# Restful API & Flask

1. What is RESTFUL API?

- REST (Representational State Transfer) is an architectural style for designing networked applications.
- A RESTful API adheres to the principles of REST, allowing systems to interact over a network.
- Key principles include:
    - Statelessness: The server does not store client context between requests.
    - Client-Server architecture: Separation of concerns.
    - Cacheable: Responses can be cached.
    - Layered System: Intermediaries (proxies, gateways) can be used.
    - Uniform Interface: Standardized methods (GET, POST, PUT, DELETE) and resource identification.
    - Code-On-Demand (Optional): Server can provide executable code to the client.

2. Explain the concept of API specification.

- An API specification is a detailed document that describes the functionality, endpoints, requests, and responses of a web API. It serves as a contract between the API provider and the API consumer, outlining how developers can interact with the API. Think of it as the blueprint or manual for the API.

- Key elements typically found in an API specification include:

 *   **Endpoints:** The URLs or locations where specific resources or operations can be accessed.
 *   **HTTP Methods:** The operations that can be performed on the endpoints (GET, POST, PUT, DELETE, PATCH, etc.).
 *   **Request Parameters:** The data that needs to be sent with a request (in the URL, headers, or body). This includes types of parameters, whether they are required or optional, and their data formats.
 *   **Request Body:** The structure and format of data sent in the body of requests (especially for POST, PUT, and PATCH).
 *   **Response Status Codes:** The standard HTTP status codes indicating the outcome of a request (e.g., 200 OK, 404 Not Found, 500 Internal Server Error).
 *   **Response Body:** The structure and format of data returned by the API in a successful or unsuccessful response. This includes the data types of fields.
 *   **Authentication and Authorization:** How users are identified and what permissions they have.
 *   **Error Handling:** How the API indicates and provides details about errors.
 *   **Data Models:** The structure and types of the data that is exchanged.

- API specifications are crucial for:

 *   **Documentation:** Providing clear instructions for developers using the API.
 *   **Consistency:** Ensuring that the API behaves predictably.
 *   **Communication:** Facilitating understanding between development teams working on the API and teams consuming it.
 *   **Testing:** Providing a basis for creating test cases.
 *   **Tooling:** Enabling automated generation of client libraries, server stubs, and documentation using tools like Swagger (OpenAPI) or RAML.

- Popular formats for writing API specifications include:

 *   **OpenAPI (formerly Swagger):** A widely used, language-agnostic format for describing RESTful APIs.
 *   **RAML (RESTful API Modeling Language):** Another format for describing RESTful APIs.
 *   **API Blueprint:** A Markdown-based format for describing APIs.

- In essence, an API specification is the formal description that allows developers to understand and interact with an API without needing to see the underlying implementation details.

3. What is Flask, and why is it popular for building APIs?

- Flask is a lightweight Python web framework. It is often referred to as a "microframework" because it does not include an ORM (Object-Relational Mapper) or other features that are built into larger frameworks like Django.
- It is popular for building APIs for several reasons:
   - **Simplicity and Minimalism:** Flask provides the essentials for web development without being overly opinionated. This makes it easy to learn and quick to set up, especially for smaller APIs or microservices.
   - **Flexibility:** Developers have a lot of freedom in choosing their libraries and tools (e.g., database, template engine). This allows for tailoring the framework to specific project needs.
   - **Ease of Integration:** Flask integrates well with other libraries and tools, making it straightforward to add features like authentication, database interactions, or validation.
   - **Large Community and Resources:** There is a large and active community, providing extensive documentation, tutorials, and extensions (Flask-Extensions) that simplify common tasks.
   - **Suitable for Microservices:** Its lightweight nature makes it ideal for building small, independent API services, which aligns well with the microservices architectural pattern.
   - **Pythonic:** Flask is designed to be Pythonic, meaning it follows Python's conventions and principles, making the code often feel natural and readable to Python developers.
   - **Excellent Documentation:** Flask has comprehensive and well-organized documentation, which helps developers quickly understand how to use the framework.

- In summary, Flask's popularity for building APIs stems from its simplicity, flexibility, ease of use, and strong community support, making it an excellent choice for a wide range of API development projects, from small internal tools to larger microservice architectures.

4. What is routing in Flask?

- Routing in Flask refers to the mechanism that maps incoming HTTP requests to specific Python functions (called "view functions") that should handle those requests. Essentially, it's the process of defining which URL pattern should trigger which piece of code in your Flask application.

- Here's a breakdown of key aspects of routing in Flask:

 *   **Decorators:** Flask uses the `@app.route()` decorator to define routes. You place this decorator above a function definition.
 *   **URL Patterns:** The argument to the `@app.route()` decorator is a string representing the URL pattern. This pattern can be a fixed path (e.g., `/`), or it can include variable parts.
 *   **View Functions:** The function immediately following the `@app.route()` decorator is the view function. This function contains the logic to process the request and return a response (usually an HTML string, JSON data, or a redirect).
 *   **HTTP Methods:** By default, `@app.route()` handles GET requests. You can specify which HTTP methods a route should respond to using the `methods` parameter in the decorator (e.g., `methods=['GET', 'POST']`).
 *   **Variable Rules:** URL patterns can include variable parts using angle brackets (`<>`). These variable parts are passed as keyword arguments to the view function. You can also specify converters to define the type of the variable (e.g., `<int:user_id>`).

- In essence, routing is the core mechanism that directs incoming requests to the correct part of your application's code based on the requested URL and HTTP method. It's how you define the different endpoints of your web application or API.

5. How do you create a simple Flask application?

- To create a simple Flask application, you typically follow these steps:

 1.  **Import Flask:** You need to import the `Flask` class from the `flask` library.
 2.  **Create a Flask instance:** Initialize a Flask application object, usually named `app`.
 3.  **Define Routes:** Use the `@app.route()` decorator to associate a URL path with a Python function (a view function).
 4.  **Write View Functions:** Define functions that will handle requests for the specified routes. These functions should return the content to be displayed or sent as the response.
 5.  **Run the application:** Use `app.run()` to start the development server.

6. What are HTTP methods used in RESTful APIs?

- The HTTP methods used in RESTful APIs are GET, POST, PUT, DELETE, and PATCH.

