### 1. What is a RESTful API?

A RESTful API is an application programming interface that conforms to the principles of REST (Representational State Transfer). It uses standard HTTP methods (GET, POST, PUT, DELETE, etc.) to perform operations on resources, which are identified by URLs (endpoints). RESTful APIs are stateless: each request from a client contains all information needed for the server to process it. Responses are usually structured in human- and machine-readable formats like JSON or XML. The design emphasizes scalability, simplicity, and a uniform interface so that different clients (web browsers, mobile apps, services) can interact with the API in a predictable way.


### 2. Explain the concept of API specification.

An API specification is a formal description of how clients should interact with an API: its available endpoints, request and response formats, required parameters, authentication methods, error codes, and other constraints. Specifications such as OpenAPI (formerly Swagger) provide a machine-readable, versioned contract that helps developers, testers, and documentation tools generate client libraries, server stubs, and interactive documentation. A clear specification reduces ambiguity, improves interoperability, and makes it easier to maintain and test APIs across development teams.


### 3. What is Flask, and why is it popular for building APIs?

Flask is a lightweight Python web framework that provides the essentials to build web applications and APIs without imposing a lot of structure. It is popular for API development because of its simplicity, minimal boilerplate, clear routing model, built-in development server, and a rich ecosystem of extensions (e.g., Flask-SQLAlchemy, Flask-RESTful, Flask-Migrate). Flask's small core makes it easy to understand and fast to prototype while allowing developers to add only the components they need, which is ideal for RESTful microservices and educational projects.


### 4. What is routing in Flask?

Routing in Flask is the mechanism that matches incoming HTTP requests (based on URL paths and methods) to Python functions (view functions or route handlers). Developers use decorators like @app.route('/path') to register functions that will be executed when a client requests that path. Routing supports variable parts in URLs, HTTP method specification, and allows clean, RESTful endpoint design.


### 5. How do you create a simple Flask application?

To create a simple Flask application, install Flask (pip install flask), then create a Python file where you import Flask, instantiate the application object, define route handlers with @app.route, and run the app. For example:

```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello():
    return 'Hello, world!'

if __name__ == '__main__':
    app.run(debug=True)
```
This minimal app runs a development server and responds to HTTP requests to '/'.


### 6. What are HTTP methods used in RESTful APIs?

Common HTTP methods used in RESTful APIs are GET (retrieve a resource), POST (create a new resource), PUT (replace an existing resource), PATCH (partially update a resource), DELETE (remove a resource), and sometimes HEAD or OPTIONS for metadata and preflight checks. Each method has semantic meaning: for example, GET is safe and idempotent (it should not change server state), while POST typically creates server-side state and is not idempotent.


### 7. What is the purpose of the @app.route() decorator in Flask?

The @app.route() decorator registers a URL rule with the Flask application. It associates a URL path (and optionally allowed HTTP methods) with the following Python function so that when a request arrives matching that path and method, Flask invokes that function and returns its response. Using decorators keeps route definitions close to their handler logic for readability and organization.


### 8. What is the difference between GET and POST HTTP methods?

GET and POST differ in semantics and usage. GET requests retrieve data and should have no side effects; they encode parameters in the URL (query string) and are cacheable and bookmarkable. POST requests submit data to be processed on the server (e.g., create a resource), send data in the request body, may change server state, and are not generally cached or bookmarked. Security considerations also differ: sensitive data should not be sent in a GET query string as it may be logged or cached.


### 9. How do you handle errors in Flask APIs?

Error handling in Flask can be done by returning appropriate HTTP status codes and JSON or HTML error payloads, using try/except blocks within route handlers, and by registering error handlers with @app.errorhandler(status_code) for global handling of specific statuses (e.g., 404 or 500). In APIs, it is common to return structured error responses with keys like 'message' and 'code' to make debugging and client-side handling easier.


### 10. How do you connect Flask to a SQL database?

You can connect Flask to a SQL database either directly using a database driver (like psycopg2 for PostgreSQL, pymysql for MySQL, or sqlite3 for SQLite) or by using an ORM (Object Relational Mapper) like SQLAlchemy or Flask-SQLAlchemy extension. Typically you configure a database URI in the Flask app config (e.g., SQLALCHEMY_DATABASE_URI), initialize the ORM or connection, define models, and use sessions or connections to query and commit transactions.


