# Theoretical questions

### 1.What is a RESTful API
A RESTful API (Representational State Transfer API) is a type of web API that adheres to the principles and constraints of the REST architectural style, which was introduced by Roy Fielding in his doctoral dissertation in 2000. It provides a standardized way for systems, particularly web-based applications, to communicate and interact over the HTTP protocol.

In a RESTful system, all data and functionality are treated as resources, which are accessed through unique URIs (Uniform Resource Identifiers). Each resource can be manipulated using standard HTTP methods such as:

GET to retrieve data,

POST to create new resources,

PUT to update/replace existing resources,

PATCH to partially update resources, and

DELETE to remove them.

### 2.Explain the concept of API specification
An API specification is a detailed and formal blueprint or contract that defines how clients can interact with an API. It describes what the API does, how it behaves, what endpoints are available, what inputs are expected, and what outputs will be returned.

 ##### Key Concepts of API Specification:
1. Definition of Endpoints:

2. HTTP Methods

3. Request Parameters:

4. Request Body Schema:

5. Response Format:





### 3.What is Flask, and why is it popular for building APIs
Flask is a lightweight and flexible web framework for Python that is widely used for building web applications and APIs. It is based on the Werkzeug WSGI toolkit and Jinja2 template engine.

#### Why Flask is Popular for Building APIs
1. Minimal and Lightweight:

Flask provides just the core functionality, allowing developers to add only what they need using extensions.

This "microframework" nature makes it perfect for building simple APIs quickly.

2. Simplicity and Readability:

Flask applications are easy to understand and write. The syntax is clean and intuitive.

3. RESTful Request Handling:

Flask natively supports routing for different HTTP methods (GET, POST, PUT, DELETE), which are essential for REST APIs.

4. Flexible and Extensible:

You can easily integrate Flask with other tools and libraries (e.g., Flask-RESTful, Flask-JWT, SQLAlchemy).

5. Built-in Development Server:

Flask provides a built-in server for testing and development, making it easy to debug.

6. Large Community and Documentation:

Flask has a strong community and rich documentation, making it easy to find help and learn from examples.

7. Compatible with WSGI and ASGI:

Flask apps can run on any WSGI-compatible web server (like Gunicorn), and new tools like Quart bring ASGI support to Flask-like APIs.



### 4.What is routing in Flask
Routing in Flask refers to mapping URLs (web addresses) to specific functions in your Python code. These functions are called view functions, and they return the response (like a web page or JSON data) that should be sent to the user when that route is accessed.



### 5.How do you create a simple Flask application
Creating a basic Flask app involves just a few steps. Below is a minimal, complete example.
which is given below:-


### 6.What are HTTP methods used in RESTful APIs
In RESTful APIs, HTTP methods define the type of operation you want to perform on a resource. Each method corresponds to a CRUD operation:

| HTTP Method | CRUD Operation | Description                         |
| ----------- | -------------- | ----------------------------------- |
| **GET**     | Read           | Retrieve data from the server       |
| **POST**    | Create         | Send new data to the server         |
| **PUT**     | Update         | Replace existing data on the server |
| **PATCH**   | Partial Update | Modify part of an existing resource |
| **DELETE**  | Delete         | Remove data from the server         |


### 7.What is the purpose of the @app.route() decorator in Flask
The @app.route() decorator in Flask is used to bind a URL path to a specific function — called a view function. It tells Flask which function should run when a specific URL is requested by the client (browser or API call).


### 8.What is the difference between GET and POST HTTP methods
Difference is given below:-

| Feature           | **GET**                                 | **POST**                                      |
| ----------------- | --------------------------------------- | --------------------------------------------- |
| **Purpose**       | Retrieve data from the server           | Submit data to the server                     |
| **Data Location** | Sent in the **URL** (query string)      | Sent in the **request body**                  |
| **Visibility**    | Data is visible in the URL              | Data is **not visible** in the URL            |
| **Bookmarkable**  | Yes                                     | No                                            |
| **Idempotent**    | Yes (doesn’t change server state)       | No (usually changes server state)             |
| **Caching**       | Can be cached                           | Usually not cached                            |
| **Security**      | Less secure (data in URL can be logged) | More secure (especially when used with HTTPS) |
| **Use Case**      | Reading data (e.g., view user profile)  | Creating/Updating data (e.g., login form)     |


### 9.How do you handle errors in Flask APIs
In Flask, you can handle errors using:

1. Built-in error handlers (@app.errorhandler)

2. Custom error responses (manual handling)

3. Flask abort() function

### 10.How do you connect Flask to a SQL database
To connect Flask to a SQL database (like SQLite, MySQL, or PostgreSQL), the most common and powerful approach is using SQLAlchemy, Flask’s ORM (Object Relational Mapper).