7. What is the purpose of the @app.route() decorator in Flask?

- The `@app.route()` decorator in Flask is used to map a specific URL path to a Python function. When a user navigates to that URL in their web browser or makes an HTTP request to it, the decorated function (the view function) is executed, and its return value is sent back as the response. It's the fundamental mechanism in Flask for defining the different endpoints of your web application or API.

8. What is the difference between GET and POST HTTP methods?

-   **GET:**
    -   Used to **request data** from a specified resource.
    -   Requests can be **cached**.
    -   Requests remain in **browser history**.
    -   Requests can be **bookmarked**.
    -   GET requests have **length limitations** as parameters are sent in the URL query string.
    -   Should **never be used** for sensitive data like passwords, as it is visible in the URL.
    -   Used only to **retrieve data**.
    -   Data is sent as **query parameters** in the URL.

-   **POST:**
    -   Used to **send data** to a server to **create or update** a resource.
    -   Requests are **never cached**.
    -   Requests do **not remain** in browser history.
    -   Requests **cannot be bookmarked**.
    -   POST requests have **no restrictions** on data length.
    -   Used for **sensitive data** as it is not visible in the URL.
    -   Used to **send data** to the server.
    -   Data is sent in the **request body**.

9. How do you handle errors in
Flask APIs?

- In Flask APIs, errors can be handled using error handlers. You can define functions that will be executed when a specific HTTP status code or exception occurs using the `@app.errorhandler()` decorator. This allows you to customize the response sent back to the client in case of an error, such as returning a JSON object with error details for an API, instead of the default HTML error page. You can register handlers for specific HTTP error codes (like 404 for Not Found, 500 for Internal Server Error) or for custom exceptions you define.

10. How do you connect Flask to SQL database?

- Connecting Flask to an SQL database typically involves using an Object-Relational Mapper (ORM) or a database connector library.

 1.  **Choose a Database Library/ORM:**
    *   **SQLAlchemy:** A very popular and powerful ORM that works with various SQL databases (SQLite, PostgreSQL, MySQL, etc.). It provides a higher-level abstraction for interacting with the database, allowing you to work with Python objects instead of raw SQL queries. It's commonly used with the Flask-SQLAlchemy extension for easier integration.
    *   **Psycopg2, mysql.connector, sqlite3 (built-in):** These are lower-level database driver libraries specific to each database. You would use these to write raw SQL queries within your Flask application.

 2.  **Install the Necessary Library:**
    *   If using Flask-SQLAlchemy: `pip install Flask-SQLAlchemy`
    *   If using a direct driver (e.g., Psycopg2 for PostgreSQL): `pip install psycopg2-binary`

 3.  **Configure the Database Connection:**
    *   Set the database URI in your Flask application's configuration. This URI specifies the database type, location, and credentials (e.g., `sqlite:///site.db`, `postgresql://user:password@host/dbname`).

 4.  **Integrate with Flask:**
    *   If using Flask-SQLAlchemy, create an `SQLAlchemy` instance and initialize it with your Flask app. Define your database models as Python classes that inherit from `db.Model`.
    *   If using a direct driver, you would typically open a database connection at the beginning of a request (e.g., using `g` from Flask) and close it at the end, or manage connections using a connection pool.

 5.  **Perform Database Operations:**
    *   With an ORM like SQLAlchemy, you use Python objects to create, read, update, and delete records.
    *   With a direct driver, you execute SQL queries using cursor objects.

 6.  **Manage Sessions/Connections:** Ensure connections are opened and closed properly, especially in a web environment where multiple requests are handled concurrently. ORMs often handle session management.

- Using an ORM like SQLAlchemy is generally recommended as it simplifies database interactions, improves code readability, and makes your application more portable across different SQL databases.

11. What is the role of Flask-SQLAlchemy?

- Flask-SQLAlchemy integrates SQLAlchemy with Flask, simplifying database interactions. It provides helpful defaults and helpers to manage database sessions, models, and queries within Flask applications.

12. What are Flask blueprints, and how are they useful?

- Flask blueprints are a way to organize Flask applications into smaller, reusable components. They allow you to group related views, templates, static files, and other parts of your application into modules.

- Their usefulness lies in:
 *   **Organization:** Breaking down large applications into manageable parts.
 *   **Reusability:** Blueprints can be registered with different Flask applications.
 *   **Modularity:** Encapsulating specific features or areas of your application.
 *   **Maintainability:** Easier to manage and update specific parts of the application.

13. What is the purpose of Flask's request object?

- The `request` object in Flask is a global object that provides access to incoming request data. It's a key component for handling client requests in your web application or API.

- Specifically, the `request` object allows you to access:

 *   **Request Method:** `request.method` (e.g., 'GET', 'POST', 'PUT', 'DELETE')
 *   **URL and Endpoints:** `request.url`, `request.path`, `request.endpoint`
 *   **Query Parameters:** `request.args` (a dictionary-like object containing parameters from the URL query string)
 *    **Form Data:** `request.form` (a dictionary-like object containing data submitted via an HTML form, typically for POST requests)
 *   **JSON Data:** `request.json` or `request.get_json()` (parses JSON data from the request body)
 *   **Files:** `request.files` (a dictionary-like object for handling uploaded files)
 *   **Headers:** `request.headers` (a dictionary-like object containing request headers)
 *   **Cookies:** `request.cookies` (a dictionary-like object containing cookies sent by the client)

- In essence, the `request` object is how your Flask view functions get information about the incoming client request, allowing you to extract data sent by the client and determine how to process the request.

14. How do you create a RESTful API endpoints using Flask?

- Creating RESTful API endpoints using Flask involves defining different URL paths (endpoints) that correspond to resources or actions, and associating them with Python functions that handle different HTTP methods (like GET, POST, PUT, DELETE) on those paths.

