# Restful API & Flask

1. What is a RESTful API?

   -> A RESTful API (Representational State Transfer API) is a way for different software applications to communicate with each other over the internet using standard HTTP methods.

2. Explain the concept of API specification.

   -> An API specification is a formal, structured description of how an API behaves and how developers can interact with it. It defines the rules, endpoints, request/response formats, and authentication methods for the API — essentially, it's the contract between the API provider and the API consumer.

3. What is Flask, and why is it popular for building APIs?

   -> Flask is a lightweight and flexible web framework written in Python. It’s especially popular for building RESTful APIs and small-to-medium web applications.

4. What is routing in Flask?
    
   -> Routing in Flask refers to mapping URLs (routes) to functions in your application that handle requests. These functions are called view functions.

5. How do you create a simple Flask application?

   -> Creating a simple Flask application involves a few key steps:

- Set up your environment
- Create your Flask application file
- Write the Flask code

6. What are HTTP methods used in RESTful APIs?

   -> RESTful APIs leverage standard HTTP methods to perform operations on resources, aligning with the principles of Representational State Transfer. The most commonly used methods, often corresponding to CRUD (Create, Read, Update, Delete) operations, are:

- GET: Used to retrieve data or a representation of a resource from the server. It should not have side effects on the server.

- POST: Used to submit data to the server, typically to create a new resource.

- PUT: Used to update or replace an existing resource with the provided data. If the resource does not exist, it may create it.

- DELETE: Used to remove a specific resource from the server.

- PATCH: Used to apply partial modifications to a resource. Unlike PUT, it only sends the changes to be applied, not the entire resource.

7. What is the purpose of the @app.route() decorator in Flask?

   -> The @app.route() decorator in Flask is used to map a specific URL to a Python function. When a user navigates to that URL in their web browser, the decorated function is executed, and its return value is sent back as the response.

8. What is the difference between GET and POST HTTP methods?

   ->
     - Use GET for retrieving data. It is ideal for search queries, filtering results, and navigating to specific pages, as the state of the server is not changed.
    
  - Use POST for submitting data. It is the correct choice for submitting forms, uploading files, or any action that will create or modify data on the server.

9. How do you handle errors in Flask APIs?

   -> Here's a brief summary of how to handle errors in Flask APIs:

- Use @app.errorhandler() to catch HTTP errors and exceptions. Register a function for specific HTTP status codes (e.g., 404) or Python exception classes (e.g., Exception). This function will be executed whenever that error occurs.

- Manually raise HTTP errors with abort(). Call Flask's abort() function with a status code (e.g., abort(404)) to trigger the corresponding error handler. This is useful for validation errors.

- Return JSON responses instead of HTML. Within your error handlers, use jsonify() to return a structured JSON object containing an error message and the correct HTTP status code, ensuring a consistent API response format.

- Create custom exceptions for API logic. For more specific errors, define your own exception classes. This improves code organization and allows you to catch and handle different error types distinctively.

10.  How do you connect Flask to a SQL database?

     -> To connect Flask to a SQL database, you typically use an ORM (Object-Relational Mapper) like SQLAlchemy or a database driver directly (e.g., sqlite3, psycopg2, or mysqlclient).

     Step 1: Install dependencies
     Step 2: Configure Flask app with database
     Step 3: Define models (tables)
     Step 4: Create database and tables
     Step 5: Insert & query data

11. What is the role of Flask-SQLAlchemy?

     -> The role of Flask-SQLAlchemy is to make working with databases in Flask much easier by acting as a bridge between Flask and SQLAlchemy.

12. What are Flask blueprints, and how are they useful?

     -> A Flask blueprint is a way to organize a Flask application into modular, reusable components. It encapsulates a collection of views, templates, static files, and other functionality related to a specific part of the application, such as user authentication or a blog. This modularity is particularly useful for building larger, more complex applications.

13. What is the purpose of Flask's request object?

     -> The request object in Flask is a proxy for the incoming HTTP request from a client. Its primary purpose is to provide access to the data and information sent with that request, allowing your Flask application to interact with the client.

The request object holds everything from the request URL and headers to form data, uploaded files, and cookies.

14. How do you create a RESTful API endpoint using Flask?

     -> You can create a RESTful API endpoint in Flask by using the @app.route() decorator to define the URL, specifying the allowed HTTP methods, and returning data in JSON format with the jsonify function.

15. What is the purpose of Flask's jsonify() function?

     -> The purpose of Flask's jsonify() function is to simplify the creation of JSON HTTP responses. It converts a Python dictionary, or other JSON-serializable object, into a Flask Response object with the correct Content-Type header set to application/json. This tells the client (like a web browser or a mobile app) that the response body is formatted as JSON.

16. Explain Flask's url_for() function.

     -> The url_for() function in Flask is used to dynamically build a URL for a specific function. Instead of hard-coding URLs in your code and templates, url_for() allows you to reference view functions by name, making your application more flexible and resilient to changes.

