#Restful API & Flask

Q1. What is a RESTful API?

  ->> A RESTful API (Representational State Transfer Application Programming Interface) is a way for computer systems to communicate over the internet using standard web protocols like HTTP. It’s one of the most popular architectures for building web services because it’s simple, scalable, and flexible

Q2.Explain the concept of API specification

  ->> What an API Specification Includes
1. Endpoints: The URLs where the API can be accessed (e.g., /users, /products)

2. HTTP Methods: What actions are allowed (GET, POST, PUT, DELETE, etc.)

3. Request Parameters: What data can or must be sent with a request

4. Response Format: What kind of data the API returns (usually JSON or XML)

5. Authentication Rules: How users or systems must identify themselves

6. Error Codes: What happens when something goes wrong

Q3.What is Flask, and why is it popular for building APIs?
  ->> Flask is a micro web framework written in Python that’s widely used for building web applications and RESTful APIs. It’s called a “micro” framework because it provides the essentials—routing, request handling, and templating—without enforcing a specific project structure or including built-in tools like authentication or database management


Q4.What is routing in Flask?

  ->> Routing in Flask is the mechanism that connects URLs to Python functions, allowing your web app to respond to different web requests. It’s how Flask knows what content to serve when someone visits a specific path like /home or /about.

Q5. How do you create a simple Flask application?

  ->> 1. Install Flask
Make sure you have Python installed, then run

2. Create Your App File
Create a file named app.py and add the following code:

3. Run the App
In your terminal, navigate to the folder containing app.py and run:

Then open your browser and go to http://127.0.0.1:5000/ — you’ll see “Hello, Flask!”

Q6. What are HTTP methods used in RESTful APIs?

  ->>🧠 Key Characteristics
1. GET is safe and idempotent (multiple identical requests yield the same result).

2. POST is not idempotent—repeating it may create multiple resources.

3. PUT and DELETE are idempotent—repeating them doesn’t change the outcome.

4. PATCH is not necessarily idempotent, depending on how it's implemented.

Q7.What is the purpose of the @app.route() decorator in Flask

  ->> The @app.route() decorator in Flask is used to bind a URL path to a specific Python function, turning that function into a view that handles requests to that route. It’s the core mechanism for defining how your web app responds to different URLs.

Q8.What is the difference between GET and POST HTTP methods

  ->>
- GET is used to retrieve data from a server. It appends parameters directly to the URL, making the data visible in the browser’s address bar. This makes it less secure and suitable only for non-sensitive information. GET requests can be cached, bookmarked, and stored in browser history. However, they have limitations on the amount and type of data you can send.

- POST is used to send data to a server, typically to create or update resources. It places the data in the body of the request, keeping it hidden from the URL. This makes POST more secure and capable of handling larger and more complex data, including binary files. POST requests are not cached or stored in browser history, and they cannot be bookmarked.

Q9. How do you handle errors in Flask APIs

  ->>
1. Use Flask’s @app.errorhandler Decorator
You can define custom error handlers for specific HTTP status codes or exceptions:

2. Handle Unexpected Exceptions
Catch all unhandled exceptions to prevent your app from crashing:

3. Raise Custom Exceptions
You can define your own exception classes for more control:

4. Use abort() for Quick Error Responses
Flask’s abort() function lets you trigger an error manually:

Q10. How do you connect Flask to a SQL database?

  ->>
1. Install Required Packages

pip install flask flask-sqlalchemy
If you're using MySQL or PostgreSQL, you'll also need a connector like PyMySQL or psycopg2.

2. Configure Your Flask App
Set up your database URI in app.py:

python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'  # or use MySQL/PostgreSQL URI
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

db = SQLAlchemy(app)
For MySQL:

python
app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://username:password@localhost/dbname'

3. Define Your Models
Create classes that represent your database tables:

python
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)

    def __repr__(self):
        return f'<User {self.username}>'

4. Create the Database
Run this once to create the tables:

python
with app.app_context():
    db.create_all()

5. Interact with the Database
Add a new user:

python
new_user = User(username='alice', email='alice@example.com')
db.session.add(new_user)
db.session.commit()
Query users:

python
users = User.query.all()

Q11. What is the role of Flask-SQLAlchemy?

  ->> Core Role of Flask-SQLAlchemy
- Integrates SQLAlchemy with Flask: It wraps SQLAlchemy’s powerful ORM (Object Relational Mapper) and configures it to work seamlessly with Flask’s app context2.

- Simplifies Database Operations: You can define models as Python classes and interact with the database using Python code instead of raw SQL3.

- Supports Multiple Databases: Works with SQLite, MySQL, PostgreSQL, and others—just change the connection URI.

- Manages Sessions and Transactions: Handles database sessions and commits automatically, reducing boilerplate code.

- Provides Query API: Lets you perform CRUD operations with expressive Python syntax like User.query.filter_by(name='Alice').first().

- Enables Migrations: Easily integrates with tools like Alembic to manage schema changes over time

Q12. What are Flask blueprints, and how are they useful?

