# What is Flask?

A lightweight Python web framework [Flask][flask]

- Very little boilerplate
- Many choices for storage back-ends, but none included in Flask itself

[flask]: http://flask.pocoo.org/


# ReST: Representational State Transfer

Everyone *says* they're restful, but...

REST has a few attributes that make it truly RESTful:

- URLs represent *resources* (i.e. nouns), not *actions* (i.e. verbs)
    - a POST to `/mailingList/createUser` is **not** RESTful
- Resources may have one or more *representations* (formats transferred over the web)
    - HTML
    - XML
    - JSON
- HTTP verbs are used to represent operations on resources
    - GET - safe & idempotent, give me the representation for a resource
    - PUT - idempotent, replace a resource at a given URL
    - PATCH - partial update to a resource at a given URL
    - DELETE - idempotent, delete a resource at a given URL
    - POST - do something else (frequently create)
- Representations must communicate their relationships to other resources via *hypertext*
    - Generally, this means representations have URLs to relate to other resources, *not* just IDs
    - Requiring knowledge of URL layout is not RESTful
    - "Hypertext as the engine of application state" or HATEOAS
    - We'll use a tiny part of a HATEOAS standard known as HAL

# Getting started - our first Flask API

- Single endpoint/resource: the root (/)
- Single representation: `{"hello": "world"}`
- Single operation: GET
- A flask **view** is a function that maps to a URL

In [None]:
!pip install -U flask

Normally, we would run flask by executing the following in the shell:


```bash
$ FLASK_APP=intro_flask.app1 FLASK_ENV=development flask run
```

In [None]:
!which flask

In [None]:
%%file data/flask-examples/app1.py
import flask

app = flask.Flask(__name__)

@app.route('/')
def get_root():
    return flask.jsonify(hello='world')

Watch out for .env weirdness ... flask will run from the .env directory

See https://github.com/miguelgrinberg/microblog/issues/184 for some details

In [1]:
import requests
resp = requests.get('http://localhost:5000')
resp.json()

{'hello': 'world'}

In [2]:
!curl -v localhost:5000

*   Trying 127.0.0.1:5000...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 5000 (#0)
> GET / HTTP/1.1
> Host: localhost:5000
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: application/json
< Content-Length: 23
< Server: Werkzeug/2.0.1 Python/3.8.5
< Date: Wed, 30 Jun 2021 20:44:53 GMT
< 
{
  "hello": "world"
}
* Closing connection 0


WSGI - web server gateway interface

# Handling url parameters

In [3]:
%%file data/flask-examples/app2.py
import flask

app = flask.Flask(__name__)

@app.route('/')
def get_root():
    return flask.jsonify(hello='world')

@app.route('/<name>')
def get_name(name):
    print(flask.request.args)
    return flask.jsonify(hello=name, args=flask.request.args)

Overwriting data/flask-examples/app2.py


In [4]:
requests.get('http://localhost:5000').json()

{'hello': 'world'}

In [5]:
requests.get('http://localhost:5000/Rick').json()

{'args': {}, 'hello': 'Rick'}

In [6]:
requests.get('http://localhost:5000/Rick?a=1&b=2').json()

{'args': {'a': '1', 'b': '2'}, 'hello': 'Rick'}

# Handling JSON data

The code used below requires that the request be sent with `Content-Type: application/json`

In [7]:
%%file data/flask-examples/app3.py
import flask

app = flask.Flask(__name__)

state = {'name': 'world'}

@app.route('/')
def get_root():
    return flask.jsonify(hello=state['name'])

@app.route('/', methods=['PUT'])
def set_name():
    body = flask.request.json  # resolves to None if no valid JSON Content-Type header
    state['name'] = body['name']
    return flask.jsonify(name=state['name'])

Overwriting data/flask-examples/app3.py


In [8]:
requests.put('http://localhost:5000', json=dict(name='Intuit'))

<Response [200]>

In [9]:
_8.json()

{'name': 'Intuit'}

In [10]:
requests.get('http://localhost:5000').json()

{'hello': 'Intuit'}

In [11]:
!curl localhost:5000

{
  "hello": "Intuit"
}


In [12]:
!curl -XPUT -H 'Content-Type: application/json' -d '{"name": "Rick"}' localhost:5000 

{
  "name": "Rick"
}


In [13]:
!curl localhost:5000

{
  "hello": "Rick"
}


In [14]:
requests.put('http://localhost:5000', json=dict(name='VMware'))