| Step | Action                                |
| ---- | ------------------------------------- |
| 1    | Install `Flask-SQLAlchemy`            |
| 2    | Configure `SQLALCHEMY_DATABASE_URI`   |
| 3    | Define models using classes           |
| 4    | Create tables with `db.create_all()`  |
| 5    | Use `session.add()`, `query` for data |


### 11.What is the role of Flask-SQLAlchemy
Flask-SQLAlchemy is an Object Relational Mapper (ORM) extension for Flask. It simplifies the process of connecting your Flask app to an SQL database and lets you interact with the database using Python classes and objects instead of writing raw SQL queries.


| Feature                             | Description                                                                 |
| ----------------------------------- | --------------------------------------------------------------------------- |
| **Database Connection**             | Manages connection to databases like SQLite, MySQL, PostgreSQL, etc.        |
| **ORM (Object Relational Mapping)** | Maps Python classes (models) to database tables                             |
| **Query Abstraction**               | Lets you query the database using Python instead of SQL                     |
| **Schema Management**               | Helps create, modify, and drop tables using `db.create_all()`               |
| **Session Management**              | Manages transactions (add, update, delete, commit)                          |
| **Integration with Flask**          | Seamlessly integrates SQLAlchemy into Flask’s app context and configuration |


### 12.What are Flask blueprints, and how are they useful
Flask Blueprints are a way to organize a Flask application into modular components. Think of a blueprint as a mini Flask application with its own routes, templates, static files, and logic — which can later be registered on the main app.

### 13.What is the purpose of Flask's request object
The request object in Flask is used to access data sent by the client (browser, API call, etc.) to your Flask application. It is part of Flask’s flask module and represents the incoming HTTP request.





| Purpose                    | Code Example                        | Description                           |
| -------------------------- | ----------------------------------- | ------------------------------------- |
| Get query parameters (GET) | `request.args.get('name')`          | Gets value from URL like `/?name=abc` |
| Get form data (POST)       | `request.form['username']`          | Retrieves data submitted from a form  |
| Get JSON data              | `request.get_json()`                | Parses JSON from request body         |
| Get HTTP method used       | `request.method`                    | Returns `GET`, `POST`, etc.           |
| Access request headers     | `request.headers['User-Agent']`     | Gets headers like browser info        |
| Access uploaded files      | `request.files['file']`             | Handles file uploads                  |
| Access raw body data       | `request.data`                      | Gets raw request body                 |
| Access cookies             | `request.cookies.get('session_id')` | Reads cookies                         |


### 14.How do you create a RESTful API endpoint using Flask
A RESTful API endpoint in Flask is created by defining a route (@app.route) that handles a specific HTTP method (GET, POST, PUT, DELETE) and returns data in JSON format.

To create a RESTful API in Flask:

1. Use @app.route() to define endpoints.

2. Handle HTTP methods: GET, POST, PUT, DELETE.

3. Return responses with jsonify().

4. Use request.get_json() to receive input data.

### 15.What is the purpose of Flask's jsonify() function
The jsonify() function in Flask is used to convert Python data structures (like dictionaries and lists) into a JSON response. It also sets the appropriate MIME type (application/json) and status code for HTTP responses.



### 16.Explain Flask’s url_for() function
The url_for() function in Flask is used to dynamically build URLs for your application by referring to the name of the view function instead of hardcoding the URL path.

| Benefit                    | Description                                                       |
| -------------------------- | ----------------------------------------------------------------- |
| **Avoids Hardcoding URLs** | If a route changes, you don’t need to update all URL strings      |
| **Dynamic URL Generation** | Automatically inserts path parameters and query parameters        |
| **Template Integration**   | Can be used inside HTML/Jinja templates (`{{ url_for('home') }}`) |


### 17.How does Flask handle static files (CSS, JavaScript, etc.)
Flask serves static files like CSS, JavaScript, images, and other assets from a special directory named static/ by default.

folder structure is given below:-

### 18.What is an API specification, and how does it help in building a Flask API
An API specification is a detailed, structured description of how an API works — including the endpoints, methods, inputs, outputs, data types, authentication, and error responses.

It acts like a blueprint or contract between the API provider and the consumer.


| Benefit                  | How It Helps in Flask API Development                          |
| ------------------------ | -------------------------------------------------------------- |
| **Clarity**              | Developers know exactly what to build or consume               |
| **Consistency**          | Ensures all endpoints follow uniform standards                 |
| **Client Communication** | Frontend teams or API users can understand how to use the API  |
| **Auto-Documentation**   | Tools like Swagger/OpenAPI generate docs from specs            |
| **Validation**           | Helps with input validation and response structure enforcement |
| **Testing & Mocking**    | Test tools can use specs to simulate endpoints before coding   |



### 19.What are HTTP status codes, and why are they important in a Flask API

HTTP status codes are 3-digit numbers returned by a web server (like Flask) to indicate the result of a client's request. They help the client understand what happened — whether the request was successful, failed, or required additional action.