### 11. What is the role of Flask-SQLAlchemy?

Flask-SQLAlchemy is a Flask extension that integrates SQLAlchemy ORM with Flask, simplifying setup and providing patterns that play well with Flask's app context. It manages connections, config, and model definitions, and offers a convenient 'db' object to define models and interact with the database. Using Flask-SQLAlchemy reduces boilerplate and makes database operations more Pythonic and maintainable.


### 12. What are Flask blueprints, and how are they useful?

Flask blueprints provide a way to structure and modularize applications by grouping related routes, templates, static files, and other code into reusable components. Blueprints let you register a set of routes with a URL prefix and optionally create pluggable application components. They are very useful for larger projects where separating authentication, API endpoints, admin panels, and front-end views improves maintainability and team collaboration.


### 13. What is the purpose of Flask's request object?

Flask's request object represents the incoming HTTP request and provides access to data such as query parameters (request.args), form data (request.form), JSON payloads (request.get_json()), headers (request.headers), files (request.files), and other metadata. It is a context-local object, meaning it is safe to access within request handling functions and will reflect the current request automatically.


### 14. How do you create a RESTful API endpoint using Flask?

To create a RESTful endpoint in Flask, define a route corresponding to the resource path and implement handlers for the relevant HTTP methods. For example, to manage 'books' you might create endpoints like GET /books (list), GET /books/<id> (retrieve), POST /books (create), PUT /books/<id> (update), DELETE /books/<id> (delete). Each handler parses input, interacts with the database or business logic, and returns JSON responses with proper status codes.


### 15. What is the purpose of Flask's jsonify() function?

jsonify() converts Python dictionaries, lists, and other serializable objects into a Flask Response object with application/json content type and properly encoded JSON. It also handles setting the correct mimetype and returns a Response that can include a status code. Using jsonify ensures consistent JSON serialization and avoids manual header manipulation.


### 16. Explain Flask’s url_for() function.

url_for() generates the URL for a given endpoint (the Python function name) using the application's routing map. Instead of hard-coding URLs in templates or code, url_for('endpoint', **values) will compute the correct path and inject variable parts. This makes refactoring easier (routes change in one place) and supports URL building in templates and redirects.


### 17. How does Flask handle static files (CSS, JavaScript, etc.)?

Flask serves static files from the 'static' folder by default. Files placed in that folder are accessible via the '/static/<filename>' URL path. In templates, you typically use url_for('static', filename='css/styles.css') to get the correct path. For production deployments, it's common to let a web server (nginx, Apache) or CDN serve static files for performance and caching control.


### 18. What is an API specification, and how does it help in building a Flask API?

An API specification, such as OpenAPI, describes endpoints, request/response models, authentication, and error formats in a machine-readable document. When building a Flask API, a specification helps define a concrete contract that developers implement and test against, facilitates auto-generated API docs (Swagger UI), enables client SDK generation, and improves collaboration between backend and frontend teams by removing ambiguity.


### 19. What are HTTP status codes, and why are they important in a Flask API?

HTTP status codes are standardized numbers that indicate the result of an HTTP request (e.g., 200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500 Internal Server Error). They are important because clients rely on them to determine success or failure, to implement conditional behavior, and to debug issues. Returning the correct status codes in a Flask API communicates intent and helps ensure interoperable clients.


### 20. How do you handle POST requests in Flask?

In Flask, handle POST requests by defining a route that accepts 'POST' in its methods parameter, then access submitted data via request.form for form-encoded data or request.get_json() for JSON payloads. Validate input, perform the necessary business logic (e.g., create a database record), and return an appropriate response with status code (commonly 201 Created on success) and any created resource or metadata.


### 21. How would you secure a Flask API?

Securing a Flask API involves several layers: require authentication (tokens, JWTs, OAuth2), use HTTPS to encrypt traffic, validate and sanitize inputs to prevent injection attacks, enforce rate limiting and CORS policies, manage secrets securely, and ensure proper authorization checks for resource access. Use established libraries (Flask-JWT-Extended, Flask-Login, Flask-Limiter) and follow best practices for session management, password storage, and dependency updates.