<Response [200]>

In [15]:
!curl localhost:5000

{
  "hello": "VMware"
}


# Using auth data (basic) & URL generation

In [18]:
%%file data/flask-examples/app4.py
import flask

app = flask.Flask(__name__)

@app.route('/profile/<username>')
def get_profile(username):
    return flask.jsonify(username=username)

@app.route('/userinfo')
def get_userinfo():
    username = flask.request.authorization['username']
    profile_url = flask.url_for(
        'get_profile', username=username, 
        _external=True
    )
    return flask.jsonify(
        _links={'profile': profile_url},
        username=username,
        # don't do this in production, obviously
        password=flask.request.authorization['password'] ,
        headers=dict(flask.request.headers)
    )

Overwriting data/flask-examples/app4.py


In [19]:
requests.get('http://localhost:5000/userinfo')

<Response [500]>

In [20]:
resp = requests.get('http://localhost:5000/userinfo', auth=('user', 'pass'))
resp.json()

{'_links': {'profile': 'http://localhost:5000/profile/user'},
 'headers': {'Accept': '*/*',
  'Accept-Encoding': 'gzip, deflate',
  'Authorization': 'Basic dXNlcjpwYXNz',
  'Connection': 'keep-alive',
  'Host': 'localhost:5000',
  'User-Agent': 'python-requests/2.25.1'},
 'password': 'pass',
 'username': 'user'}

In [23]:
resp = requests.get('http://localhost:5000/profile/Loki', auth=('user', 'pass'))
resp.json()

{'username': 'Loki'}

In [24]:
!curl rick:secret@localhost:5000/userinfo

{
  "_links": {
    "profile": "http://localhost:5000/profile/rick"
  }, 
  "headers": {
    "Accept": "*/*", 
    "Authorization": "Basic cmljazpzZWNyZXQ=", 
    "Host": "localhost:5000", 
    "User-Agent": "curl/7.68.0"
  }, 
  "password": "secret", 
  "username": "rick"
}


In [25]:
!curl -u rick:secret localhost:5000/userinfo

{
  "_links": {
    "profile": "http://localhost:5000/profile/rick"
  }, 
  "headers": {
    "Accept": "*/*", 
    "Authorization": "Basic cmljazpzZWNyZXQ=", 
    "Host": "localhost:5000", 
    "User-Agent": "curl/7.68.0"
  }, 
  "password": "secret", 
  "username": "rick"
}


In [26]:
requests.get('http://localhost:5000/userinfo', auth=("DevelopIntelligence", "rocks")).json()

{'_links': {'profile': 'http://localhost:5000/profile/DevelopIntelligence'},
 'headers': {'Accept': '*/*',
  'Accept-Encoding': 'gzip, deflate',
  'Authorization': 'Basic RGV2ZWxvcEludGVsbGlnZW5jZTpyb2Nrcw==',
  'Connection': 'keep-alive',
  'Host': 'localhost:5000',
  'User-Agent': 'python-requests/2.25.1'},
 'password': 'rocks',
 'username': 'DevelopIntelligence'}

# The task: build a REST API for a blog in Flask

- What are our resources?
- What are the operations on the resources?
- What representation(s) do we want to use for each resource?

# Building the blog article API

## Resource structure

```
{
    _links: {self: <link_to_article>},
    postedDate: ...,
    authorName: ...,
    title: ...,
    body: ...,
}
```

## URL structure

- / 
    - GET: return `{_links: {articles: /article}}`
- /article
    - GET: return list of articles
    - POST: create and return a new article
- `/article/<article_id>` - return a single article
    - GET: return the article
    - PUT: update the article
    - DELETE: delete the article



In [27]:
%%file data/flask-examples/app5.py
from datetime import datetime
from uuid import uuid4

import flask
from flask import Flask, jsonify, request, abort


app = Flask(__name__)

state = {
    'articles': {
        uuid4().hex: {
            'postedDate': datetime.utcnow(),
            'authorName': 'rick',
            'title': 'first!',
            'body': 'First post!'
        }
    }
}

def url_for(*args, **kwargs):
    return flask.url_for(*args, _external=True, **kwargs)

# /post/123 - *not* _external=True
# http://localhost:5000/post/123 - _external=True


@app.route('/')
def get_root():
    return jsonify(_links={
        'self': url_for('get_root'),
        'articles': url_for('get_articles')
    })

