<a href="https://colab.research.google.com/github/kalpanaSharma20117/PW_DATA_ANALYTICS/blob/main/Flask_API.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Assignment- Restful API & Flask


### Ques1. What is a RESTful API?


A RESTful API (Representational State Transfer API) is a way for two computer systems (like your web browser and a server) to communicate over the internet using HTTP requests (like GET, POST, PUT, DELETE) in a structured and consistent way.


### Ques2. Explain the concept of API specification.


An API specification is like a blueprint that clearly defines how an API behaves, what requests it expects, and what responses it will return. It helps developers understand how to interact with an API without needing to read the backend code.
#### What API Specification Includes:
Feature	Description  
Endpoints	-URLs where API can be accessed (e.g., /users, /products/:id)  
Methods-	HTTP methods allowed (GET, POST, PUT, DELETE, etc.)  
Request -Parameters	Required/optional inputs (like headers, query params, body data)  
Request Format-	Expected format of input (e.g., JSON, XML)  
Response Format	-What the API sends back (status code, response body format)  
Status Codes-	E.g., 200 OK, 404 Not Found, 500 Server Error  
Authentication-	If and how to provide tokens, API keys, etc.  

#### Ques3. What is Flask, and why is it popular for building APIs?


Flask is a lightweight web framework written in Python, used for building web applications and RESTful APIs quickly and easily.
Flask is popular for building APIs because it’s simple, fast, and flexible, especially for beginners and small-to-medium projects.
1.  Built-in Development Server	we can run and test our API easily on our local machine.
2.  Simplicity	Very easy to understand and write. Few lines of code can build an API.
3.  Easily Extendable	Add features like authentication, databases, etc., using extensions.

#### Ques4.What is routing in Flask?


Routing in Flask is the process of connecting URLs (routes) to functions in your Python code. When a user visits a specific URL, Flask knows which function to run based on the route.



In [1]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to the homepage!"

@app.route('/about')
def about():
    return "This is the about page."


#### Ques5.How do you create a simple Flask application.


In [2]:
!pip install flask




In [None]:
from flask import Flask

app = Flask(__name__)  # Initialize the app

@app.route('/')  # Define the route for the homepage
def home():
    return "Hello, Flask!"  # Response for this route

# Run the app
if __name__ == '__main__':
    app.run(debug=True)


In [None]:
python app.py #(In terminal)


#### Ques6. What are HTTP methods used in RESTful APIs?


RESTful APIs use HTTP methods to define the type of action to be performed on a resource. These methods map to CRUD operations (Create, Read, Update, Delete).
for ex:  
Let’s say you're working with a /users resource.

GET /users → List all users

GET /users/1 → Get user with ID = 1

POST /users → Create a new user

PUT /users/1 → Replace user 1’s entire data

PATCH /users/1 → Modify only part of user 1’s data

DELETE /users/1 → Remove user 1

#### Ques7. What is the purpose of the @app.route() decorator in Flask


The @app.route() decorator in Flask is used to map a specific URL to a Python function. This function becomes a view function, and it handles requests sent to that URL.It tells Flask:  
“When someone visits this URL, run this function.”

In [None]:
@app.route('/hello')
def hello():
    return 'Hello, World!'


#### Ques8.What is the difference between GET and POST HTTP methods?


1. GET:  
  Retrieve data from the server,  
  Data in Request: Sent via URL parameters (query string)  
  Data visible in URL (less secure)    
  Limited by URL length (usually ~2000 chars)  
  Possible to bookmark the URL with parameters  
  Use Case: Getting/fetching data without side effects  

2. POST:  
  Send data to the server (usually to create/update resources)
  Data in Request: Data in Request
  Data not shown in URL (more secure)
  No practical limit of data length (depends on server configuration)
  use case: Submitting form data, uploading files, changing server state

GET: Used to fetch data; parameters are in the URL; safe and idempotent.  
POST: Used to send data; data is in the request body; changes server state; not idempotent

#### Ques 9. How do you handle errors in Flask APIs?


1. Using Flask’s @app.errorhandler Decorator

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

# Handle 404 Not Found error
@app.errorhandler(404)
def not_found(error):
    return jsonify({"error": "Resource not found"}), 404