  ->> A blueprint is an object that defines a set of operations (like routes and error handlers) that can be registered on a Flask application later. It’s not a standalone app, but a template for extending your main app

@ Why Blueprints Are Useful
- Modularity: Split your app into logical sections (e.g., users, posts, admin).

- Reusability: Reuse blueprints across multiple apps or projects.

- Scalability: Manage large apps more easily by isolating features.

- Maintainability: Keep code organized and easier to debug or extend.

- Team Collaboration: Developers can work on separate blueprints without stepping on each other’s toes.

Q13.What is the purpose of Flask's request object?

  ->> The purpose of Flask’s request object is to give you access to everything the client sends to your server during an HTTP request. It’s like a digital envelope containing all the details of the incoming message—headers, form data, query parameters, cookies, files, and more

Q14. How do you create a RESTful API endpoint using Flask?

  ->> 🛠️ Step-by-Step: Build a RESTful API Endpoint with Flask
1. Install Flask
bash
pip install flask
2. Create Your Flask App
Create a file named app.py and add:

python
from flask import Flask, jsonify, request

app = Flask(__name__)

# Sample data
users = [
    {"id": 1, "name": "Alice"},
    {"id": 2, "name": "Bob"}
]

# GET endpoint to retrieve all users
@app.route('/api/users', methods=['GET'])
def get_users():
    return jsonify(users)

# POST endpoint to add a new user
@app.route('/api/users', methods=['POST'])
def add_user():
    new_user = request.get_json()
    users.append(new_user)
    return jsonify(new_user), 201

if __name__ == '__main__':
    app.run(debug=True)
3. Test Your API
- Run the app: python app.py

- Use tools like Postman or curl to test:

  - GET http://localhost:5000/api/users

  - POST http://localhost:5000/api/users with JSON body

Q15.What is the purpose of Flask's jsonify() function?

  ->> The purpose of Flask’s jsonify() function is to convert Python data structures into a properly formatted JSON response for clients—especially useful when building RESTful APIs.

Q16. Explain Flask’s url_for() function.

  ->> Flask’s url_for() function is a built-in utility that dynamically generates URLs for your application’s routes, making your code cleaner, more maintainable, and less error-prone.

Q17.How does Flask handle static files (CSS, JavaScript, etc.)?

  ->> Flask handles static files—like CSS, JavaScript, and images—using a built-in mechanism that makes it super easy to serve them alongside your dynamic content

Q18. What is an API specification, and how does it help in building a Flask API

  ->> An API specification is a detailed blueprint that defines how an API behaves—what endpoints it exposes, what data it expects, how it responds, and how it handles errors. Think of it as a contract between the backend and the frontend (or any client), ensuring everyone knows exactly how to interact with the API.

🧠 How It Helps When Building a Flask API
- Clarity for Developers: Everyone knows what to build and how to use it

- Documentation Generation: Tools like Swagger or Flasgger can auto-generate docs from the spec

- Validation & Testing: You can test against the spec to ensure compliance

- Client SDK Generation: Automatically generate client libraries for different languages

- Mocking & Prototyping: Simulate API responses before backend is ready

Q19.What are HTTP status codes, and why are they important in a Flask API?

  ->> HTTP status codes are three-digit numbers returned by a server to indicate the outcome of a client’s request. In a Flask API, they play a crucial role in communicating whether a request was successful, failed, or needs further action.

🧠 Why They Matter in Flask APIs
- Clear Communication: They tell the client exactly what happened—whether the request was OK (200), created something (201), or failed (404, 500).

- Error Handling: You can define custom responses for errors like 400 Bad Request or 403 Forbidden to guide users or developers.

- Debugging & Logging: Status codes help developers pinpoint issues quickly.

- RESTful Design: They align with REST principles by mapping HTTP methods to expected outcomes.

- Automation & Testing: Tools like Postman or Swagger rely on status codes to validate API behavior.

Q20. How do you handle POST requests in Flask?

  ->>
1. Use request.form for HTML form data.

2. Use request.json or request.get_json() for JSON payloads.

Q21. How would you secure a Flask API?

  ->>
1. Use HTTPS
 - Always serve your API over HTTPS to encrypt data in transit.

- Use tools like Flask-Talisman to enforce HTTPS and set secure headers.

2. Authentication & Authorization
- Implement token-based authentication using JWTs (JSON Web Tokens).

  - Protect endpoints with JWTs | JWT Authentication For Flask #5 shows how to secure routes using JWTs and authorization decorators.

- Use OAuth 2.0 for third-party login (Google, Facebook).

  - Secure OAuth 2.0 in Flask: Python User Authentication Guide walks through setting up Google OAuth with Flask.

- Apply role-based access control to restrict sensitive endpoints.

  - Secure Your Flask App Like a Pro demonstrates how to create roles and restrict access to admin-only routes.

3. Secure Endpoints
- Require authentication for all sensitive routes.

- Validate tokens and user roles before processing requests.