@app.route('/article')
def get_articles():
    article_links = [
        url_for('get_article', id=id) 
        for id in state['articles']
    ]
    return jsonify(
        _links={'self': url_for('get_articles')},
        data=[
            dict(_links=dict(self=link)) 
            for link in article_links
        ]
    )

@app.route('/article/<id>')
def get_article(id):
    # post = state['articles'][id]  # could generate a KeyError => 500 Error
    article = state['articles'].get(id)
    if article is None:
        abort(404)
    return jsonify(
        _links={'self': url_for('get_article', id=id)},
        postedDate=article['postedDate'].isoformat(),
        authorName=article['authorName'],
        title=article['title'],
        body=article['body']
    )

Overwriting data/flask-examples/app5.py


In [28]:
r_dir = requests.get('http://localhost:5000').json()
r_dir

{'_links': {'articles': 'http://localhost:5000/article',
  'self': 'http://localhost:5000/'}}

In [29]:
r_dir['_links']['articles']

'http://localhost:5000/article'

In [30]:
from glom import glom

r_articles = requests.get(glom(r_dir, '_links.articles')).json()
r_articles

{'_links': {'self': 'http://localhost:5000/article'},
 'data': [{'_links': {'self': 'http://localhost:5000/article/140f7360b3c54c048068f94848104b82'}}]}

In [31]:
r_article = requests.get(glom(r_articles, 'data.0._links.self')).json()
r_article

{'_links': {'self': 'http://localhost:5000/article/140f7360b3c54c048068f94848104b82'},
 'authorName': 'rick',
 'body': 'First post!',
 'postedDate': '2021-06-30T21:06:36.046805',
 'title': 'first!'}

In [32]:
!curl localhost:5000

{
  "_links": {
    "articles": "http://localhost:5000/article", 
    "self": "http://localhost:5000/"
  }
}


In [33]:
!curl localhost:5000/article

{
  "_links": {
    "self": "http://localhost:5000/article"
  }, 
  "data": [
    {
      "_links": {
        "self": "http://localhost:5000/article/140f7360b3c54c048068f94848104b82"
      }
    }
  ]
}


In [35]:
root = requests.get('http://localhost:5000').json()
print('root is', root)
articles = requests.get(root['_links']['articles']).json()
print('articles is', articles)
article = requests.get(articles['data'][0]['_links']['self']).json()
print('article is', article)


root is {'_links': {'articles': 'http://localhost:5000/article', 'self': 'http://localhost:5000/'}}
articles is {'_links': {'self': 'http://localhost:5000/article'}, 'data': [{'_links': {'self': 'http://localhost:5000/article/140f7360b3c54c048068f94848104b82'}}]}
article is {'_links': {'self': 'http://localhost:5000/article/140f7360b3c54c048068f94848104b82'}, 'authorName': 'rick', 'body': 'First post!', 'postedDate': '2021-06-30T21:06:36.046805', 'title': 'first!'}


In [36]:
article

{'_links': {'self': 'http://localhost:5000/article/140f7360b3c54c048068f94848104b82'},
 'authorName': 'rick',
 'body': 'First post!',
 'postedDate': '2021-06-30T21:06:36.046805',
 'title': 'first!'}

# Aside: `glom` can be handy for consuming deeply nested dicts like this

In [37]:
!pip install glom

Looking in links: /home/rick446/src/wheelhouse
You should consider upgrading via the '/home/rick446/.virtualenvs/classes/bin/python -m pip install --upgrade pip' command.[0m


In [38]:
from glom import glom

In [39]:
root = requests.get('http://localhost:5000').json()
articles = requests.get(glom(root, '_links.articles')).json()
article = requests.get(glom(articles, 'data.0._links.self')).json()
article

{'_links': {'self': 'http://localhost:5000/article/140f7360b3c54c048068f94848104b82'},
 'authorName': 'rick',
 'body': 'First post!',
 'postedDate': '2021-06-30T21:06:36.046805',
 'title': 'first!'}

## Modifying articles

In [40]:
%%file data/flask-examples/app6.py
from datetime import datetime
from uuid import uuid4

import flask
from flask import Flask, jsonify, request, abort


app = Flask(__name__)

state = {
    'articles': { }
#         uuid4().hex: {
#             'postedDate': datetime.utcnow(),
#             'authorName': 'rick',
#             'title': 'first!',
#             'body': 'First post!'
#         }
#     }
}

def url_for(*args, **kwargs):
    return flask.url_for(*args, _external=True, **kwargs)

