
        return jsonify(new_task), 201

    @app.route('/tasks/<int:task_id>', methods=['PUT'])
    def update_task(task_id):
        task = next((task for task in tasks if task['id'] == task_id), None)
        if task is None:
            abort(404)
        if not request.json:
            abort(400)
    
        task['title'] = request.json.get('title', task['title'])
        task['done'] = request.json.get('done', task['done'])
        return jsonify(task)

    @app.route('/tasks/<int:task_id>', methods=['DELETE'])
    def delete_task(task_id):
        global tasks
        task = next((task for task in tasks if task['id'] == task_id), None)
        if task is None:
            abort(404)
        tasks = [t for t in tasks if t['id'] != task_id]
        return jsonify({'result': True})

    if __name__ == '__main__':
        app.run(debug=True)

15.  What is the purpose of Flask's jsonify() function?

->>

The purpose of Flask's jsonify() function is to convert Python data structures into a JSON-formatted HTTP response that Flask can send back to the client.

* Takes Python objects like dictionaries, lists, etc.
* Serializes them into JSON.
* Sets the Content-Type header to application/json.
* Returns a Flask Response object ready to send.


* It ensures the response is correctly formatted as JSON.
* It automatically sets appropriate headers.
* It handles encoding safely (e.g., special characters).




16. Explain Flask’s url_for() function.

->>

Flask’s url_for() function is used to build URLs dynamically for your application’s routes based on the function name that handles the route, rather than hardcoding URLs as strings.

* Generates a URL to a specific view function by its endpoint name (usually the function name).
* Helps avoid hardcoding URLs, making your code more maintainable and flexible.
* Automatically handles URL building including any dynamic parts (like variables in the route).
* Works well with different URL prefixes, blueprints, or changes in route structure.

17. How does Flask handle static files (CSS, JavaScript, etc.).

->>

Flask handles static files like CSS, JavaScript, images, and other assets through a special static folder in your project directory.

* By default, Flask looks for static files in a folder named static at the root of your project.
* Files placed inside the static folder can be accessed by the client via the URL path /static/<filename>.
* Flask automatically serves these files without needing to write explicit routes.

18. What is an API specification, and how does it help in building a Flask API?

->>

An API specification is a formal, structured document that describes how an API works — detailing its endpoints, request methods, parameters, request/response formats, authentication, error codes, and more.

API Specification
* A blueprint or contract for how clients and servers communicate via the API.
* Defines what endpoints exist, what data they expect, and what responses they return.
* Examples include OpenAPI (Swagger), RAML, and API Blueprint.

API Specification Helps in Building a Flask API

* Clear Design Before Coding

    You define how your API should behave upfront, making development more organized and consistent.

* Automatic Documentation

    Tools can generate human-readable API docs directly from the specification.

* Client & Server Agreement

    Ensures both frontend (clients) and backend (your Flask app) agree on request/response formats.

* Easier Testing and Validation

    You can auto-generate test cases or validate requests/responses against the spec.

* Supports Code Generation

    Some tools generate Flask boilerplate code or client SDKs from the API spec.



19.  What are HTTP status codes, and why are they important in a Flask API?

->>

HTTP status codes are standardized three-digit numbers sent by a server in response to a client’s HTTP request. They indicate the result of the request — whether it was successful, resulted in an error, or needs further action.

* Communicate Result Clearly

    Clients know if their request succeeded or failed, and why.

* Help Client Handling

    Enables clients (browsers, apps) to handle responses appropriately (retry, show error messages, redirect).

* Improve Debugging

    Helps developers diagnose what went wrong.

* RESTful API Best Practices

    Proper use of status codes aligns your API with HTTP standards and expectations.

20. How do you handle POST requests in Flask?

->>

To handle POST requests in Flask, you define a route that accepts the POST method and use the request object to access the data sent by the client.

* Import required modules
* Define a route with methods=['POST']
* Use request.form or request.json to get the data
* Return a response (usually JSON)

21. How would you secure a Flask API?

->>

Securing a Flask API involves implementing multiple layers of protection to ensure that data is transmitted safely, users are authenticated and authorized, and the API is protected from common attacks.

1. Use HTTPS
    * Always deploy your Flask app behind a web server (like Nginx) with an SSL certificate.

    * HTTPS ensures encrypted data transfer, protecting sensitive data like tokens and passwords.
2. Authentication & Authorization
    * Use JWT (JSON Web Tokens) or OAuth2 for secure authentication.

    * Libraries like Flask-JWT-Extended help enforce authentication.
3. Input Validation
    * Always validate user input to prevent attacks like SQL injection and XSS.

    * Use libraries like Marshmallow or Pydantic to define schemas and enforce types.