- Here's a breakdown of the process:

 1.  **Import Flask:** You start by importing the necessary `Flask` class and potentially `request` (to access incoming data) and `jsonify` (to return JSON responses).
 2.  **Create a Flask Application Instance:** Initialize your Flask app like you would for any Flask application.
 3.  **Define Endpoints using `@app.route()`:** Use the `@app.route()` decorator above your Python functions. The string passed to the decorator is the URL path for that endpoint.
 4.  **Specify HTTP Methods:** For RESTful APIs, you need to specify which HTTP methods are allowed for each endpoint using the `methods` parameter in the `@app.route()` decorator.
    *   `GET`: Typically used to retrieve data from the server.
    *   `POST`: Typically used to send new data to the server to create a resource.
    *   `PUT`: Typically used to send data to the server to update an existing resource.
    *   `DELETE`: Typically used to remove a resource from the server.
 5.  **Write View Functions:** Create Python functions that are decorated with `@app.route()`. These functions contain the logic to handle the incoming request, interact with data (e.g., from a database), and generate a response.
 6.  **Access Request Data:** Use the `request` object to access data sent by the client, such as query parameters (`request.args`), form data (`request.form`), or JSON data (`request.json` or `request.get_json()`).
 7.  **Return Responses:** Return the data that the client requested. For APIs, this is commonly JSON data. You can use Flask's `jsonify()` function to easily convert Python dictionaries or lists into a JSON response with the correct content type. You can also specify an HTTP status code with the response (e.g., `return jsonify(data), 200`).
 8.  **Handle Variable URLs:** For endpoints dealing with specific resources (like retrieving a user by ID), use variable rules in the `@app.route()` path (e.g., `/users/<int:user_id>`). These variables are passed as arguments to your view function.
 9.  **Run the App:** Start the Flask development server using `app.run()`.

- By combining `@app.route()` with specified HTTP methods and using `request` to get data and `jsonify()` to return data, you can define and implement the various endpoints needed for your RESTful API in Flask.

15. What is the purpose of Flask's jsonify() function?

- Flask's `jsonify()` function is a helper function provided by the Flask framework that simplifies the process of returning JSON responses from your Flask view functions.

- When you are building an API, you often need to send structured data back to the client in JSON format. While you could manually format a Python dictionary or list into a JSON string and set the correct `Content-Type` header, `jsonify()` automates this.

- Specifically, `jsonify()`:

 1.  Takes Python objects (like dictionaries and lists) as input.
 2.  Serializes (converts) these Python objects into a JSON formatted string.
 3.  Creates a `Response` object with the JSON string as the body.
 4.  Sets the `Content-Type` header of the response to `application/json`.

- This ensures that the client receiving the response understands that the content is JSON data, making it easy for them to parse and use the data. It's a standard and convenient way to create JSON responses in Flask, which is essential for building RESTful APIs.

16. Explain Flask's url_for() function.

- In Flask, the `url_for()` function is a powerful tool used for **URL building**. Instead of hardcoding URLs directly in your templates or redirection logic, you use `url_for()` to dynamically generate URLs based on the endpoint name of a view function.

- Here's why it's important and how it works:

 1.  **Decoupling:** It decouples your URL paths from your Python code. If you change the URL pattern for a route (defined by `@app.route()`), you only need to update the `@app.route()` decorator. `url_for()` will automatically generate the correct new URL everywhere you used it, without you having to manually find and replace all instances of the old URL string.
 2.  **Handles Variable URLs:** If your route has variable parts (e.g., `/users/<int:user_id>`), `url_for()` allows you to pass the values for these variables as keyword arguments. It will then correctly insert these values into the generated URL.
 3.  **Adds Static Files:** It can also generate URLs for static files like CSS, JavaScript, and images, handled by Flask's static file serving mechanism.
 4.  **Absolute URLs:** You can generate absolute URLs (including the domain name and scheme) by passing `_external=True`.
 5.  **Consistency:** It helps maintain consistency in URL generation throughout your application.

- In short, `url_for()` is the recommended way to generate URLs in Flask because it makes your application more maintainable, robust, and easier to refactor by relying on endpoint names rather than hardcoded strings.

17. How does Flask handle static files (CSS, JavaScript, etc.)?

- Flask handles static files like CSS, JavaScript, images, and other assets by serving them from a designated directory within your project. By default, Flask looks for a folder named `static` in the same directory as your main application script.

- When you want to link to a static file in your templates (e.g., in an HTML file), you use the `url_for()` function with the endpoint name `'static'` and the filename as an argument. For example, to link to a CSS file named `style.css` located in the `static` folder, you would use `url_for('static', filename='style.css')`.

- Flask's built-in development server automatically serves files from this `static` folder when `url_for('static', ...)` is used to generate their URLs. For production deployments, web servers like Nginx or Apache are typically configured to serve these static files directly for better performance, bypassing the Flask application.

18. What is an API specification, and how does it help in building a Flask API?

- An API specification is a detailed document that acts as a blueprint or contract for a web API. It outlines all the necessary information for developers to understand and interact with the API, including:

 *   **Endpoints:** The specific URLs for accessing resources.
 *   **HTTP Methods:** The operations allowed on those endpoints (like GET, POST, PUT, DELETE).
 *   **Request and Response Structures:** The format and data types expected for input and output, including parameters, request bodies, and response bodies.
 *   **Authentication and Authorization:** How users are identified and what permissions they have.
 *   **Error Handling:** How the API indicates and provides details about errors.

- For building a Flask API, an API specification is invaluable because:

 1.  **Guidance:** It provides a clear roadmap for the development team building the API, ensuring consistency and adherence to agreed-upon designs.
 2.  **Communication:** It serves as a precise document for frontend developers or other teams consuming the API, allowing them to understand how to use it without needing to guess or inspect the backend code.
 3.  **Consistency:** It helps maintain a uniform interface and behavior across all endpoints of the API.
 4.  **Testing:** It provides a basis for writing automated tests, ensuring that the API functions as specified.
 5.  **Tooling:** Specifications in formats like OpenAPI (Swagger) or RAML can be used by tools to automatically generate documentation, client libraries, and even server stubs, significantly speeding up development and improving maintainability.

- In essence, an API specification ensures that the Flask API is built to a clear standard, making it easier to develop, document, and consume.

19. What are HTTP status codes, and why are they important in a Flask API?

- HTTP status codes are three-digit numbers returned by a server in response to a client's request. They indicate the outcome of the request, whether it was successful, failed, or requires further action.

They are crucial in a Flask API because:

 1.  **Communication:** They provide a standard way for the API to communicate the result of an operation to the client. A `200 OK` tells the client everything worked as expected, a `404 Not Found` indicates the requested resource wasn't found, and a `500 Internal Server Error` signals an issue on the server side.
 2.  **Client Handling:** Clients (like web browsers, mobile apps, or other services) use status codes to understand how to proceed. For example, a client might display an error message to the user based on a `4xx` status code or process the returned data based on a `2xx` status code.
 3.  **API Design and Debugging:** Proper use of status codes is a fundamental principle of RESTful API design. It makes the API predictable and easier for developers to understand and debug. Returning the correct status code for different scenarios (success, validation error, resource not found, server error, etc.) is essential for a well-behaved API.
 4.  **Standardization:** Using standard HTTP status codes ensures that your API is understandable to anyone familiar with the HTTP protocol, regardless of the specific implementation details.

