# **Restful API & Flask**



### **1. What is a RESTful API?**

A **RESTful API** is an interface that allows different software applications to communicate over the internet using the **REST (Representational State Transfer)** principles. REST uses standard **HTTP methods** like GET, POST, PUT, and DELETE to perform actions on resources. These resources are usually represented as URLs, and the data is mostly sent and received in formats such as **JSON** or **XML**.

For example, if you have an online book store:

* `GET /books` → will fetch the list of all available books.
* `GET /books/10` → will fetch the book with ID 10.
* `POST /books` → will add a new book to the store.
* `PUT /books/10` → will update details of book ID 10.
* `DELETE /books/10` → will remove that book.

The reason RESTful APIs are so popular is because they are **easy to use, scalable, and platform-independent**. Any device or application that can make HTTP requests (like browsers, mobile apps, or even IoT devices) can use them. This makes REST the most widely used style for APIs today.

---

### **2. Explain the concept of API specification.**

An **API specification** is like a **rulebook or contract** that explains exactly how an API should be used. It tells developers what kind of requests can be made, what data should be sent, what responses will come back, and what error codes might appear. It prevents confusion between the team that creates the API and the team that uses it.

For example, suppose there is a `POST /login` API. The specification will describe:

* What input is needed → `{"username": "abc", "password": "123"}`
* What output will be returned if successful → `{"status": "success", "token": "xyz"}`
* What output will be returned if failed → `{"status": "error", "message": "Invalid password"}`

A popular way of writing API specifications is **OpenAPI (Swagger)**. With it, you can generate automatic API documentation and test the API directly. API specifications save time, avoid errors, and make sure developers follow a consistent pattern.

---

### **3. What is Flask, and why is it popular for building APIs?**

**Flask** is a lightweight and flexible Python web framework that is widely used for building web applications and APIs. Unlike larger frameworks such as Django, Flask gives developers the freedom to structure their code in their own way. It comes with the most essential tools, while additional features can be added through extensions like Flask-SQLAlchemy (for databases) or Flask-RESTful (for APIs).

Reasons Flask is popular for APIs:

1. **Simplicity** → A Flask app can be built with just a few lines of code.
2. **Flexibility** → No strict rules on how to design your project.
3. **Large ecosystem** → Many extensions and libraries are available.
4. **Quick to learn** → Easy for beginners but powerful for advanced users.

Example:

```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"
```

Running this app starts a small server where visiting `/` shows "Hello, Flask!". This simplicity makes Flask perfect for **small to medium APIs**, prototypes, and learning projects.

---

### **4. What is routing in Flask?**

**Routing** in Flask is the process of mapping URLs to specific functions in your code. Whenever a user visits a URL, Flask decides which function should run by checking the route definitions. Routes are created using the `@app.route()` decorator.

For example:

```python
@app.route('/hello')
def say_hello():
    return "Hello, User!"
```

Now, if you open `http://127.0.0.1:5000/hello`, Flask will call the `say_hello()` function and display "Hello, User!".

Routing is essential because it allows you to handle different parts of your application. For example:

* `/login` → handle login requests.
* `/profile` → display user profile.
* `/products` → list products from the database.

Flask also allows **dynamic routes**. For example:

```python
@app.route('/user/<name>')
def user_profile(name):
    return f"Welcome {name}!"
```

If you visit `/user/Vanshika`, it will show “Welcome Vanshika!”. This makes routing powerful and flexible for APIs.

---

### **5. How do you create a simple Flask application?**

Creating a Flask application is very simple. You first install Flask using `pip install flask`, then write a small Python file.

Example:

```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def home():
    return "Welcome to my first Flask app!"

if __name__ == "__main__":
    app.run(debug=True)
```

**Steps explained:**

1. **Import Flask** and create an instance of it.
2. **Define routes** using `@app.route()` to decide what each URL should do.
3. **Create functions** that return text, JSON, or HTML as a response.
4. **Run the app** with `app.run()`.

When you start the app and open `http://127.0.0.1:5000/`, you will see the message "Welcome to my first Flask app!". From here, you can add more routes, connect databases, or return API responses.