# Handle 500 Internal Server Error
@app.errorhandler(500)
def internal_error(error):
    return jsonify({"error": "Internal server error"}), 500


2. Raising HTTP Exceptions

In [None]:
from flask import abort

@app.route('/item/<int:item_id>')
def get_item(item_id):
    item = find_item(item_id)
    if not item:
        abort(404)  # Raises 404 error
    return jsonify(item)


#### Ques10. How do you connect Flask to a SQL database?


SQLAlchemy is a powerful ORM (Object Relational Mapper) that makes it easy to interact with SQL databases.

In [None]:
pip install Flask
pip install Flask-SQLAlchemy

In [None]:
app = Flask(__name__)
# For SQLite database (file-based)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///mydatabase.db'
db = SQLAlchemy(app)

#Define database models (tables) using Python classes:
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)

    def __repr__(self):
        return f'<User {self.username}>'

with app.app_context():
    db.create_all()

# Adding a new user
new_user = User(username='john', email='john@example.com')
db.session.add(new_user)
db.session.commit()

# Query users
users = User.query.all()
print(users)


#### Ques11. What is the role of Flask-SQLAlchemy?


Flask-SQLAlchemy is an extension for Flask that simplifies working with SQL databases using SQLAlchemy, a powerful Object Relational Mapper (ORM).
You only need to set the connection string (SQLALCHEMY_DATABASE_URI) in the app config.
Instead of writing raw SQL queries, you define Python classes that map to database tables.
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80))
Feature and Role of Flask-SQLAlchemy  
DB -- connection	Simplifies URI setup for various databases  
ORM --	Use Python classes instead of SQL queries  
Table creation --	db.create_all() creates tables automatically  
CRUD operations	-- Easy insert, update, delete using db.session  
Querying	-- Use .query.filter_by() instead of SQL  


#### Ques12. What are Flask blueprints, and how are they useful?


A Blueprint in Flask is a way to organize your application into modular, reusable components.


In [None]:
#Step 1: Create a Blueprint
# user.py
from flask import Blueprint

user_bp = Blueprint('user', __name__)

@user_bp.route('/profile')
def profile():
    return "User Profile Page"

#step2: Register the Blueprint in Your Main App
# app.py
from flask import Flask
from user import user_bp

app = Flask(__name__)
app.register_blueprint(user_bp, url_prefix='/user')

if __name__ == '__main__':
    app.run(debug=True)



Blueprints are very Useful:
1. Modular Code
2. Reusability
3. Separation of Concerns: Separate logic like user auth, admin panel, etc.



#### Ques13. What is the purpose of Flask's request object?


Flask's request object (imported from flask) is used to access incoming request data sent by the client (like a browser or API call).

It helps you retrieve information such as:
Form data  
Query parameters  
JSON payloads  
Headers  
HTTP methods  
Files  
When a user sends data (via a form, API request, etc.), Flask stores this data in the request object. This allows your application to process user input.

#### Ques14. How do you create a RESTful API endpoint using Flask?


To create a RESTful API endpoint in Flask, you define routes that correspond to HTTP methods like GET, POST, PUT, DELETE.


In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)
books = [
    {'id': 1, 'title': 'The Alchemist', 'author': 'Paulo Coelho'},
    {'id': 2, 'title': '1984', 'author': 'George Orwell'}
]
# GET: Fetch all books
@app.route('/books', methods=['GET'])
def get_books():
    return jsonify(books)

# GET by ID: Get a specific book
@app.route('/books/<int:book_id>', methods=['GET'])
def get_book(book_id):
    for book in books:
        if book['id'] == book_id:
            return jsonify(book)
    return jsonify({'error': 'Book not found'}), 404

# POST: Add a new book
@app.route('/books', methods=['POST'])
def add_book():
    data = request.get_json()
    books.append(data)
    return jsonify({'message': 'Book added successfully!'}), 201

#### Ques15. What is the purpose of Flask's jsonify() function?


Flask’s jsonify() function is used to convert Python data structures (like dict, list) into JSON format, which is the standard data format for APIs.
* It automatically sets the correct Content-Type header to application/json.
* Ensures the response is properly serialized JSON.
* Works well with HTTP clients like Postman, JavaScript, etc.