20. How do you handle POST requests in Flask?

- We handle POST requests in Flask by specifying `methods=['POST']` in the `@app.route()` decorator for the view function that should process those requests. Inside that view function, you access the data sent in the request body using the `request` object. For example, if the data is sent as form data, you access it via `request.form`. If the data is JSON, you use `request.json` or `request.get_json()`. You then process this data (e.g., save it to a database) and return an appropriate response, often a JSON object indicating success or failure, along with a suitable HTTP status code (like `201 Created` for successful creation or `400 Bad Request` for validation errors).

21. How do you secure a Flask API?

- Securing a Flask API involves implementing several measures to protect against common web vulnerabilities and control access to your resources. Here are some key ways to secure a Flask API:

 1.  **Use HTTPS:** Always serve your API over HTTPS (HTTP Secure). This encrypts communication between the client and the server, preventing eavesdropping and man-in-the-middle attacks. You can achieve this in production using web servers like Nginx or Apache, or services like Cloudflare.

 2.  **Implement Authentication:** Verify the identity of the client making the request. Common methods for APIs include:
    *   **Token-Based Authentication (like JWT - JSON Web Tokens):** The client sends credentials (username/password) to an authentication endpoint, which returns a token. The client then includes this token in subsequent requests (usually in the `Authorization` header). The server validates the token for each request. Libraries like `Flask-JWT-Extended` simplify this.
    *   **API Keys:** Provide clients with unique keys they must include in requests. While simpler, API keys are less secure than tokens as they often don't expire and grant broad access. Use them cautiously and ideally in conjunction with other security measures.
    *   **OAuth 2.0:** For scenarios involving user authorization (e.g., allowing a third-party app to access a user's data), use OAuth 2.0. Flask extensions like `Flask-OAuthlib` or `Authlib` can help.

 3.  **Implement Authorization:** Once a client is authenticated, determine what resources and actions they are allowed to access. This involves checking their permissions or roles. You can implement this logic within your view functions or use authorization libraries.

 4.  **Input Validation and Sanitization:** Never trust input from the client.
    *   **Validation:** Check if the incoming data (from query parameters, form data, or JSON body) conforms to expected types, formats, and constraints. Use libraries like `Marshmallow` or `Pydantic` for robust data validation.
    *   **Sanitization:** Clean or escape user input before using it, especially when interacting with databases to prevent SQL injection or when returning data that will be displayed in a browser to prevent XSS (Cross-Site Scripting).

 5.  **Rate Limiting:** Protect your API from brute-force attacks and Denial-of-Service (DoS) attacks by limiting the number of requests a single client can make within a specific time frame. The `Flask-Limiter` extension can help implement this.

 6.  **Protect Against Common Web Vulnerabilities:**
    *   **SQL Injection:** Use parameterized queries or ORMs (like SQLAlchemy with Flask-SQLAlchemy) which handle escaping automatically. Never build SQL queries by concatenating user input strings.
    *   **Cross-Site Scripting (XSS):** When returning data that might contain user-provided input and will be rendered in a browser (less common for pure APIs, but relevant if the API serves some HTML), ensure proper escaping. Flask's templating engine (Jinja2) auto-escapes by default.
    *   **CSRF (Cross-Site Request Forgery):** Protect endpoints that perform state-changing actions (like POST, PUT, DELETE) from CSRF attacks. For APIs consumed by web browsers, this is crucial. Flask-WTF provides CSRF protection. For pure APIs consumed by other applications, this might be less of a concern depending on the client implementation.
    *   **JSON Web Token (JWT) Security:** If using JWTs, ensure you use strong secrets, set appropriate expiration times, validate token signatures on the server, and consider token revocation mechanisms.

 7.  **Error Handling:** Implement proper error handling that doesn't leak sensitive information in error responses. Return meaningful HTTP status codes (e.g., 400 for bad request, 401 for unauthorized, 403 for forbidden, 404 for not found, 500 for internal server error) and provide consistent error response formats (e.g., JSON with an error message).

 8.  **Logging and Monitoring:** Implement logging to track API usage, errors, and potential security incidents. Monitor your API for unusual activity.

 9.  **Secure Configuration:** Keep sensitive configuration data (database credentials, API keys, secrets) out of your code and manage them securely using environment variables or configuration management tools.

 10. **Dependencies:** Regularly update your Flask framework and any extensions or libraries you use to patch security vulnerabilities.

 11. **CORS (Cross-Origin Resource Sharing):** Carefully configure CORS headers if your API will be accessed from different domains, controlling which origins are allowed to make requests. The `Flask-CORS` extension simplifies this.

- By implementing a combination of these security measures, you can significantly enhance the security of your Flask API. The specific security measures required will depend on the nature of your API, the sensitivity of the data it handles, and the type of clients that will consume it.

22. What is the significance of Flask-RESTful extension?

- The Flask-RESTful extension is significant because it provides a set of abstractions and conventions that make it easier and faster to build RESTful APIs with Flask. While Flask itself is flexible and allows you to create API endpoints, Flask-RESTful adds features specifically tailored for API development, such as:

 *   **Resource Abstraction:** It introduces the `Resource` class, which is a more structured way to handle requests for specific resources. You can define methods within a `Resource` class that correspond to HTTP methods (GET, POST, PUT, DELETE) for a given endpoint, keeping your code organized.
 *   **Request Parsing:** It offers tools to parse and validate incoming request data (like form data or JSON) more easily than using the raw `request` object.
 *   **Route Registration Simplification:** It simplifies the process of adding multiple routes and resources to your application.
 *   **Error Handling:** It provides helpful error handling for common API scenarios.

- In essence, Flask-RESTful streamlines the development of RESTful APIs in Flask by providing common patterns and tools, allowing developers to focus more on the API's business logic and less on boilerplate setup.