This shows how Flask makes it easy to start small but allows you to scale into bigger applications.

---




### **6. What are HTTP methods used in RESTful APIs?**

In RESTful APIs, we use **HTTP methods** to tell the server what kind of action we want to perform on a resource. These are the most commonly used methods:

1. **GET** → Used to fetch data from the server.
   Example: `GET /books` returns all books.

2. **POST** → Used to create a new resource on the server.
   Example: `POST /books` with JSON `{ "title": "New Book" }` will add a new book.

3. **PUT** → Used to update an existing resource completely.
   Example: `PUT /books/5` updates all details of book with ID 5.

4. **PATCH** → Similar to PUT, but updates only specific fields.
   Example: `PATCH /books/5` updates only the title of book 5.

5. **DELETE** → Used to remove a resource from the server.
   Example: `DELETE /books/5` deletes book 5.

These methods follow **CRUD operations**: Create (POST), Read (GET), Update (PUT/PATCH), and Delete (DELETE). Using these standard methods makes APIs easy to understand and consistent across applications.

---

### **7. What is the purpose of the @app.route() decorator in Flask?**

The `@app.route()` decorator in Flask is used to connect a **URL path** to a specific Python function. When a user visits that URL, Flask runs the connected function and returns the result.

For example:

```python
@app.route('/hello')
def hello():
    return "Hello, Flask!"
```

When you open `http://127.0.0.1:5000/hello`, it will run the `hello()` function and display "Hello, Flask!".

The decorator also allows specifying **methods** like GET or POST:

```python
@app.route('/submit', methods=['POST'])
def submit():
    return "Form submitted!"
```

This makes `@app.route()` very powerful because you can decide what each URL should do and which HTTP method it should accept. In short, it is the **heart of routing in Flask applications**, without which you cannot connect your functions to web pages or API endpoints.

---

### **8. What is the difference between GET and POST HTTP methods?**

Both **GET** and **POST** are HTTP methods, but they are used differently in APIs.

* **GET**:

  * Used to **fetch data** from the server.
  * Data is sent through the URL (query parameters).
  * Example: `GET /search?name=book` → searches for "book".
  * GET is visible in the URL and should not be used for sensitive data like passwords.

* **POST**:

  * Used to **send data to the server** (usually to create new resources).
  * Data is sent in the **body of the request**, not in the URL.
  * Example: `POST /login` with body `{ "username": "abc", "password": "123" }`.
  * POST is more secure than GET for sensitive data.

**Example in Flask:**

```python
@app.route('/login', methods=['POST'])
def login():
    return "Login request received"
```

In short, GET is for **reading data**, while POST is for **sending data**.

---

### **9. How do you handle errors in Flask APIs?**

Errors happen often in APIs, such as when a user requests a missing page or provides wrong data. Flask provides several ways to handle errors:

1. **Error handlers** → You can define custom responses for errors.

```python
@app.errorhandler(404)
def not_found(e):
    return {"error": "Page not found"}, 404
```

This will return a JSON message instead of a plain HTML error page.

2. **Try-Except blocks** → To catch exceptions in code.

```python
@app.route('/divide')
def divide():
    try:
        result = 10 / 0
    except ZeroDivisionError:
        return {"error": "Division by zero not allowed"}, 400
```

3. **HTTP status codes** → Always return proper codes like 400 (Bad Request), 404 (Not Found), or 500 (Internal Server Error).

Handling errors properly makes an API **user-friendly, professional, and secure**, as clients get clear error messages instead of server crashes.

---

### **10. How do you connect Flask to a SQL database?**

Flask can connect to databases like **MySQL, PostgreSQL, or SQLite**. The most common way is by using **Flask-SQLAlchemy**, which is an extension that makes working with databases easier.

**Steps to connect Flask with a database:**

1. Install SQLAlchemy → `pip install flask-sqlalchemy`.
2. Configure database in your Flask app:

```python
from flask import Flask
from flask_sqlalchemy import SQLAlchemy  

app = Flask(__name__)  
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'  
db = SQLAlchemy(app)
```

3. Define models (tables):

```python
class User(db.Model):  
    id = db.Column(db.Integer, primary_key=True)  
    name = db.Column(db.String(100))  
```

4. Create and use the database:

```python
db.create_all()
```

Now you can add or fetch users directly from the database.