@app.route('/')
def get_root():
    return jsonify(_links={'articles': url_for('get_articles')})

@app.route('/article')
def get_articles():
    links = [url_for('get_article', id=id) for id in state['articles']]
    return jsonify(
        _links={'self': url_for('get_articles')},
        data=[dict(_links=dict(self=link)) for link in links])

@app.route('/article', methods=['POST'])
def create_article():
    _id = uuid4().hex
    article = {
        'postedDate': datetime.utcnow(),
        'authorName': request.authorization.username,
        'request_args': request.args,
        **request.json   # json.loads(request.text)
    }
    # if you don't like the **syntax, you can also article.update(request.json)
    state['articles'][_id] = article
    result = jsonify_article(_id, article)
    result.headers['Location'] = url_for('get_article', id=_id)
    return result, 201

@app.route('/article/<id>')
def get_article(id):
    article = state['articles'].get(id)
    if not article:
        abort(404)
    return jsonify_article(id, article)

@app.route('/article/<id>', methods=['PUT'])
def update_article(id):
    article = state['articles'].get(id)
    if not article:
        abort(404)
    article = {
        'postedDate': datetime.utcnow(),
        'authorName': request.authorization.username,
        **request.json  # python 3.5?6?
    }
    # post.update(request.json)
    state['articles'][id] = article
    return jsonify_article(id, article)

@app.route('/article/<id>', methods=['DELETE'])
def delete_article(id):
    state['articles'].pop(id, None)
    return '', 204

def jsonify_article(id, article, **kwargs):
    return jsonify(
        _links={'self': url_for('get_article', id=id)},
        postedDate=article['postedDate'].isoformat(),
        authorName=article['authorName'],
        title=article['title'],
        body=article['body'],
        request_args=article.get('request_args', None)
    )
    

Overwriting data/flask-examples/app6.py


In [41]:
sess = requests.Session()
sess.auth = ('rick', 'password')

root = sess.get('http://localhost:5000').json()
articles_url = glom(root, '_links.articles')
articles_url

'http://localhost:5000/article'

In [42]:
from pprint import pprint

resp = sess.post(
    articles_url, 
    json=dict(title='First!', body="First post!"),
    params={'something else': 'entirely'}
)
pprint(resp.headers['Location'])

'http://localhost:5000/article/939fb2944e02402aa4c983156f59c9e2'


In [43]:
article1 = resp.json()
article1

{'_links': {'self': 'http://localhost:5000/article/939fb2944e02402aa4c983156f59c9e2'},
 'authorName': 'rick',
 'body': 'First post!',
 'postedDate': '2021-06-30T21:17:13.406926',
 'request_args': {'something else': 'entirely'},
 'title': 'First!'}

In [44]:
sess.post(articles_url, json=dict(title='Second!', body="Second post!"))
sess.post(articles_url, json=dict(title='Third!', body="Another post!"))

<Response [201]>

In [45]:
articles =sess.get(articles_url).json()
articles

{'_links': {'self': 'http://localhost:5000/article'},
 'data': [{'_links': {'self': 'http://localhost:5000/article/939fb2944e02402aa4c983156f59c9e2'}},
  {'_links': {'self': 'http://localhost:5000/article/2d494eb9683b486193890bc1a05e6b03'}},
  {'_links': {'self': 'http://localhost:5000/article/d2a38f47aa1747fba695200d276db2a9'}}]}

In [46]:
resp = sess.delete(glom(article1, '_links.self'))
pprint(sess.get(articles_url).json())

{'_links': {'self': 'http://localhost:5000/article'},
 'data': [{'_links': {'self': 'http://localhost:5000/article/2d494eb9683b486193890bc1a05e6b03'}},
          {'_links': {'self': 'http://localhost:5000/article/d2a38f47aa1747fba695200d276db2a9'}}]}


In [47]:
sess.get(glom(articles, 'data.2._links.self')).json()

{'_links': {'self': 'http://localhost:5000/article/d2a38f47aa1747fba695200d276db2a9'},
 'authorName': 'rick',
 'body': 'Another post!',
 'postedDate': '2021-06-30T21:17:38.395576',
 'request_args': {},
 'title': 'Third!'}

# Organizing code into blueprints for reusability and maintenance

In [48]:
%%file data/flask-examples/app7.py
from flask import Flask, jsonify, url_for

from . import app7_posts
from .app7_util import url_for

app = Flask(__name__)

app.register_blueprint(app7_posts.mod, url_prefix='/api')