23. What is the role of Flask's session object?

- The Flask `session` object is a feature that allows your Flask application to remember information about a specific user from one request to the next. Since HTTP is stateless (meaning each request is independent and the server doesn't inherently know about previous requests from the same user), the `session` object provides a way to maintain state for individual clients.

- It works by storing data on the server (though the actual data can also be stored client-side in signed cookies for smaller amounts of information) and associating it with a unique session ID. This session ID is typically sent back to the client in a cookie. On subsequent requests, the client sends the cookie back to the server, allowing Flask to retrieve the associated session data.

- Key points about the Flask session:

 *   **State Management:** It's used to keep track of user-specific data, such as whether a user is logged in, shopping cart contents, user preferences, or flash messages (small messages displayed to the user after a redirect).
 *   **Security:** Session data is signed (and optionally encrypted if stored client-side) to prevent tampering. A secret key (`SECRET_KEY`) must be configured in your Flask app for this security.
 *   **Accessibility:** The `session` object behaves like a dictionary, allowing you to store and retrieve key-value pairs.
 *   **Persistence:** Data stored in the session typically persists until the user closes their browser (session cookie) or for a configured duration.

- In summary, the Flask `session` object is essential for building web applications and APIs where you need to maintain user-specific state across multiple requests, enabling features like user authentication, shopping carts, and personalized experiences.

# Practical

1. How do you create a basic Flask application?

In [2]:
from flask import Flask

# Create a Flask application instance
app = Flask(__name__)

# Define a route for the homepage ('/')
@app.route('/')
def hello_world():
  # Return a simple string as the response
  return 'Hello, World!'

# To run this in a Colab notebook, you might need to use ngrok or flask-ngrok
# to expose the Flask server, as Flask's default server isn't directly accessible
# from outside the Colab environment.

# Install flask-ngrok if you don't have it
!pip install flask-ngrok

from flask_ngrok import run_with_ngrok

# Wrap your Flask app with run_with_ngrok
run_with_ngrok(app)

# Run the Flask application
# The `run_with_ngrok` function starts the Flask server and ngrok tunnel.
# When you run this cell, a public URL will be printed, which you can use
# to access your Flask application.
if __name__ == '__main__':
    app.run()

2. How do you serve static files like images or CSS in Flask?

In [1]:
# Create a dummy CSS file in the static folder for demonstration
!mkdir static
!echo "body { background-color: lightblue; }" > static/style.css

from flask import Flask, render_template
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

# Define a route that uses a template and includes a static file
@app.route('/static_example')
def static_example():
  # You would typically have an HTML file in a 'templates' folder
  # Create a dummy templates folder and HTML file for demonstration
  !mkdir templates
  !echo "<html><head><title>Static File Example</title><link rel='stylesheet' href='{{ url_for('static', filename='style.css') }}'></head><body><h1>Static File Test</h1></body></html>" > templates/static_example.html

  return render_template('static_example.html')

if __name__ == '__main__':
    app.run()

3. How do you define different routes with different HTTP methods in Flask?

In [None]:
# Create a new Flask application instance for this example
app_methods = Flask(__name__)
run_with_ngrok(app_methods) # Use run_with_ngrok for Colab

# Define a route that accepts only GET requests
@app_methods.route('/method_example', methods=['GET'])
def get_method_only():
    return "This route only accepts GET requests."

# Define a route that accepts only POST requests
@app_methods.route('/method_example', methods=['POST'])
def post_method_only():
    return "This route only accepts POST requests."

# Define a route that accepts both GET and POST requests
@app_methods.route('/another_method_example', methods=['GET', 'POST'])
def get_and_post_methods():
    if request.method == 'POST':
        return "This is a POST request."
    else:
        return "This is a GET request or other method."

# To run this specific example, you would run this cell
# Note: In a real application, you would typically have one `app` instance
# and run it once at the end. Running multiple `app.run()` in Colab
# requires stopping the previous one or using different ports/techniques.
# For demonstration, we'll include the run block here, but be aware
# this will block the notebook until you stop it.
if __name__ == '__main__':
    print("Running the method example app...")
    app_methods.run()

4. How do you render HTML templates in Flask?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok

from flask import Flask, render_template
from flask_ngrok import run_with_ngrok

# Create a Flask application instance
app_templates = Flask(__name__)
run_with_ngrok(app_templates) # Use run_with_ngrok for Colab

# Create a dummy 'templates' folder and an HTML file inside it
!mkdir -p templates
!echo "<html><head><title>{{ title }}</title></head><body><h1>Hello, {{ name }}!</h1><p>This is a template example.</p></body></html>" > templates/index.html

# Define a route that renders an HTML template
@app_templates.route('/template_example')
def template_example():
  # Define data to pass to the template
  template_data = {
      'title': 'Template Example',
      'name': 'World'
  }
  # Render the 'index.html' template, passing the data
  return render_template('index.html', **template_data)

# To run this specific example, you would run this cell
# Note: In a real application, you would typically have one `app` instance
# and run it once at the end. Running multiple `app.run()` in Colab
# requires stopping the previous one or using different ports/techniques.
# For demonstration, we'll include the run block here, but be aware
# this will block the notebook until you stop it.
if __name__ == '__main__':
    print("Running the template example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
      app_templates.run()
    except RuntimeError as e:
      print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")


5. How can you generate URLs for routes in Flask using url_for?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok

from flask import url_for, redirect, request

# Create a Flask application instance
app_url_for = Flask(__name__)
run_with_ngrok(app_url_for) # Use run_with_ngrok for Colab

# Define a simple route named 'home'
@app_url_for.route('/')
def home():
    # Use url_for to generate the URL for the 'hello_user' route
    # and redirect to it with a username
    user_url = url_for('hello_user', username='Alice')
    return f'Click <a href="{user_url}">here</a> to go to the user page for Alice.'
    # Or you could redirect directly:
    # return redirect(url_for('hello_user', username='Alice'))

# Define a route with a variable rule named 'hello_user'
@app_url_for.route('/user/<username>')
def hello_user(username):
    return f'Hello, {username}!'