This makes Flask applications **powerful** because they can store and retrieve data permanently instead of only showing static text.

---




### **11. What is the role of Flask-SQLAlchemy?**

**Flask-SQLAlchemy** is an extension that makes it easier to use **SQL databases** in Flask applications. Normally, writing SQL queries directly can be long and complicated, especially when dealing with multiple tables. Flask-SQLAlchemy uses **ORM (Object Relational Mapping)**, which allows us to interact with the database using Python classes and objects instead of raw SQL queries.

For example, instead of writing:

```sql
INSERT INTO users (name, age) VALUES ('Vanshika', 21);
```

You can write in Python:

```python
user = User(name="Vanshika", age=21)
db.session.add(user)
db.session.commit()
```

This makes code shorter, cleaner, and less error-prone.

**Main benefits of Flask-SQLAlchemy:**

* Easier to manage tables and relationships.
* Database-independent (you can switch between SQLite, MySQL, or PostgreSQL without changing much code).
* More readable code, especially for large projects.

In short, Flask-SQLAlchemy provides a **bridge between Flask and databases**, making applications more professional and reliable.

---

### **12. What are Flask blueprints, and how are they useful?**

As projects grow, keeping all routes in one single file becomes messy. **Blueprints** in Flask solve this problem by allowing developers to split the application into smaller, reusable modules.

Think of a blueprint as a **mini Flask application** inside a larger Flask app. For example, you can have:

* `auth.py` → handles login and registration.
* `products.py` → handles product-related routes.
* `profile.py` → handles user profiles.

Example:

```python
from flask import Blueprint
auth = Blueprint('auth', __name__)

@auth.route('/login')
def login():
    return "Login Page"
```

In the main app:

```python
from auth import auth
app.register_blueprint(auth, url_prefix="/auth")
```

Now `/auth/login` will call the login function.

**Why useful?**

* Makes code cleaner and organized.
* Reusable in multiple projects.
* Easy for teams to work on different parts of the application separately.

---

### **13. What is the purpose of Flask’s request object?**

The **request object** in Flask is used to access data sent by the client (browser, mobile app, or another API). It gives you access to things like form inputs, query parameters, headers, and JSON data.

For example:

```python
from flask import request

@app.route('/greet', methods=['GET'])
def greet():
    name = request.args.get('name')
    return f"Hello {name}"
```

If you visit `/greet?name=Vanshika`, it will return **“Hello Vanshika”**.

For POST requests:

```python
@app.route('/login', methods=['POST'])
def login():
    data = request.json
    return f"Username: {data['username']}"
```

If the client sends `{ "username": "Vanshika" }`, Flask can read it using `request.json`.

In short, the **request object is the key to handling user input** in a Flask app, whether from forms, URLs, or API calls.

---

### **14. How do you create a RESTful API endpoint using Flask?**

Creating a RESTful API in Flask means setting up routes that return data (usually JSON) instead of just text or HTML.

Example:

```python
from flask import Flask, jsonify, request

app = Flask(__name__)

@app.route('/books', methods=['GET'])
def get_books():
    books = [{"id": 1, "title": "Book A"}, {"id": 2, "title": "Book B"}]
    return jsonify(books)

@app.route('/books', methods=['POST'])
def add_book():
    new_book = request.json
    return jsonify({"message": "Book added", "book": new_book}), 201
```

* `GET /books` → returns a list of books.
* `POST /books` → adds a new book.

This is a **RESTful endpoint** because it uses HTTP methods properly, deals with resources (books), and returns responses in JSON format with correct status codes.

---

### **15. What is the purpose of Flask’s jsonify() function?**

The `jsonify()` function in Flask is used to **convert Python data (like lists or dictionaries) into JSON format**, which is the standard format for APIs.

For example:

```python
from flask import jsonify

@app.route('/user')
def get_user():
    user = {"id": 1, "name": "Vanshika"}
    return jsonify(user)
```

This will return:

```json
{
  "id": 1,
  "name": "Vanshika"
}
```

Why is `jsonify()` useful?

