# Assignment: RESTful API & Flask

This notebook contains theory questions with detailed answers and practical questions with executable code examples.

## Theory Questions

### Q1. What is a RESTful API?

**Answer:**
A **RESTful API** is an application programming interface that conforms to the architectural principles of REST (Representational State Transfer). It exposes resources identified by URLs and manipulates them using standard HTTP methods such as GET, POST, PUT, PATCH, and DELETE. RESTful APIs are stateless, cacheable, and leverage uniform interfaces, making them simple, scalable, and language‑agnostic.

### Q2. Explain the concept of API specification.

**Answer:**
An **API specification** is a formal, machine‑readable contract (e.g., OpenAPI/Swagger) that describes every endpoint, HTTP method, parameter, request/response schema, authentication scheme, and status code of an API. It serves as a single source of truth for developers, supports code generation, documentation, testing, and ensures that client and server teams share the same expectations.

### Q3. What is Flask, and why is it popular for building APIs?

**Answer:**
**Flask** is a lightweight, micro web framework for Python. It is popular for building APIs because it is minimal (no enforced project structure), easy to learn, has excellent documentation, and can be extended with a rich ecosystem of extensions (Flask‑RESTful, Flask‑SQLAlchemy, Flask‑JWT‑Extended, etc.) to add ORM, authentication, and more.

### Q4. What is routing in Flask?

**Answer:**
**Routing** in Flask is the mechanism that maps a URL path to a Python view function. Each route defines which code should run when a particular HTTP request (path + method) is received.

### Q5. How do you create a simple Flask application?

**Answer:**
Install Flask (`pip install flask`), then:
```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def home():
    return 'Hello, Flask!'

if __name__ == '__main__':
    app.run(debug=True)
```

### Q6. What are HTTP methods used in RESTful APIs?

**Answer:**
Typical HTTP methods are **GET** (retrieve), **POST** (create), **PUT** (replace), **PATCH** (partial update), **DELETE** (remove), **HEAD**, and **OPTIONS**.

### Q7. What is the purpose of the @app.route() decorator in Flask?

**Answer:**
`@app.route()` registers a view function for a given URL rule and optional list of HTTP methods, enabling Flask’s internal router to dispatch matching requests to that function.

### Q8. What is the difference between GET and POST HTTP methods?

**Answer:**
**GET** requests retrieve data and should have no side effects; parameters are passed in the URL. **POST** requests submit data to be processed (create side effects) and usually send payloads in the body.

### Q9. How do you handle errors in Flask APIs?

**Answer:**
Use the `abort()` helper or register custom error handlers with `@app.errorhandler(code)`. Return JSON error messages with appropriate HTTP status codes to help clients handle failures gracefully.

### Q10. How do you connect Flask to a SQL database?

**Answer:**
Configure a database URI (`SQLALCHEMY_DATABASE_URI`) and use SQLAlchemy or an extension such as **Flask‑SQLAlchemy** to create an engine, models, and sessions. For raw connections you can use `pymysql` or similar drivers.

### Q11. What is the role of Flask‑SQLAlchemy?

**Answer:**
**Flask‑SQLAlchemy** is an ORM extension that integrates SQLAlchemy with Flask’s application context—handling engine, sessions, migrations, and CLI commands—simplifying database access.

### Q12. What are Flask blueprints, and how are they useful?

**Answer:**
**Blueprints** are components that encapsulate a related set of routes, templates, and static files. They enable modular application architecture and make large projects easier to maintain, test, and reuse.

### Q13. What is the purpose of Flask's request object?

**Answer:**
`flask.request` represents the current incoming HTTP request. It exposes headers, query parameters, form data, JSON payloads, files, and metadata such as method and URL.

### Q14. How do you create a RESTful API endpoint using Flask?

**Answer:**
Define a route that accepts the desired methods and returns a JSON response, e.g.:
```python
@app.route('/api/v1/items', methods=['GET'])
def list_items():
    return jsonify(items)
```

### Q15. What is the purpose of Flask's jsonify() function?

**Answer:**
`jsonify()` converts Python dicts/lists into a `Response` object with `application/json` MIME type and UTF‑8 encoding, plus handles serialisation of common data types safely.

### Q16. Explain Flask’s url_for() function.

**Answer:**
`url_for('home', page=2)` builds a fully qualified URL to the endpoint (view function `home`) using the application’s URL map. It avoids hard‑coding URLs and works even if the route changes.

### Q17. How does Flask handle static files (CSS, JavaScript, etc.)?

**Answer:**
Flask serves static files from the `/static` folder automatically (mapped to `/static/<filename>`). You can configure the folder or add other static routes if needed.

### Q18. What is an API specification, and how does it help in building a Flask API?

**Answer:**
An API specification (see above) acts as a design blueprint, guiding consistent endpoint naming, parameter validation, automated documentation, and mocking when building a Flask API.