4. Rate Limiting
    * Prevent abuse (e.g., brute-force login attempts) using rate limiting.

    * Use Flask-Limiter.
5. Cross-Origin Resource Sharing (CORS)
    * Use Flask-CORS to control which origins are allowed to access your API.
6. Secure Configuration
    * Never expose secrets like API keys or database credentials.

    * Load secrets from environment variables or a secure vault.

    * Disable DEBUG mode in production.
7. Security Headers
    * Set headers like Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security via your server or Flask.

8. Limit Data Exposure
    * Avoid returning sensitive information in responses.

    * Sanitize error messages and stack traces.

9. Logging & Monitoring
    * Log access and errors securely.

    * Use tools like Sentry, ELK stack, or Prometheus/Grafana to monitor behavior and spot anomalies.

10. Regular Updates & Dependency Checks
    * Keep Flask and extensions updated.

    * Use pip-audit or safety to scan for vulnerable packages.



22. What is the significance of the Flask-RESTful extension?

->>

The Flask-RESTful extension is a popular Flask extension that simplifies the process of building RESTful APIs. It provides tools and abstractions to help you write clean, maintainable, and scalable API endpoints.



23. What is the role of Flask’s session object?

->>

The session object in Flask is used to store data across requests for a particular user — it allows you to persist information (like login status, user preferences, or temporary data) between different HTTP requests made by the same client.

# **Practical**

1. How do you create a basic Flask application?

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


2. How do you serve static files like images or CSS in Flask?

In [None]:
from flask import Flask, url_for, render_template_string

app = Flask(__name__)

@app.route('/')
def home():
    # Use url_for to generate the URL for static files
    css_url = url_for('static', filename='styles.css')
    logo_url = url_for('static', filename='logo.png')
    return render_template_string('''
        <html>
        <head><link rel="stylesheet" href="{{ css_url }}"></head>
        <body>
            <h1>Welcome!</h1>
            <img src="{{ logo_url }}" alt="Logo">
        </body>
        </html>
    ''', css_url=css_url, logo_url=logo_url)

if __name__ == '__main__':
    app.run(debug=True)

 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with stat


3. How do you define different routes with different HTTP methods in Flask?

In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/items', methods=['GET'])
def get_items():
    return jsonify({"message": "This is a GET request to fetch items"})

@app.route('/items', methods=['POST'])
def create_item():
    data = request.get_json()
    return jsonify({"message": "Item created", "item": data}), 201

@app.route('/items/<int:item_id>', methods=['PUT'])
def update_item(item_id):
    data = request.get_json()
    return jsonify({"message": f"Item {item_id} updated", "updated_data": data})

@app.route('/items/<int:item_id>', methods=['DELETE'])
def delete_item(item_id):
    return jsonify({"message": f"Item {item_id} deleted"})

if __name__ == '__main__':
    app.run(debug=True)

4. How do you render HTML templates in Flask?

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    # Render an HTML template named 'index.html' located in the 'templates' folder
    return render_template('index.html', title="Home Page", username="Alice")

if __name__ == '__main__':
    app.run(debug=True)

5. How can you generate URLs for routes in Flask using url_for?

In [None]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return "This is the home page."

@app.route('/user/<username>')
def profile(username):
    return f"User profile for {username}"

@app.route('/links')
def links():
    # Generate URLs for the 'home' and 'profile' routes
    home_url = url_for('home')
    profile_url = url_for('profile', username='john_doe')
    return f"""
    <a href="{home_url}">Home</a><br>
    <a href="{profile_url}">John's Profile</a>
    """

if __name__ == '__main__':
    app.run(debug=True)

6. How do you handle forms in Flask?

In [None]:
from flask import Flask, request, render_template_string, redirect, url_for

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        # Access form data
        name = request.form.get('name')
        email = request.form.get('email')
        # Process data (e.g., save to database)
        return redirect(url_for('success', username=name))

    # Render simple HTML form
    return render_template_string('''
        <form method="POST">
            Name: <input type="text" name="name" required><br>
            Email: <input type="email" name="email" required><br>
            <input type="submit" value="Submit">
        </form>
    ''')

@app.route('/success/<username>')
def success(username):
    return f"Form submitted successfully! Welcome, {username}."

if __name__ == '__main__':
    app.run(debug=True)

7. How can you validate form data in Flask?

In [None]:
from flask import Flask, request, render_template_string, redirect, url_for, flash
from flask_wtf import FlaskForm
from wtforms import StringField, EmailField
from wtforms.validators import DataRequired, Email, Length

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Needed for CSRF protection and flashing messages

class MyForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired(), Length(min=2, max=50)])
    email = EmailField('Email', validators=[DataRequired(), Email()])