### 22. What is the significance of the Flask-RESTful extension?

Flask-RESTful is an extension that provides helpful abstractions for building REST APIs with Flask, such as resource classes, request parsing, and automatic route registration. It can simplify repetitive tasks of mapping HTTP methods to class methods and offers tools to serialize responses and handle errors consistently. While not mandatory, it speeds up development and organizes resources in an object-oriented manner.


### 23. What is the role of Flask’s session object?

Flask's session object provides a way to store user-specific data across requests using signed cookies by default (client-side sessions). It allows you to keep small, non-sensitive pieces of state like 'user_id' or 'preferences' and is protected against tampering using the app's secret key. For server-side sessions, extensions or custom backends (Redis, database) can be used for larger or sensitive session data.


### 24. How do you serve static files like images or CSS in Flask?

Place the files inside the 'static' directory of the Flask project. They are then served automatically at the '/static/<path:filename>' URL. Use url_for('static', filename='path/to/file') in templates to build correct references. For production, static files are often offloaded to a web server or CDN for better performance.


### 25. How do you define different routes with different HTTP methods in Flask?

When registering a route with @app.route, pass the methods parameter, e.g., @app.route('/resource', methods=['GET','POST']). Flask will dispatch incoming requests to that function only if the method matches one of the listed ones. Alternatively, use separate handler functions or classes (with Flask-RESTful Resource classes) for cleaner organization.


### 26. How do you render HTML templates in Flask?

Use Flask's 'render_template' function along with template files placed in a 'templates' directory. The templates are usually written using Jinja2 templating language. For example: return render_template('index.html', title='Home', data=my_data). Jinja2 allows loops, conditionals, template inheritance, and filters to produce dynamic HTML.


### 27. How can you generate URLs for routes in Flask using url_for

Use url_for('endpoint_name', **values) where 'endpoint_name' is the function name of the route. For example, url_for('profile', username='alice') might return '/user/alice'. In templates, use {{ url_for('static', filename='css/main.css') }} to reference static assets. url_for respects application context and handles URL building when app prefixes or blueprints are in use.


### 28. How do you handle forms in Flask

Forms in Flask can be handled by reading request.form for form-encoded data and request.files for uploaded files. Flask-WTF is a popular extension that integrates WTForms for form rendering, CSRF protection, and validation. Typical flow: render a form template, submit to an endpoint, validate input on server-side, persist or act on the data, and redirect or return a response.


### 29. How can you validate form data in Flask

You can validate form data manually in the route handler (check required fields, types, lengths, patterns) or use libraries like WTForms/Flask-WTF which provide declarative validators (DataRequired, Email, Length). For JSON APIs, use schema validation libraries like marshmallow or pydantic to validate and deserialize incoming payloads.


### 30. How do you manage sessions in Flask

Manage sessions using Flask's session object for small client-side data, or configure server-side session storage with extensions (Flask-Session using Redis, filesystem, or database). Secure sessions by setting a strong SECRET_KEY, enabling HTTPS-only cookies (SESSION_COOKIE_SECURE), and using appropriate timeouts and rotation strategies for sensitive data.


### 31. How do you redirect to a different route in Flask

Return redirect(url_for('endpoint')) from a route to send an HTTP 302 redirect to the client. The url_for call ensures correct path generation. For permanent redirects use redirect(url_for('endpoint'), code=301). Redirects are commonly used after form submissions (Post/Redirect/Get pattern) to avoid duplicate submissions.


### 32. How do you handle errors in Flask (e.g., 404)

Handle errors by registering global error handlers with @app.errorhandler(404) or by raising HTTPException subclasses to signal different statuses. For APIs, ensure that error handlers return JSON error objects with appropriate status codes. You can also configure custom error pages for HTML responses.


### 33. How do you structure a Flask app using Blueprints

Create blueprint objects (Blueprint('bp_name', __name__, url_prefix='/prefix')) and define routes on the blueprint. Then register the blueprint with app.register_blueprint(bp). Split code into modules for auth, api, admin, etc., each with their own blueprint, templates, and static folders if necessary. This modular structure improves testability and teamwork.


### 34. How do you define a custom Jinja filter in Flask

Define a Python function that performs the transformation and register it with app.template_filter('filtername') or app.add_template_filter(func, 'filtername'). Then use it in templates like {{ value|filtername }}. Custom filters are helpful for formatting dates, currency, or text transformations consistently across templates.