| Purpose                   | Description                                                      |
| ------------------------- | ---------------------------------------------------------------- |
| **Communicate Outcome**   | Tells the client if the request succeeded, failed, or had issues |
| **Enable Error Handling** | Allows frontend or API users to handle errors appropriately      |
| **RESTful Compliance**    | Essential for building RESTful APIs that follow web standards    |
| **Improve Debugging**     | Helps developers and tools understand what went wrong            |


Common HTTP Status Codes (with Flask Examples)


| Code | Meaning               | Flask Example                                      |
| ---- | --------------------- | -------------------------------------------------- |
| 200  | OK (Success)          | `return jsonify(data), 200`                        |
| 201  | Created               | `return jsonify(new_item), 201`                    |
| 204  | No Content            | `return '', 204`                                   |
| 400  | Bad Request           | `return jsonify({'error': 'Bad input'}), 400`      |
| 401  | Unauthorized          | `return jsonify({'error': 'Unauthorized'}), 401`   |
| 403  | Forbidden             | `return jsonify({'error': 'Forbidden'}), 403`      |
| 404  | Not Found             | `return jsonify({'error': 'Not found'}), 404`      |
| 409  | Conflict              | `return jsonify({'error': 'Already exists'}), 409` |
| 500  | Internal Server Error | `return jsonify({'error': 'Server error'}), 500`   |




### 20.How do you handle POST requests in Flask
A POST request is used when the client wants to send data to the server, such as submitting a form or creating a new resource. In Flask, you handle POST requests using:

@app.route(..., methods=['POST'])

request.form for form data

request.get_json() for JSON data

### 21.How would you secure a Flask API
Securing a Flask API is critical to protect it from unauthorized access, data leaks, attacks, and abuse. Here's a breakdown of common methods to secure a Flask API.

1. Use HTTPS (TLS/SSL)
Always run your API over HTTPS, especially in production.

It encrypts data in transit and prevents man-in-the-middle attacks.

2. Authentication
Control who can access the API.

Options:
Method	Description
API Keys	Send a key in the request header; check it in your code
Token-Based (JWT)	Clients log in → receive a JSON Web Token → send it with requests
OAuth 2.0	Standard for third-party authentication (e.g., Google, GitHub)

3. Authorization
After authentication, ensure the user has permission for the requested action (e.g., admin vs. regular user).

4. Input Validation & Sanitization
Validate incoming data to avoid SQL injection or malformed requests.

5. Rate Limiting
Prevent abuse (e.g., DoS attacks) by limiting how many requests a client can make.

6. CORS Protection
Control which domains can access your API.

### 22.What is the significance of the Flask-RESTful extension
Flask-RESTful is an extension for Flask that simplifies the development of RESTful APIs. It provides a higher-level, more structured way to define resources and HTTP methods, helping developers build clean and scalable APIs faster.

| Feature                      | Benefit                                                                |
| ---------------------------- | ---------------------------------------------------------------------- |
| **Class-based views**        | Define API endpoints using Python classes (`Resource`)                 |
| **Method-specific handling** | Each HTTP method (GET, POST, etc.) is a method of the class            |
| **Request parsing**          | Built-in `reqparse` helps validate and parse inputs                    |
| **Error handling**           | Simplifies response codes and custom error messages                    |
| **Cleaner routing**          | Use `api.add_resource()` instead of multiple `@app.route()` decorators |


### 23.What is the role of Flask’s session object?
The session object in Flask is used to store data across multiple requests for the same client (like a logged-in user). It acts like a temporary storage (per user) that persists between requests using secure cookies.


Why Use session? 


| Purpose                  | Description                                              |
| ------------------------ | -------------------------------------------------------- |
| **User login state**     | Track if a user is logged in or not                      |
| **Store temporary data** | Store small, secure info like username, role, cart items |
| **Per-user storage**     | Each user's session data is isolated from others         |
| **Secure**               | Signed with a secret key to prevent tampering            |


# practical questions

In [3]:
# 1.How do you create a basic Flask application

from flask import Flask

# Create Flask app instance
app = Flask(__name__)

# Define a route
@app.route('/')
def home():
    return 'Hello, Flask!'

# Run the app
if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with watchdog (windowsapi)


SystemExit: 1

###  2.How do you serve static files like images or CSS in Flask


###  3. How do you define different routes with different HTTP methods in Flask


### 4.How do you render HTML templates in Flask


### 5. How can you generate URLs for routes in Flask using url_for



### 6.How do you handle forms in Flask

### 7.How can you validate form data in Flask


### 8.How do you manage sessions in Flask


### 9.How do you redirect to a different route in Flask

### 10.How do you handle errors in Flask (e.g., 404)

### 11.How do you structure a Flask app using Blueprints



### 12.How do you define a custom Jinja filter in Flask


### 13.How can you redirect with query parameters in Flask

### 14. How do you return JSON responses in Flask

### 15.How do you capture URL parameters in Flask?