@app.route('/form', methods=['GET', 'POST'])
def form():
    form = MyForm()
    if form.validate_on_submit():
        name = form.name.data
        email = form.email.data
        return redirect(url_for('success', username=name))
    # Render form with validation error messages
    return render_template_string('''
        <form method="POST">
            {{ form.hidden_tag() }}
            Name: {{ form.name(size=20) }}<br>
            {% for error in form.name.errors %}
                <span style="color:red;">{{ error }}</span><br>
            {% endfor %}
            Email: {{ form.email(size=20) }}<br>
            {% for error in form.email.errors %}
                <span style="color:red;">{{ error }}</span><br>
            {% endfor %}
            <input type="submit" value="Submit">
        </form>
    ''', form=form)

@app.route('/success/<username>')
def success(username):
    return f"Form submitted successfully! Welcome, {username}."

if __name__ == '__main__':
    app.run(debug=True)

8. How do you manage sessions in Flask?

In [None]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Required to use sessions securely

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        # Store username in session after login
        session['username'] = request.form['username']
        return redirect(url_for('profile'))
    return '''
        <form method="POST">
            Username: <input type="text" name="username">
            <input type="submit" value="Login">
        </form>
    '''

@app.route('/profile')
def profile():
    # Access session data
    if 'username' in session:
        return f"Logged in as {session['username']}"
    return "You are not logged in."

@app.route('/logout')
def logout():
    # Clear the session
    session.pop('username', None)
    return redirect(url_for('login'))

if __name__ == '__main__':
    app.run(debug=True)

9. How do you redirect to a different route in Flask?

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    # Redirect to the 'welcome' route
    return redirect(url_for('welcome'))

@app.route('/welcome')
def welcome():
    return "Welcome to the redirected page!"

if __name__ == '__main__':
    app.run(debug=True)

10. How do you handle errors in Flask (e.g., 404)?

In [None]:
from flask import Flask, render_template_string

app = Flask(__name__)

@app.errorhandler(404)
def not_found_error(error):
    return render_template_string('''
        <h1>404 Not Found</h1>
        <p>The page you are looking for does not exist.</p>
    '''), 404

@app.route('/')
def home():
    return "Welcome to the home page!"

if __name__ == '__main__':
    app.run(debug=True)

11. How do you structure a Flask app using Blueprints?

In [None]:
from flask import Blueprint

users_bp = Blueprint('users', __name__, url_prefix='/users')

@users_bp.route('/')
def users_home():
    return "Users Home Page"

@users_bp.route('/profile')
def profile():
    return "User Profile Page"

# products/routes.py
from flask import Blueprint

products_bp = Blueprint('products', __name__, url_prefix='/products')

@products_bp.route('/')
def products_home():
    return "Products Home Page"

@products_bp.route('/details')
def details():
    return "Product Details Page"

# app.py
from flask import Flask
from users.routes import users_bp
from products.routes import products_bp

app = Flask(__name__)

# Register blueprints
app.register_blueprint(users_bp)
app.register_blueprint(products_bp)

@app.route('/')
def home():
    return "Main Home Page"

if __name__ == '__main__':
    app.run(debug=True)

12. How do you define a custom Jinja filter in Flask?

In [None]:
from flask import Flask, render_template_string

app = Flask(__name__)

# Define a custom Jinja filter function
def reverse_string(s):
    return s[::-1]

# Register the filter with Flask
app.jinja_env.filters['reverse'] = reverse_string

@app.route('/')
def home():
    text = "Flask"
    # Use the custom filter 'reverse' in the template
    return render_template_string('''
        Original: {{ text }} <br>
        Reversed: {{ text|reverse }}
    ''', text=text)

if __name__ == '__main__':
    app.run(debug=True)

13. How can you redirect with query parameters in Flask?

In [None]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/search')
def search():
    # Get query parameters from URL
    query = request.args.get('q', '')
    return f"Search results for: {query}"

@app.route('/redirect-to-search')
def redirect_to_search():
    # Redirect to '/search' with query parameters
    return redirect(url_for('search', q='flask tutorials', page=2))

if __name__ == '__main__':
    app.run(debug=True)

14. How do you return JSON responses in Flask?

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def api_data():
    data = {
        "name": "Alice",
        "age": 30,
        "city": "New York"
    }
    return jsonify(data)  # Automatically converts dict to JSON response

if __name__ == '__main__':
    app.run(debug=True)

15. How do you capture URL parameters in Flask?

In [None]:
from flask import Flask

app = Flask(__name__)

# Capture a string parameter from the URL
@app.route('/user/<username>')
def show_user(username):
    return f"User: {username}"

# Capture an integer parameter from the URL
@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"

if __name__ == '__main__':
    app.run(debug=True)