### 35. How can you redirect with query parameters in Flask

Build the target URL with url_for and pass query parameters as additional arguments to url_for, e.g., redirect(url_for('search', q='term', page=2)). Flask will include those as query string parameters. Alternatively, manually construct the URL string or use urllib.parse to encode parameters.


### 36. How do you return JSON responses in Flask

Return JSON by using jsonify(data) or by returning a tuple (json.dumps(data), status, {'Content-Type': 'application/json'}) though jsonify is preferred. Ensure that the response uses the correct status code and structure so clients can parse it reliably.


### 37. How do you capture URL parameters in Flask?

Define variables in the route path like @app.route('/user/<username>') and accept them as function arguments (def profile(username):). For typed parameters, use converters like <int:id> or <float:val> which automatically convert and validate the path segment.


### Practical Q1: Create a basic Flask application
Step-by-step: 1) Install Flask and Flask-SQLAlchemy. 2) Create app, configure DB, define models. 3) Add routes for GET/POST/PUT/DELETE. 4) Run the app.


In [None]:
# Practical Q1: Basic Flask application (example)
# Save this as app.py and run `python app.py` to start the dev server.
from flask import Flask, jsonify, request, render_template, redirect, url_for, session, abort
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SECRET_KEY'] = 'change_this_to_a_secure_random_value'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

db = SQLAlchemy(app)

# Simple model
class Item(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(80), nullable=False)

# Simple home route
@app.route('/')
def home():
    return 'Welcome to the Flask demo application.'

# Create item (POST) and list items (GET)
@app.route('/items', methods=['GET','POST'])
def items():
    if request.method == 'GET':
        items = Item.query.all()
        return jsonify([{'id':i.id,'name':i.name} for i in items]), 200
    else:
        data = request.get_json() or {}
        name = data.get('name')
        if not name:
            return jsonify({'error':'name is required'}), 400
        item = Item(name=name)
        db.session.add(item)
        db.session.commit()
        return jsonify({'id':item.id,'name':item.name}), 201

# Retrieve single item
@app.route('/items/<int:item_id>', methods=['GET','PUT','DELETE'])
def item_detail(item_id):
    item = Item.query.get_or_404(item_id)
    if request.method == 'GET':
        return jsonify({'id':item.id,'name':item.name}), 200
    elif request.method == 'PUT':
        data = request.get_json() or {}
        name = data.get('name')
        if not name:
            return jsonify({'error':'name is required'}), 400
        item.name = name
        db.session.commit()
        return jsonify({'id':item.id,'name':item.name}), 200
    else:
        db.session.delete(item)
        db.session.commit()
        return '', 204

if __name__ == '__main__':
    # Create database tables if they do not exist
    with app.app_context():
        db.create_all()
    app.run(debug=True)


### Practical Q2: Serve static files and render templates
Explanation: Place assets under 'static' and templates under 'templates'. Use url_for('static', filename=...) and render_template to generate HTML responses.


In [None]:
# Practical Q2: Serving static files & rendering templates
# Directory structure expected:
# myapp/
#   app.py
#   templates/
#     index.html
#   static/
#     css/
#       styles.css
#     images/
#       logo.png

from flask import Flask, render_template, url_for
app = Flask(__name__)

@app.route('/static-demo')
def static_demo():
    # Use url_for to reference static files in templates
    return render_template('index.html')

# Example template (templates/index.html):
index_html = '''
<!doctype html>
<html>
  <head>
    <link rel="stylesheet" href="{{ url_for('static', filename='css/styles.css') }}">
    <title>Static Demo</title>
  </head>
  <body>
    <h1>Static Files Demo</h1>
    <img src="{{ url_for('static', filename='images/logo.png') }}" alt="Logo">
  </body>
</html>
'''
print('Template example provided in the notebook. Create templates/index.html with this content to test.')


### Practical Q3: Handle forms and validate data
This example shows manual validation and Post/Redirect/Get pattern; for production, use Flask-WTF.