#### Ques. 16 Explain Flask’s url_for() function.


Flask’s url_for() function is used to dynamically build URLs for a given function name (i.e., endpoint), rather than hardcoding URLs manually in your code.
* Automatically generates correct URLs even if routes change.
* Avoids hardcoding paths → easier to maintain.
* Useful for linking to other views or for redirects.

#### Ques 17. How does Flask handle static files (CSS, JavaScript, etc.)?


Flask handles static files (like CSS, JavaScript, images) using a special folder named static/ in your project directory.
Best practice is to Keep your CSS, JS, images inside the static/ folder.
Always use url_for('static', filename='...') for linking to static files in templates.

#### Ques18. What is an API specification, and how does it help in building a Flask API?


An API specification is a blueprint or contract that defines how your API works. It describes:
* What endpoints are available (URLs)
* What HTTP methods are supported (GET, POST, etc.)
* What parameters should be passed (query, path, body)
* What data is returned (response format)
* What errors can occur and how they are reported.

API Specification is like a contract that defines how an API behaves.
It helps make Flask API development faster, clearer, and easier to maintain and test.



#### Ques19. What are HTTP status codes, and why are they important in a Flask API?


HTTP status codes are three-digit numbers returned by a server in response to an API request.
They indicate whether the request was successful, failed, or resulted in an error, and what kind of issue it was.

Code Range And it's meaning:
1xx	Informational	100 Continue
2xx	Success	200 OK, 201 Created
3xx	Redirection	301 Moved Permanently
4xx	 Client Errors	400 Bad Request, 404 Not Found
5xx	 Server Errors	500 Internal Server Error.

It is important in:
*  Security & Validation: Helps to inform if access is denied (e.g., 403 Forbidden) or input is wrong (400).
* Help in Debugging: 	Different status codes help identify what went wrong — client mistake or server error.





#### Ques20. How do you handle POST requests in Flask?

In Flask, you handle POST requests by:  
Creating a route that accepts POST method.  
Using Flask’s request object to access incoming data from the request body.  


In [None]:
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/submit', methods=['POST'])  # Step 1: Allow POST
def submit_data():
    data = request.get_json()  # Step 2: Get JSON data from POST body
    name = data.get('name')    # Step 3: Access individual fields
    return jsonify(message=f"Hello, {name}! Your data was received."), 200


#### Ques 21.How would you secure a Flask API?


Securing a Flask API involves several layers of protection to ensure that only authorized users can access the API, data is safe, and the system is resilient against attacks.
Key Techniques to Secure a Flask API:
*  Authentication & Authorization: we can use token based authentication like JWT.
* Use HTTPS:
Always deploy your API behind HTTPS to encrypt data in transit.
* Error Handling:
Avoid revealing sensitive info in error messages.
* Secure Headers:
Set HTTP headers to protect against common vulnerabilities:
Content-Security-Policy  
X-Content-Type-Options  
X-Frame-Options  


#### Ques22. What is the significance of the Flask-RESTful extension?


Flask-RESTful is an extension for Flask that simplifies building RESTful APIs. It provides tools and abstractions to make API development faster, cleaner, and more organized.
Key Significance / Benefits of Flask-RESTful:
Simplifies API Development  
Automatic Request Parsing  
Built-in Support for HTTP Methods  
Error Handling and Customization  


#### Ques23. What is the role of Flask’s session object?


The session object in Flask is used to store data specific to a user across multiple requests. It allows us to keep information between different pages or visits during a user's session on our web application.
Key Points About Flask’s session:
* User-specific storage:
Data stored in session is unique to each user and lasts until the browser is closed or the session expires.
* Works like a dictionary:
We can store key-value pairs, e.g., session['username'] = 'kalpi'.
* Securely stored: Flask signs the session data cryptographically, so it can be stored client-side (in cookies) but cannot be tampered with.