# Define another route named 'about'
@app_url_for.route('/about')
def about():
    return 'About page.'

# Example of generating a URL for the 'about' page
# (This is just for demonstration, you would typically use this in a template or redirect)
about_page_url = url_for('about')
print(f"URL for the about page: {about_page_url}")


# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the url_for example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
      app_url_for.run()
    except RuntimeError as e:
      print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")

6. How do you handle forms in Flask?

In [None]:
# Ensure Flask, Flask-ngrok, and Flask-WTF are installed
!pip install Flask Flask-ngrok Flask-WTF


from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired

# Create a Flask application instance
app_forms = Flask(__name__)
# A secret key is required for Flask sessions and Flask-WTF
app_forms.config['SECRET_KEY'] = 'your_secret_key_here'
run_with_ngrok(app_forms) # Use run_with_ngrok for Colab

# Define a simple form using Flask-WTF
class MyForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired()])
    submit = SubmitField('Submit')

# Create a dummy 'templates' folder and an HTML file for the form
!mkdir -p templates
!echo "<html><body><h1>Simple Form</h1><form method='POST'>{{ form.csrf_token }}{{ form.name.label }}{{ form.name() }}{{ form.submit() }}</form></body></html>" > templates/form_example.html
!echo "<html><body><h1>Form Submitted!</h1><p>Hello, {{ name }}!</p></body></html>" > templates/form_success.html


# Define a route to handle the form
@app_forms.route('/form_example', methods=['GET', 'POST'])
def form_example():
    form = MyForm()
    if form.validate_on_submit():
        # If the form is submitted and valid (POST request)
        name = form.name.data
        # Process the data (e.g., save to a database)
        print(f"Form submitted with name: {name}")
        # Redirect to a success page or render a success template
        return render_template('form_success.html', name=name)
    # If it's a GET request or the form is not valid on submission
    return render_template('form_example.html', form=form)

# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the forms example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
      app_forms.run()
    except RuntimeError as e:
      print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")


7. How can you validate form data in FLask?

In [None]:
# Manual Validation Example (without Flask-WTF):

from flask import Flask, request, render_template, jsonify
from flask_ngrok import run_with_ngrok

app_manual_validation = Flask(__name__)
run_with_ngrok(app_manual_validation) # Use run_with_ngrok for Colab

# Create a dummy HTML file for manual form validation
!mkdir -p templates
!echo "<html><body><h1>Manual Validation Form</h1><form method='POST'><label for='email'>Email:</label><input type='text' id='email' name='email'><br><br><input type='submit' value='Submit'></form></body></html>" > templates/manual_form_example.html

# Define a route to handle the form with manual validation
@app_manual_validation.route('/manual_validation', methods=['GET', 'POST'])
def manual_validation_example():
    if request.method == 'POST':
        email = request.form.get('email') # Get the email from form data

        # Perform manual validation checks
        errors = []
        if not email:
            errors.append("Email is required.")
        elif '@' not in email:
            errors.append("Invalid email format.")
        # Add more validation rules as needed

        if errors:
            # If there are validation errors, return an error response
            # For an API, you might return JSON with errors
            # For a web form, you might re-render the form with error messages
            return f"Validation errors: {', '.join(errors)}", 400 # Return bad request status

        else:
            # If validation passes
            print(f"Manual validation succeeded for email: {email}")
            return f"Email '{email}' received successfully!"

    # If it's a GET request, render the form
    return render_template('manual_form_example.html')


8. How do you manage sessions in Flask?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok


# Create a Flask application instance
app_sessions = Flask(__name__)
# A secret key is absolutely required for using sessions.
# It's used to sign the session cookies to prevent tampering.
# In a real application, use a strong, randomly generated key
# and keep it secret (e.g., using environment variables).
app_sessions.config['SECRET_KEY'] = 'my_super_secret_key_for_sessions'

run_with_ngrok(app_sessions) # Use run_with_ngrok for Colab

# Define a route to set a value in the session
@app_sessions.route('/set_session/<value>')
def set_session_value(value):
    # Store the 'value' in the session under the key 'my_data'
    session['my_data'] = value
    return f'Session data "my_data" set to: {value}'

# Define a route to get a value from the session
@app_sessions.route('/get_session')
def get_session_value():
    # Retrieve the value from the session using the key 'my_data'
    # Use .get() to avoid errors if the key doesn't exist
    my_data = session.get('my_data', 'No data found in session')
    return f'Value from session "my_data": {my_data}'

# Define a route to clear the session
@app_sessions.route('/clear_session')
def clear_session():
    # Clear all data from the session
    session.clear()
    return 'Session cleared!'

# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the sessions example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
      # Note: When you run this, ngrok will provide a URL.
      # Access the /set_session/<some_value> route first (e.g., /set_session/hello)
      # Then access /get_session to see the value.
      # Finally, access /clear_session and then /get_session again.
      app_sessions.run()
    except RuntimeError as e:
      print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")

9. How do you redirect a different a different route in Flask?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok


# Create a Flask application instance
app_redirect = Flask(__name__)
run_with_ngrok(app_redirect) # Use run_with_ngrok for Colab

# Define a route that will initiate the redirect
@app_redirect.route('/old_route')
def old_route():
    print("Accessed the old_route, redirecting...")
    # Use redirect() to send the user to a different URL.
    # Use url_for() to generate the URL for the target route,
    # which is recommended for maintainability.
    # You can pass keyword arguments to url_for if the target route
    # has variable rules or query parameters.
    return redirect(url_for('new_route'))

# Define the target route
@app_redirect.route('/new_route')
def new_route():
    print("Accessed the new_route.")
    return 'Welcome to the new route!'

# Define another route with a parameter to demonstrate passing args in redirect
@app_redirect.route('/user/<username>')
def profile(username):
    return f'User profile for: {username}'

# Example of redirecting to a route with a parameter
@app_redirect.route('/go_to_profile/<name>')
def go_to_profile(name):
    print(f"Accessed go_to_profile, redirecting to profile for {name}...")
    return redirect(url_for('profile', username=name))

# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the redirect example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
      # Note: When you run this, ngrok will provide a URL.
      # Access the /old_route to be redirected to /new_route.
      # Access /go_to_profile/some_name to be redirected to /user/some_name.
      app_redirect.run()
    except RuntimeError as e:
      print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")

10. How do you handle errors in Flask (e.g., 404)?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok


# Create a Flask application instance
app_errors = Flask(__name__)
run_with_ngrok(app_errors) # Use run_with_ngrok for Colab