@app.route('/')
def get_root():
    return jsonify(_links={'posts': url_for('posts.get_articles')})

Overwriting data/flask-examples/app7.py


In [49]:
%%file data/flask-examples/app7_util.py
import flask

state = {'posts': {}}

def url_for(*args, **kwargs):
    return flask.url_for(*args, _external=True, **kwargs)

Overwriting data/flask-examples/app7_util.py


In [50]:
%%file data/flask-examples/app7_posts.py
from datetime import datetime
from uuid import uuid4

import flask
from flask import Blueprint, jsonify, request, abort

from .app7_util import state, url_for

mod = Blueprint('posts', __name__)

@mod.route('/article')
def get_articles():
    post_links = [url_for('.get_article', id=id) for id in state['posts']]
    return jsonify(
        _links={
            'self': url_for('.get_articles'),
            'home': url_for('get_root'),
        },
        data=[dict(_links=dict(self=link)) for link in post_links])

@mod.route('/article', methods=['POST'])
def create_article():
    post_id = uuid4().hex
    post = {
        'postedDate': datetime.utcnow(),
        'authorName': request.authorization.username,
        **request.json
    }
    state['posts'][post_id] = post
    result = jsonify_article(post_id, post)
    result.headers['Location'] = url_for('.get_article', id=post_id)
    return result

@mod.route('/article/<id>')
def get_article(id):
    post = state['posts'].get(id)
    if not post:
        abort(404)
    return jsonify_article(id, post)

@mod.route('/article/<id>', methods=['PUT'])
def update_article(id):
    post = state['posts'].get(id)
    if not post:
        abort(404)
    post = {
        'postedDate': datetime.utcnow(),
        'authorName': request.authorization.username,
        **request.json
    }
    state['posts'][id] = post
    return jsonify_article(id, post)

@mod.route('/article/<id>', methods=['DELETE'])
def delete_article(id):
    state['posts'].pop(id)
    return '', 204

def jsonify_article(id, post, **kwargs):
    return jsonify(
        _links={'self': url_for('.get_article', id=id)},
        postedDate=post['postedDate'].isoformat(),
        authorName=post['authorName'],
        title=post['title'],
        body=post['body']
    )

Overwriting data/flask-examples/app7_posts.py


In [51]:
from pprint import pprint

sess = requests.Session()
sess.auth = ('rick', 'password')
sess.headers['Content-Type'] = 'application/json'

In [52]:
root = sess.get('http://localhost:5000').json()
posts_url = glom(root, '_links.posts')
resp = sess.post(posts_url, json=dict(title='First!', body="First post!"))
pprint(resp.headers['Location'])

'http://localhost:5000/api/article/697a4df4c3f84af2b316d91e1f7dfd86'


In [53]:
post1 = resp.json()
pprint(post1)

{'_links': {'self': 'http://localhost:5000/api/article/697a4df4c3f84af2b316d91e1f7dfd86'},
 'authorName': 'rick',
 'body': 'First post!',
 'postedDate': '2021-06-30T21:24:20.006268',
 'title': 'First!'}


In [54]:
sess.post(posts_url, json=dict(title='Second!', body="Second post!"))
sess.post(posts_url, json=dict(title='Third!', body="Another post!"))
pprint(sess.get(posts_url).json())

{'_links': {'home': 'http://localhost:5000/',
            'self': 'http://localhost:5000/api/article'},
 'data': [{'_links': {'self': 'http://localhost:5000/api/article/697a4df4c3f84af2b316d91e1f7dfd86'}},
          {'_links': {'self': 'http://localhost:5000/api/article/3a9aed9c54ab4c309c7cac6a3761e2c6'}},
          {'_links': {'self': 'http://localhost:5000/api/article/3619d0d3d25a4e578ffb47b5b1019860'}}]}


In [55]:
resp = sess.delete(glom(post1, '_links.self'))
pprint(sess.get(posts_url).json())

{'_links': {'home': 'http://localhost:5000/',
            'self': 'http://localhost:5000/api/article'},
 'data': [{'_links': {'self': 'http://localhost:5000/api/article/3a9aed9c54ab4c309c7cac6a3761e2c6'}},
          {'_links': {'self': 'http://localhost:5000/api/article/3619d0d3d25a4e578ffb47b5b1019860'}}]}


# Lab

Open the [Flask APIs lab][flask-api-lab]

[flask-api-lab]: ./flask-api-lab.ipynb