### Q19. What are HTTP status codes, and why are they important in a Flask API?

**Answer:**
**HTTP status codes** (e.g., 200 OK, 404 Not Found, 500 Internal Server Error) convey the outcome of the request, allowing client applications to programmatically react to success or failure.

### Q20. How do you handle POST requests in Flask?

**Answer:**
Declare `methods=['POST']` on the route and access :
```python
@app.route('/users', methods=['POST'])
def create_user():
    data = request.get_json()
    # process...
```

### Q21. How would you secure a Flask API?

**Answer:**
Use HTTPS, JWT/OAuth2 authentication, input validation (e.g., Marshmallow, pydantic), rate‑limiting (Flask‑Limiter), CORS headers, CSRF protection, and secure configuration of secret keys.

### Q22. What is the significance of the Flask‑RESTful extension?

**Answer:**
**Flask‑RESTful** adds a Resource‑based class API, request parsing/validation, and automatic conversion to JSON, reducing boilerplate for building RESTful services.

### Q23. What is the role of Flask’s session object?

**Answer:**
`flask.session` stores per‑client data on the server side using signed cookies by default. It supports user login tracking, shopping carts, and other stateful behavior across requests.

## Practical Questions

### Practical Q1. How do you create a basic Flask application?

In [None]:
from flask import Flask
app = Flask(__name__)

@app.route('/')
def home():
    return 'Hello, World!'

if __name__ == '__main__':
    app.run(debug=True)

### Practical Q2. How do you serve static files like images or CSS in Flask?

In [None]:
# Place files under the 'static' folder.
# Access them via /static/style.css in your templates or browser.

### Practical Q3. How do you define different routes with different HTTP methods in Flask?

In [None]:
from flask import Flask, request, jsonify
app = Flask(__name__)

@app.route('/items', methods=['GET', 'POST'])
def items():
    if request.method == 'GET':
        return jsonify({'items': []})
    else:
        data = request.json
        return jsonify({'created': data}), 201

### Practical Q4. How do you render HTML templates in Flask?

In [None]:
from flask import Flask, render_template
app = Flask(__name__)

@app.route('/hello')
def hello():
    return render_template('hello.html', name='Flask')

### Practical Q5. How can you generate URLs for routes in Flask using url_for?

In [None]:
from flask import Flask, url_for
app = Flask(__name__)

@app.route('/')
def index():
    return f"Go to {url_for('profile', username='john')}"

@app.route('/user/<username>')
def profile(username):
    return f'Profile: {username}'

### Practical Q6. How do you handle forms in Flask?

In [None]:
from flask import Flask, render_template, request
app = Flask(__name__)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        user = request.form['username']
        return f'Logged in as {user}'
    return render_template('login.html')

### Practical Q7. How can you validate form data in Flask?

In [None]:
from flask_wtf import FlaskForm
from wtforms import StringField
from wtforms.validators import DataRequired
class MyForm(FlaskForm):
    name = StringField('name', validators=[DataRequired()])

### Practical Q8. How do you manage sessions in Flask?

In [None]:
from flask import Flask, session, redirect, url_for, request
app = Flask(__name__)
app.secret_key = 'supersecret'

@app.route('/set')
def set_session():
    session['user'] = 'Alice'
    return 'session set'

@app.route('/get')
def get_session():
    return session.get('user', 'not set')

### Practical Q9. How do you redirect to a different route in Flask?

In [None]:
from flask import Flask, redirect, url_for
app = Flask(__name__)

@app.route('/old')
def old():
    return redirect(url_for('new'))

@app.route('/new')
def new():
    return 'New page'

### Practical Q10. How do you handle errors in Flask (e.g., 404)?

In [None]:
from flask import Flask, jsonify
app = Flask(__name__)

@app.errorhandler(404)
def not_found(e):
    return jsonify(error='Not Found'), 404

### Practical Q11. How do you structure a Flask app using Blueprints?

In [None]:
from flask import Flask, Blueprint
bp = Blueprint('api', __name__, url_prefix='/api')

@bp.route('/ping')
def ping():
    return 'pong'

app = Flask(__name__)
app.register_blueprint(bp)

### Practical Q12. How do you define a custom Jinja filter in Flask?

In [None]:
from flask import Flask
app = Flask(__name__)

@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

### Practical Q13. How can you redirect with query parameters in Flask?

In [None]:
from flask import Flask, redirect, url_for, request
app = Flask(__name__)

@app.route('/search')
def search():
    query = request.args.get('q')
    return f'Search results for {query}'

@app.route('/go')
def go():
    return redirect(url_for('search', q='flask'))

### Practical Q14. How do you return JSON responses in Flask?

In [None]:
from flask import Flask, jsonify
app = Flask(__name__)

@app.route('/json')
def json_route():
    return jsonify(message='Hello JSON')

### Practical Q15. How do you capture URL parameters in Flask?

In [None]:
from flask import Flask
app = Flask(__name__)

@app.route('/user/<int:id>')
def user(id):
    return f'User ID = {id}'