# Practical Questions

#### Ques1. How do you create a basic Flask application?


In [None]:
# Step 1: Import the Flask class
from flask import Flask

# Step 2: Create a Flask application instance
app = Flask(__name__)

# Step 3: Define a route (URL) and its associated view function
@app.route('/')
def home():
    return "Hello, Flask!"

# Step 4: Run the application
if __name__ == '__main__':
    app.run(debug=True)


Ques2. How do you serve static files like images or CSS in Flask?


In Flask, static files such as CSS, JavaScript, images, etc., are served from a special folder named static/ by default.
Steps to Serve Static Files:
Create a folder named static in your Flask project directory.

Place your static files (like style.css, logo.png, etc.) inside this folder.

In your HTML templates, reference these static files using url_for('static', filename='yourfile.ext').

#### Ques3. How do you define different routes with different HTTP methods in Flask?


In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'GET':
        return '''
            <form action="/login" method="post">
                <input type="text" name="username" placeholder="Enter username"/>
                <input type="submit"/>
            </form>
        '''
    elif request.method == 'POST':
        username = request.form['username']
        return f'Hello, {username}!'

if __name__ == '__main__':
    app.run(debug=True)


#### Ques4.  How do you render HTML templates in Flask?

In [None]:
#In Flask, you can render HTML templates using the render_template() function. Flask uses Jinja2 templating engine to embed dynamic data into HTML.


 Basic Steps to Render HTML Template:
1. Create a templates/ folder in your Flask project directory.
2. Place your HTML files (e.g., home.html) inside this folder.
3. Use render_template("home.html") in your Flask route.

In [None]:
#home.html (inside templates/ folder):
<!DOCTYPE html>
<html>
<head>
    <title>Flask Home</title>
</head>
<body>
    <h1>Hello, {{ name }}!</h1>
</body>
</html>


In [None]:
#app.py>>
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('home.html', name='Alice')

if __name__ == '__main__':
    app.run(debug=True)



#### Ques5. How can you generate URLs for routes in Flask using url_for?

In [None]:
#Flask's url_for() function dynamically generates URLs based on the function name associated with a route.
#This makes your application more maintainable, especially when routes change.
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/about')
def about():
    return 'About Page'

@app.route('/')
def home():
    # This generates: '/about'
    return f"The about page is at: {url_for('about')}"


#### Ques6.  How do you handle forms in Flask?


In [None]:
#Flask allows you to handle HTML forms using the request object.
#Forms are typically submitted using POST or GET methods, and Flask provides tools to access and validate that data.

#app.py>>
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def handle_form():
    if request.method == 'POST':
        username = request.form['username']
        return f'Hello, {username}!'
    return render_template('form.html')


In [None]:
#templates/form.html
<!doctype html>
<html>
<head><title>Form</title></head>
<body>
  <form method="POST">
    <label>Username:</label>
    <input type="text" name="username">
    <input type="submit" value="Submit">
  </form>
</body>
</html>

request.form['username']  # Access value of the form input


#### Ques7. How can you validate form data in Flask?


In [None]:
#Flask-WTF>> Flask extension that integrates with WTForms and adds form rendering, validation, and CSRF protection.
pip install flask-wtf

from flask import Flask, render_template, redirect
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField
from wtforms.validators import InputRequired, Length



In [None]:
app = Flask(__name__)
app.secret_key = 'your_secret_key'

class LoginForm(FlaskForm):
    username = StringField('Username', validators=[InputRequired()])
    password = PasswordField('Password', validators=[InputRequired(), Length(min=6)])

@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():
        return f"Welcome, {form.username.data}!"
    return render_template('login.html', form=form)

In [None]:
#templates/login.html
<form method="POST">
    {{ form.hidden_tag() }}
    {{ form.username.label }} {{ form.username }} <br>
    {{ form.password.label }} {{ form.password }} <br>
    <input type="submit" value="Login">
</form>


#### Ques8. How do you manage sessions in Flask?


In [None]:
#Flask provides a simple, secure way to manage user sessions using the session object.
#A session stores information (like user login status) across multiple requests for the same user.

from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = 'secret123'

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        session['username'] = request.form['username']
        return redirect(url_for('profile'))
    return '''<form method="post"><input name="username"><input type="submit"></form>'''

@app.route('/profile')
def profile():
    if 'username' in session:
        return f"Welcome {session['username']}!"
    return redirect(url_for('login'))

@app.route('/logout')
def logout():
    session.pop('username', None)
    return redirect(url_for('login'))


Flask sessions are client-side cookies, but they are signed for integrity using the secret_key.