# Define a route that might cause an error (e.g., intentionally not found)
@app_errors.route('/resource_that_does_not_exist')
def non_existent_resource():
    # This function will never be reached if the route is wrong
    # To simulate a 404, we can try to render a non-existent template
    # Or use the abort() function
    from flask import abort
    abort(404) # This explicitly raises a 404 error

# Define a custom error handler for 404 Not Found errors
@app_errors.errorhandler(404)
def not_found_error(error):
    print(f"Handling 404 error: {error}")
    # You can render a custom template or return a custom response
    # For an API, you might return JSON
    # For a web application, you might render an HTML error page
    return render_template('404.html'), 404

# Define a custom error handler for 500 Internal Server Errors
@app_errors.errorhandler(500)
def internal_error(error):
    print(f"Handling 500 error: {error}")
    # You can log the error here for debugging
    # Return a generic error message to the client for security
    return "<h1>Internal Server Error</h1><p>Something went wrong.</p>", 500

# Create dummy HTML error pages for demonstration
!mkdir -p templates
!echo "<html><body><h1>404 - Not Found</h1><p>The requested resource was not found.</p></body></html>" > templates/404.html


# Define a route that intentionally raises a 500 error
@app_errors.route('/cause_internal_error')
def cause_internal_error():
    print("Intentionally causing a 500 error...")
    # This line will raise an exception
    result = 1 / 0
    return "This should not be reached."

# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the error handling example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
      # Note: When you run this, ngrok will provide a URL.
      # Access the /resource_that_does_not_exist route to trigger the 404 handler.
      # Access the /cause_internal_error route to trigger the 500 handler.
      app_errors.run()
    except RuntimeError as e:
      print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")

11. How do structure a Flask app using Blueprints?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok

from flask import Flask, Blueprint

# Create a Flask application instance
app_blueprints = Flask(__name__)
# run_with_ngrok(app_blueprints) # You would typically run ngrok on the main app instance

# --- Create Blueprints ---

# Create the 'users' blueprint
# The first argument is the blueprint's name (used for url_for),
# the second is the import name (typically __name__).
# The url_prefix adds a prefix to all routes defined within this blueprint.
users_bp = Blueprint('users', __name__, url_prefix='/users')

# Define routes within the 'users' blueprint
@users_bp.route('/')
def list_users():
    return 'List of Users (from users blueprint)'

@users_bp.route('/<int:user_id>')
def get_user(user_id):
    return f'Details for User ID: {user_id} (from users blueprint)'

# Create the 'products' blueprint
products_bp = Blueprint('products', __name__, url_prefix='/products')

# Define routes within the 'products' blueprint
@products_bp.route('/')
def list_products():
    return 'List of Products (from products blueprint)'

@products_bp.route('/<int:product_id>')
def get_product(product_id):
    return f'Details for Product ID: {product_id} (from products blueprint)'

# --- Register Blueprints with the main Flask app ---

# Register the 'users' blueprint with the main app
app_blueprints.register_blueprint(users_bp)

# Register the 'products' blueprint with the main app
app_blueprints.register_blueprint(products_bp)

# Define a root route on the main app (optional)
@app_blueprints.route('/')
def index():
    # You can use url_for with the blueprint name
    users_url = url_for('users.list_users')
    products_url = url_for('products.list_products')
    return f'Welcome to the app! <br> Go to <a href="{users_url}">Users</a> <br> Go to <a href="{products_url}">Products</a>'


# To run this example, you would typically run the main app instance.
# We include the run block here for Colab.
# Note: When you run this in Colab, you need to expose the main app with ngrok.
# Add run_with_ngrok(app_blueprints) after creating the app instance.
run_with_ngrok(app_blueprints)


if __name__ == '__main__':
    print("Running the blueprints example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
        # Access the root URL provided by ngrok, then navigate to /users/ or /products/
        app_blueprints.run()
    except RuntimeError as e:
      print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")


12. How do you define a custom Jinja filter in Flask?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok


# Create a Flask application instance
app_filters = Flask(__name__)
run_with_ngrok(app_filters) # Use run_with_ngrok for Colab

# --- Define a Custom Jinja Filter ---
# A custom filter is a Python function that takes at least one argument
# (the value being filtered) and returns the transformed value.
def format_currency(value):
    """Custom Jinja filter to format a number as currency."""
    try:
        # Convert to float, format with 2 decimal places and a dollar sign
        return f"${float(value):,.2f}"
    except (ValueError, TypeError):
        # Handle cases where the input is not a valid number
        return "Invalid Price"

# --- Register the Custom Filter with the Flask App ---
# You register the filter using the app's `jinja_env.filters` dictionary.
# The key is the name you'll use in the template (e.g., 'currency'),
# and the value is the Python function.
app_filters.jinja_env.filters['currency'] = format_currency


# Create a dummy 'templates' folder and an HTML file that uses the filter
!mkdir -p templates
!echo "<html><body><h1>Jinja Filter Example</h1><p>Original price: {{ price }}</p><p>Formatted price: {{ price | currency }}</p><p>Invalid price: {{ invalid_price | currency }}</p></body></html>" > templates/filter_example.html


# Define a route that renders a template using the custom filter
@app_filters.route('/filter_example')
def filter_example():
    # Data to pass to the template
    data = {
        'price': 12345.6789,
        'invalid_price': 'not a number'
    }
    # Render the template, which will apply the 'currency' filter
    return render_template('filter_example.html', **data)

# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the custom filter example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
        # Access the /filter_example route provided by ngrok
        app_filters.run()
    except RuntimeError as e:
        print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")

13. How can you redirect with query parameters in Flask?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok


# Create a Flask application instance
app_redirect_params = Flask(__name__)
run_with_ngrok(app_redirect_params) # Use run_with_ngrok for Colab

# Define a route that will initiate the redirect with query parameters
@app_redirect_params.route('/start_redirect_with_params')
def start_redirect():
    print("Accessed start_redirect_with_params, redirecting...")
    # Use redirect() to send the user to a different URL.
    # Use url_for() to generate the URL for the target route ('target_route_with_params').
    # Pass the query parameters as keyword arguments to url_for().
    # Flask will automatically append these as query string parameters.
    return redirect(url_for('target_route_with_params',
                            message='hello',
                            user_id=123,
                            status='active'))