  - Securing REST APIs with Flask: Authentication and ... explains how to secure RESTful endpoints with decorators and token checks.

4. Input Validation & Sanitization
- Use libraries like Flask-WTF or Marshmallow to validate incoming data.

- Prevent SQL injection by using ORM tools like SQLAlchemy.

5. Rate Limiting & Throttling
- Use Flask-Limiter to prevent abuse and brute-force attacks.

6. Secure Static Files & CORS
- Configure Flask-CORS properly to avoid exposing your API to unwanted domains.

- Serve static files securely and avoid leaking sensitive data.

7. Use Environment Variables for Secrets
- Store API keys, database URIs, and secret keys in environment variables.

- Never hardcode secrets in your source code.

Q22.What is the significance of the Flask-RESTful extension?

  ->>
Flask-RESTful is a powerful extension that streamlines the process of building RESTful APIs with Flask by introducing a structured, class-based approach. It’s especially useful when your app grows beyond a few endpoints and you want clean, maintainable code

Q23 What is the role of Flask’s session object?

  ->>Flask’s session object plays a key role in managing user-specific data across multiple requests. It allows your app to remember things like login status, preferences, or shopping cart contents—even as users navigate between pages.

In [None]:
#1. How do you create a basic Flask application?

from flask import Flask
app = Flask(__name__)

@app.route("/")
def home():
    return "Hello Flask!"

if __name__ == "__main__":
    app.run(debug=True)


In [None]:
#2. How do you serve static files like images or CSS in Flask

# Place files in /static folder and use url_for(). Example:

<img src="{{ url_for('static', filename='logo.png') }}">


In [None]:
#3.How do you define different routes with different HTTP methods in Flask

from flask import Flask, request

app = Flask(__name__)

@app.route('/submit', methods=['GET', 'POST'])
def submit():
    if request.method == 'POST':
        return 'Form submitted!'
    return 'Submit your form.'


In [None]:
#4. How do you render HTML templates in Flask

from flask import render_template
@app.route("/home")
def home():
    return render_template("index.html")



In [None]:
#5. How can you generate URLs for routes in Flask using url_for

from flask import Flask, url_for

app = Flask(__name__)

@app.route('/dashboard')
def dashboard():
    return 'Welcome to the Dashboard!'

@app.route('/')
def home():
    return redirect(url_for('dashboard'))


In [None]:
#6. How do you handle forms in Flask

@app.route("/form", methods=["GET", "POST"])
def form():
    if request.method == "POST":
        name = request.form["name"]
        return f"Hello {name}"
    return render_template("form.html")


In [None]:
#7.How can you validate form data in Flask

from flask import Flask, request, flash, redirect, url_for

app = Flask(__name__)
app.secret_key = 'secret'

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form['name']
    email = request.form['email']

    if not name:
        flash('Name is required!')
        return redirect(url_for('home'))
    if '@' not in email:
        flash('Invalid email!')
        return redirect(url_for('home'))

    flash('Form submitted successfully!')
    return redirect(url_for('home'))


In [None]:
#8.How do you manage sessions in Flask

#1.Set Up Your App

from flask import Flask, session

app = Flask(__name__)
app.secret_key = 'your_secret_key'  # Required for session security

#2.Store Data in Session

@app.route('/login')
def login():
    session['username'] = 'Alice'
    return 'Logged in as Alice'

#3.Access Session Data

@app.route('/profile')
def profile():
    user = session.get('username')
    return f'Welcome, {user}' if user else 'Not logged in'

#4.Clear Session

@app.route('/logout')
def logout():
    session.pop('username', None)
    return 'Logged out'

In [None]:
#9.How do you redirect to a different route in Flask

from flask import redirect, url_for
@app.route("/go")
def go():
    return redirect(url_for("home"))


In [None]:
#10.How do you handle errors in Flask (e.g., 404)

from flask import Flask, render_template

app = Flask(__name__)

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html'), 404

@app.errorhandler(500)
def internal_error(e):
    return render_template('500.html'), 500


In [None]:
#11. How do you structure a Flask app using Blueprints

from flask import Blueprint
bp = Blueprint("admin", __name__, url_prefix="/admin")

@bp.route("/dashboard")
def dashboard():
    return "Admin Dashboard"

app.register_blueprint(bp)


In [None]:
#12. How do you define a custom Jinja filter in Flask

@app.template_filter("reverse")
def reverse_filter(s):
    return s[::-1]


In [None]:
#13. How can you redirect with query parameters in Flask

from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return redirect(url_for('search', q='flask', page=2))

@app.route('/search')
def search():
    # Access query parameters using request.args
    from flask import request
    query = request.args.get('q')
    page = request.args.get('page')
    return f'Searching for "{query}" on page {page}'


In [None]:
#14. How do you return JSON responses in Flask

from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    data = {'name': 'Alice', 'age': 30}
    return jsonify(data)


In [None]:
#15. How do you capture URL parameters in Flask


@app.route('/user/<username>')
def show_user(username):
    return f'Hello, {username}!'