For more secure storage, you can use server-side session extensions like Flask-Session.

#### Ques9. How do you redirect to a different route in Flask?

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return 'Home Page'

@app.route('/login')
def login():
    return 'Login Page'

@app.route('/go-to-login')
def go_to_login():
    return redirect(url_for('login'))


we can also redirect wirh parameters::

In [None]:
from flask import Flask, redirect, url_for

@app.route('/welcome/<username>')
def welcome(username):
    return f"Welcome {username}"

@app.route('/redirect-user')
def redirect_user():
    return redirect(url_for('welcome', username='Alice'))


#### Ques10. How do you handle errors in Flask (e.g., 404)?

In [None]:
#Flask provides a simple way to handle errors gracefully using the @app.errorhandler() decorator.

from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

@app.errorhandler(500)
def internal_error(e):
    return render_template('500.html'), 500

@app.errorhandler(Exception)
def handle_exception(e):
    return "An unexpected error occurred: " + str(e), 500


#### Ques11. How do you structure a Flask app using Blueprints?


In [None]:
#Blueprints in Flask allow you to organize your application into reusable, modular components.
#This helps manage larger applications by splitting the app into smaller parts (like modules).

#Create a blueprint (auth/__init__.py):

from flask import Blueprint
auth = Blueprint('auth', __name__)
from . import routes  # Import routes after blueprint creation


In [None]:
#Define routes inside the blueprint (auth/routes.py):

from . import auth

@auth.route('/login')
def login():
    return "Login Page"

@auth.route('/logout')
def logout():
    return "Logout Page"

In [None]:
# last step m register blueprint in main app>

from flask import Flask
from auth import auth  # import the blueprint

app = Flask(__name__)

app.register_blueprint(auth, url_prefix='/auth')  # register blueprint with prefix

if __name__ == '__main__':
    app.run(debug=True)



#### Ques12. How do you define a custom Jinja filter in Flask?


In [None]:
#Jinja filters let you modify or format variables inside templates.
# Flask uses Jinja2 as its template engine, and you can create your own custom filters to use in templates.

from flask import Flask, render_template_string

app = Flask(__name__)

def reverse_string(s):
    return s[::-1]

app.jinja_env.filters['reverse'] = reverse_string

@app.route('/')
def index():
    return render_template_string('{{ "Flask" | reverse }}')

if __name__ == '__main__':
    app.run(debug=True)


#### Ques13. How can you redirect with query parameters in Flask?


In [None]:
#To redirect with query parameters in Flask, you can use the redirect() function combined with url_for() where you pass the query parameters as keyword arguments.
#Flask will automatically add these as URL query strings.

In [None]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/search')
def search():
    query = request.args.get('q')
    return f'Search results for: {query}'

@app.route('/go-to-search')
def go_to_search():
    # Redirect to /search?q=flask
    return redirect(url_for('search', q='flask'))

if __name__ == '__main__':
    app.run(debug=True)


#### Ques14. How do you return JSON responses in Flask?


In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {
        "name": "John",
        "age": 30,
        "city": "New York"
    }
    return jsonify(data)

if __name__ == '__main__':
    app.run(debug=True)


#### Ques15. How do you capture URL parameters in Flask?

In [None]:
from flask import Flask

app = Flask(__name__)

# Route with a dynamic URL parameter 'username'
@app.route('/user/<username>')
def show_user_profile(username):
    return f"User: {username}"

if __name__ == '__main__':
    app.run(debug=True)


<username> in the route means Flask will capture whatever string is in that position of the URL.

This value is passed as the username argument to the show_user_profile function.

Example: If you visit /user/kalpi, the response will be User: kalpi.