# Define the target route that will receive the query parameters
@app_redirect_params.route('/target_route_with_params')
def target_route_with_params():
    print("Accessed target_route_with_params.")
    # Access the query parameters using request.args
    message = request.args.get('message') # .get() is safe if the parameter isn't present
    user_id = request.args.get('user_id', type=int) # Use type to convert to int
    status = request.args.get('status')

    return f"""
    <h1>Redirect with Query Parameters</h1>
    <p>Message: {message}</p>
    <p>User ID: {user_id}</p>
    <p>Status: {status}</p>
    <p>Raw args: {request.args}</p>
    """

# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the redirect with query parameters example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
        # Note: When you run this, ngrok will provide a URL.
        # Access the /start_redirect_with_params route to trigger the redirect.
        # You will then see the target route displaying the parameters from the URL.
        app_redirect_params.run()
    except RuntimeError as e:
        print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")

14. How do you return JSON responses in Flask?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok

# Create a Flask application instance
app_json = Flask(__name__)
run_with_ngrok(app_json) # Use run_with_ngrok for Colab

# Define a route that returns a simple dictionary as a JSON response
@app_json.route('/json_example')
def json_example():
    # Data you want to return as JSON
    data = {
        "name": "Alice",
        "age": 30,
        "city": "New York",
        "is_active": True,
        "courses": ["Math", "Science", "History"]
    }
    # Use jsonify to convert the dictionary to a JSON response
    # jsonify automatically sets the Content-Type header to application/json
    return jsonify(data)

# Define a route that returns a list of dictionaries as a JSON response
@app_json.route('/users_json')
def users_json():
    users = [
        {"id": 1, "username": "alice"},
        {"id": 2, "username": "bob"},
        {"id": 3, "username": "charlie"}
    ]
    return jsonify(users)

# Define a route that returns a JSON response with a specific status code
@app_json.route('/json_with_status')
def json_with_status():
    error_data = {
        "error": "Resource not found",
        "message": "The requested item does not exist."
    }
    # Return the JSON data and the HTTP status code (e.g., 404 Not Found)
    return jsonify(error_data), 404


# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the JSON response example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
        # Note: When you run this, ngrok will provide a URL.
        # Access the /json_example or /users_json or /json_with_status routes.
        # Your browser or API client will receive a JSON response.
        app_json.run()
    except RuntimeError as e:
        print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")



15. How do you capture URL parameters in Flask?

In [None]:
# Ensure Flask and Flask-ngrok are installed
!pip install Flask Flask-ngrok


# Create a Flask application instance
app_url_params = Flask(__name__)
run_with_ngrok(app_url_params) # Use run_with_ngrok for Colab

# --- Capturing URL Parameters ---

# 1. Variable Rules in the Route Decorator
# You can define variable parts directly in the @app.route() decorator
# using angle brackets (<>).
# By default, the variable captures any string.
@app_url_params.route('/greet/<name>')
def greet_user(name):
    # The captured value ('name') is passed as a keyword argument
    # to the view function.
    return f'Hello, {name}!'

# You can specify converter types for the variable rule
# Common converters: string (default), int, float, path (includes slashes), uuid
@app_url_params.route('/user/<int:user_id>')
def get_user_by_id(user_id):
    # The captured value 'user_id' is automatically converted to an integer
    # by Flask before being passed to the function.
    # If the URL part cannot be converted (e.g., '/user/abc'), Flask will
    # return a 404 Not Found error automatically.
    return f'Getting details for user with ID: {user_id}'

# Example with multiple parameters and different types
@app_url_params.route('/product/<int:product_id>/review/<float:rating>')
def add_product_review(product_id, rating):
    # Both product_id (integer) and rating (float) are captured
    return f'Reviewing product {product_id} with rating {rating}'


# 2. Query String Parameters (using request.args)
# Query string parameters are appended to the URL after a '?',
# separated by '&' (e.g., /search?q=flask&sort=date).
# These are NOT defined in the @app.route() decorator.
@app_url_params.route('/search')
def search_results():
    # Access query string parameters using the request.args dictionary
    # request.args is an ImmutableMultiDict, use .get() for safer access
    # The .get() method takes the parameter name and an optional default value.
    # You can also specify a 'type' to convert the value.
    query = request.args.get('q', default='no query provided') # Get 'q' parameter
    sort_by = request.args.get('sort', default='relevance') # Get 'sort' parameter
    page = request.args.get('page', type=int, default=1) # Get 'page' as an integer

    return f"""
    <h1>Search Results</h1>
    <p>Query: {query}</p>
    <p>Sort By: {sort_by}</p>
    <p>Page: {page}</p>
    <p>Raw args: {request.args}</p>
    """

# 3. Form Data (using request.form - typically for POST requests)
# Data submitted via an HTML form with method="POST" is typically in the
# request body, not the URL. While not strictly "URL parameters", they are
# a common way to send data to the server via a URL endpoint.
# See the previous example (Question 6) on handling forms and request.form.

# 4. JSON Data (using request.json or request.get_json() - typically for API POST/PUT)
# Data sent in the body of a request with Content-Type: application/json.
# Again, not strictly "URL parameters", but data sent to a URL endpoint.
# See the previous example (Question 14) on returning JSON; accessing incoming
# JSON data is done similarly using request.json or request.get_json().
@app_url_params.route('/api/data', methods=['POST'])
def receive_json_data():
    # Access JSON data from the request body
    data = request.get_json() # or request.json

    if data is None:
        return jsonify({"error": "Invalid JSON"}), 400

    # Process the received JSON data
    name = data.get('name')
    value = data.get('value')

    print(f"Received JSON: Name={name}, Value={value}")

    return jsonify({"received": True, "name": name, "value": value})


# To run this specific example, you would run this cell
if __name__ == '__main__':
    print("Running the URL parameters example app...")
    # Ensure the previous ngrok tunnel is stopped if you are running multiple examples
    try:
        # Note: When you run this, ngrok will provide a URL.
        # Access the following URLs:
        # - /greet/Bob  (string parameter)
        # - /user/456   (integer parameter)
        # - /product/10/review/4.5 (int and float parameters)
        # - /search?q=python&sort=date&page=2 (query string parameters)
        # To test the /api/data POST route, you would need an API client
        # (like curl, Postman, or a Python requests script) to send a POST request
        # with JSON data to the ngrok URL + /api/data.
        app_url_params.run()
    except RuntimeError as e:
        print(f"Could not run the app. Make sure previous cells with app.run() are stopped. Error: {e}")