17. How does Flask handle static files (CSS, JavaScript, etc.)?

     -> Flask serves static files like CSS, JavaScript, and images through a built-in mechanism that uses a special static directory. During development, Flask handles these requests automatically, and in production, a dedicated web server like Nginx or Apache is typically configured to serve them for better performance.

18. What is an API specification, and how does it help in building a Flask API?

     -> An API specification is a standardized, machine-readable document that serves as a blueprint for an API. It formally describes all aspects of the API, such as its endpoints, allowed HTTP methods, request and response formats, parameters, authentication methods, and error handling. The most popular specification is the OpenAPI Specification (OAS), formerly known as Swagger.

19. What are HTTP status codes, and why are they important in a Flask API?

     -> HTTP status codes are three-digit numbers returned by a server to indicate the outcome of a client's request. In a Flask API, they are crucial for:

- Clear Communication: They provide a universal language for the API to signal success (200 OK, 201 Created), client-side errors (400 Bad Request, 404 Not Found), or server-side issues (500 Internal Server Error).

- Troubleshooting: Consistent and correct status codes help developers quickly diagnose problems, differentiating between issues caused by the client's request versus the server's internal logic.

- Client Automation: Client applications can be programmed to automatically handle different responses. For example, an app might show a user-friendly error message for a 404 or retry a request after a delay for a 503 Service Unavailable.

- Enhanced User Experience: By translating status codes into meaningful feedback, the API empowers the client to provide a better user experience. For instance, an incorrect password might return a 401 Unauthorized.

20. How do you handle POST requests in Flask?

     -> To handle a POST request in Flask, you follow these steps:

- Specify the POST method: Add methods=['POST'] to the @app.route() decorator for the view function that will handle the request.

- Check the method: Use if request.method == 'POST': inside your function to differentiate between POST and other request types, like GET.

- Access the data: Use the request object to get the data submitted by the client:
  - Form data: For HTML forms, use request.form['field_name'].
  - JSON data: For APIs, use request.get_json() or request.json to get the body.

- Process the data: Use the extracted data to perform an action, such as saving it to a database.

- Return a response: Send a success message, a redirection, or a JSON response to the client. A 201 Created status code is appropriate for new resources.

21. How would you secure a Flask API?

     -> Securing a Flask API involves a multi-layered approach:

- Authentication and Authorization:

   - Use Flask-JWT-Extended for stateless, token-based authentication.
   - Use API keys for machine-to-machine access.
   - Implement OAuth 2.0 for third-party logins.

- Input Validation:

   - Never trust user input. Use a library like Marshmallow for validation.
   - Use an ORM like SQLAlchemy to prevent SQL injection.

- Secure Practices:

   - Enforce HTTPS to encrypt data in transit.
   - Store secrets in environment variables, not in code.
   - Disable debug mode in production.

- Mitigate Attacks:

   - Control access with Flask-CORS.
   - Use Flask-Limiter to prevent brute-force attacks.
   - Use Flask-WTF for CSRF protection where needed.

- Secure Deployment:

   - Use a production WSGI server (Gunicorn, uWSGI) behind a web server (Nginx).
   - Keep all dependencies updated.

22. What is the significance of the Flask-RESTful extension?

     -> The Flask-RESTful extension simplifies and structures the process of building RESTful APIs in Flask, particularly for larger or more complex projects. While you can create APIs with vanilla Flask, Flask-RESTful provides helpful abstractions that reduce boilerplate code and ensure your API design adheres to RESTful principles.

23. What is the role of Flask's session object?

     -> The session object in Flask provides a way to store user-specific information across multiple HTTP requests, enabling your web application to maintain state and context for a particular user. It works like a dictionary, allowing you to save and retrieve key-value pairs of data during a user's visit.

# Practical

1. How do you create a basic Flask application?

In [1]:
from flask import Flask, render_template_string

app = Flask(__name__)

# 🔹 Home page
@app.route('/')
def home():
    return render_template_string("""
        <h1>Welcome to Flask!</h1>
        <p><a href="/about">Go to About</a></p>
    """)

# 🔹 About page
@app.route('/about')
def about():
    return render_template_string("""
        <h1>About Page</h1>
        <p>This is a basic all-in-one Flask app.</p>
        <p><a href="/">Back Home</a></p>
    """)

# 🔹 Dynamic route example
@app.route('/hello/<name>')
def hello(name):
    return f"<h1>Hello, {name.capitalize()}!</h1>"

# 🔹 Run the app
if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with watchdog (inotify)


2. How do you serve static files like images or CSS in Flask?

In [4]:
from flask import Flask

# Serves static files from a directory named 'assets' at the URL '/resources/'
app = Flask(__name__, static_folder='assets', static_url_path='/resources')