In [None]:
# Practical Q3: Handling forms and validation (simple manual validation)
from flask import Flask, request, redirect, url_for, render_template_string, flash
app = Flask(__name__)
app.config['SECRET_KEY'] = 'change-this'

form_template = '''
<!doctype html><title>Form Example</title>
{% with messages = get_flashed_messages() %}
  {% if messages %}
    <ul>{% for m in messages %}<li>{{ m }}</li>{% endfor %}</ul>
  {% endif %}
{% endwith %}
<form method="post" action="{{ url_for('submit_form') }}">
  <label>Name: <input name="name"></label><br>
  <label>Age: <input name="age" type="number"></label><br>
  <button type="submit">Submit</button>
</form>
'''

@app.route('/form')
def form():
    return render_template_string(form_template)

@app.route('/submit', methods=['POST'])
def submit_form():
    name = request.form.get('name','').strip()
    age = request.form.get('age','').strip()
    errors = []
    if not name:
        errors.append('Name is required.')
    try:
        age_val = int(age)
        if age_val <= 0:
            errors.append('Age must be positive.')
    except ValueError:
        errors.append('Age must be an integer.')
    if errors:
        for e in errors:
            flash(e)
        return redirect(url_for('form'))
    # On success, use PRG pattern to redirect
    flash('Form submitted successfully.')
    return redirect(url_for('form'))

# Note: For production use Flask-WTF to get CSRF protection and richer validation.


### Practical Q4: Error handling
Use @app.errorhandler to return structured errors for APIs and custom HTML for web pages.


In [None]:
# Practical Q4: Error handling and custom error pages
from flask import Flask, jsonify, render_template_string
app = Flask(__name__)

@app.errorhandler(404)
def not_found(e):
    # Return JSON for API requests or HTML for browser requests as needed
    return jsonify({'error':'Not Found','code':404}), 404

@app.errorhandler(500)
def internal_error(e):
    return jsonify({'error':'Internal Server Error','code':500}), 500

@app.route('/cause-500')
def cause_500():
    raise Exception('Intentional error to demonstrate 500 handler')

# The JSON error handlers above ensure clients receive structured errors.


### Practical Q5: Structure app with Blueprints
Create blueprints for logical modules (auth, api, admin) and register them with the app to keep code modular.


In [None]:
# Practical Q5: Using Blueprints to structure the app
# File: myapp/auth/routes.py
auth_routes = '''
from flask import Blueprint, jsonify

auth_bp = Blueprint('auth', __name__, url_prefix='/auth')

@auth_bp.route('/login', methods=['POST'])
def login():
    # handle login
    return jsonify({'message':'login endpoint'})

'''

print('Blueprint example provided. Create a blueprint module and register with app.register_blueprint(auth_bp).')


### Practical Q6: Define a custom Jinja filter
Register a Python function with @app.template_filter and use it in templates.


In [None]:
# Practical Q6: Custom Jinja filter
from flask import Flask, render_template_string
app = Flask(__name__)

@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1] if isinstance(s, str) else s

template = "{{ 'hello'|reverse }}"
print(render_template_string(template))  # outputs 'olleh'


### Practical Q7: JSON responses and URL parameters
Use route variables and request.args for path and query parameters respectively.


In [None]:
# Practical Q7: Return JSON and capture URL params
from flask import Flask, jsonify
app = Flask(__name__)

@app.route('/user/<string:username>')
def profile(username):
    return jsonify({'username': username, 'message': f'Hello, {username}'}), 200

@app.route('/search')
def search():
    # Example query: /search?q=flask&page=2
    from flask import request
    q = request.args.get('q','')
    page = int(request.args.get('page',1))
    return jsonify({'q': q, 'page': page}), 200


### Practical Q8: Secure endpoints (basic example)
For real-world auth use Flask-JWT-Extended, OAuth libraries, HTTPS, and proper secret management.


In [None]:
# Practical Q8: Simple token-based auth concept (use Flask-JWT-Extended in real projects)
from flask import Flask, request, jsonify, abort
app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret'

# Dummy token check
def token_required(fn):
    from functools import wraps
    @wraps(fn)
    def wrapper(*args, **kwargs):
        token = request.headers.get('Authorization')
        if not token or token != 'Bearer mysecrettoken':
            return jsonify({'error':'Unauthorized'}), 401
        return fn(*args, **kwargs)
    return wrapper

@app.route('/protected')
@token_required
def protected():
    return jsonify({'message':'This is protected data.'}), 200