3. How do you define different routes with different HTTP methods in Flask?

In [5]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        # Logic to process the POST request (e.g., handle form submission)
        return '<h1>Processing login...</h1>'
    else:
        # Logic to handle the GET request (e.g., show the login form)
        return '<h1>Show the login form</h1>'


4. How do you render HTML templates in Flask?

In [8]:
# app.py
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    user_name = "Alice"
    favorite_sites = ["Example.com", "Flask.palletsprojects.com", "DigitalOcean"]

    # Render the index.html template and pass the data
    return render_template('index.html',
                           title='Home Page',
                           user=user_name,
                           sites=favorite_sites)

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with watchdog (inotify)


5. How can you generate URLs for routes in Flask using url_for?

In [7]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def index():
    return '<h1>Home Page</h1>'

@app.route('/about')
def about():
    # In a template or another view, you would use this
    home_url = url_for('index')
    return f'<h1>About Page</h1><a href="{home_url}">Go Home</a>'

6. How do you handle forms in Flask?

In [9]:
from flask import Flask, render_template, redirect, url_for
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired

app = Flask(__name__)
app.config['SECRET_KEY'] = 'your-secret-key-here' # Must be a strong, random key


ModuleNotFoundError: No module named 'flask_wtf'

7.  How can you validate form data in Flask?

In [11]:
from flask import request, jsonify
from marshmallow import Schema, fields, ValidationError

# Define a Marshmallow schema for validation
class UserSchema(Schema):
    username = fields.String(required=True, validate=lambda s: 4 <= len(s) <= 25)
    email = fields.Email(required=True)

@app.route('/api/register', methods=['POST'])
def register_user():
    try:
        user_data = request.get_json()
        UserSchema().load(user_data) # Validate and load data

        # Data is valid; process it
        return jsonify({"message": "User validated and created"}), 201
    except ValidationError as err:
        # Handle validation errors
        return jsonify(err.messages), 400

ModuleNotFoundError: No module named 'marshmallow'

8.  How do you manage sessions in Flask?

In [14]:
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
    return "Hello, World!"
if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with watchdog (inotify)


9. How do you redirect to a different route in Flask?

In [13]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

# This is the target route
@app.route('/')
def home():
    return '<h1>Welcome to the Home Page</h1>'

# This route redirects to the 'home' function
@app.route('/redirect_home')
def redirect_home():
    # Use redirect() with url_for() to redirect to the 'home' function
    return redirect(url_for('home'))

if __name__ == '__main__':
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
INFO:werkzeug:[33mPress CTRL+C to quit[0m
INFO:werkzeug: * Restarting with watchdog (inotify)


10. How do you handle errors in Flask (e.g., 404)?

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

@app.route('/')
def home():
    return '<h1>Welcome!</h1>'

if __name__ == '__main__':
    app.run(debug=True)


11. How do you structure a Flask app using Blueprints?

In [None]:
# /app/__init__.py
from flask import Flask

def create_app(test_config=None):
    # create and configure the app
    app = Flask(__name__, instance_relative_config=True)

    # ... configuration logic

    # Register blueprints
    from .auth import auth as auth_blueprint
    app.register_blueprint(auth_blueprint, url_prefix='/auth')

    from .blog import blog as blog_blueprint
    app.register_blueprint(blog_blueprint)

    return app


12. How do you define a custom Jinja filter in Flask?

In [None]:
# app.py
from flask import Flask, render_template
import datetime

app = Flask(__name__)

# Filter function defined separately
def human_datetime_filter(datetime_obj):
    return datetime_obj.strftime("%B %d, %Y")

# Register the filter
app.jinja_env.filters['human_date'] = human_datetime_filter

13. How can you redirect with query parameters in Flask?

In [None]:
@app.route('/search_results')
def search_results():
    search_terms = request.args.getlist('q')
    return f"<h1>Search Results</h1><p>Your search terms: {', '.join(search_terms)}</p>"

@app.route('/search')
def search():
    # Redirects to /search_results?q=flask&q=tutorial
    return redirect(url_for('search_results', q=['flask', 'tutorial']))


14. How do you return JSON responses in Flask?

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.errorhandler(404)
def resource_not_found(e):
    # Returns a custom JSON error with a 404 status
    return jsonify(error="Resource not found"), 404

@app.route("/api/item/<int:item_id>")
def get_item(item_id):
    if item_id != 1:
        # Manually abort to trigger the error handler
        from flask import abort
        abort(404)
    return {"item": f"Item {item_id}"}, 200


15. How do you capture URL parameters in Flask?

In [None]:
from flask import Flask, request

app = Flask(__name__)

# Example URL: /search?query=flask&page=1
@app.route('/search')
def search():
    # Use .get() to avoid a KeyError if a parameter is missing
    search_query = request.args.get('query')
    page = request.args.get('page', default=1, type=int) # with a default value and type
    return f"Searching for '{search_query}' on page {page}"