* It automatically sets the **content-type** of the response to `application/json`.
* It handles **encoding** so that Python data is properly converted to JSON.
* It makes responses more consistent and professional.

In short, `jsonify()` is the simplest way to return structured data from your Flask API.

---




### **16. Explain Flask’s url\_for() function.**

The `url_for()` function in Flask is used to **generate URLs dynamically** for routes in your application. Instead of hardcoding URLs in your code or HTML, you can use `url_for()` to create them. This is useful because if you later change a route, you don’t have to update it everywhere.

For example:

```python
from flask import Flask, url_for
app = Flask(__name__)

@app.route('/profile/<username>')
def profile(username):
    return f"This is {username}'s profile"

@app.route('/')
def home():
    return f"Go to profile: {url_for('profile', username='Vanshika')}"
```

Here, `url_for('profile', username='Vanshika')` generates `/profile/Vanshika`.

**Why it’s useful?**

* Avoids mistakes from typing URLs manually.
* Works well with dynamic routes that need parameters.
* Keeps your app flexible and maintainable.

For example, if you change the route of `profile` later to `/user/<username>`, `url_for()` will automatically update it without breaking links.

---

### **17. How does Flask handle static files (CSS, JavaScript, etc.)?**

Static files like **CSS, JavaScript, and images** are important for websites. Flask serves these files from a folder called **“static”** by default. You just create a folder named `static` in your project and put your files there.

Example project structure:

```
app.py
/static/style.css
```

In your Flask route or HTML, you can link the static file:

```html
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
```

Flask will automatically find the file from the static folder. For example, this would generate:

```
/static/style.css
```

**Why useful?**

* Keeps all design and frontend files organized.
* Makes your application look professional with styling and scripts.
* Can also handle images, fonts, or custom JavaScript files.

So, Flask uses a simple but effective way to manage static content.

---

### **18. What is an API specification, and how does it help in building a Flask API?**

An **API specification** is like a **blueprint or detailed instruction manual** for an API. It describes how the API should behave, what routes exist, what inputs are needed, and what outputs are returned.

For example, if you are building a login API, the specification might say:

* Endpoint: `POST /login`
* Request Body: `{ "username": "string", "password": "string" }`
* Success Response: `{ "status": "success", "token": "abc123" }`
* Error Response: `{ "status": "error", "message": "Invalid login" }`

Popular formats include **OpenAPI (Swagger)**, which makes it easy to create documentation and test APIs.

**How it helps:**

* Developers know exactly how to use your API.
* Prevents confusion and mistakes.
* Allows automated tools to test and validate API behavior.
* Saves time when teams collaborate.

In short, an API specification ensures that your Flask API is **clear, professional, and easy to use**.

---

### **19. What are HTTP status codes, and why are they important in a Flask API?**

**HTTP status codes** are 3-digit numbers returned by the server that tell the client what happened with their request. They are very important in APIs because they help users understand whether a request was successful, failed, or needs fixing.

Some common status codes:

* **200 OK** → The request was successful.
* **201 Created** → A new resource was created (usually after POST).
* **400 Bad Request** → The request was invalid or had wrong data.
* **401 Unauthorized** → Login required.
* **404 Not Found** → The resource does not exist.
* **500 Internal Server Error** → Something went wrong on the server.

Example in Flask:

```python
@app.route('/book/<int:id>')
def get_book(id):
    if id != 1:
        return {"error": "Book not found"}, 404
    return {"id": 1, "title": "Flask Guide"}, 200
```

Here, if the book doesn’t exist, Flask returns a **404**.

Status codes are important because they make the API more **standardized, predictable, and user-friendly**.

---

### **20. How do you handle POST requests in Flask?**

In Flask, a **POST request** is used when the client sends data to the server, usually to create a new resource. Flask handles POST requests using routes with `methods=['POST']`.

Example:

```python
from flask import request

@app.route('/add', methods=['POST'])
def add_item():
    data = request.json
    return {"message": "Item added", "item": data}, 201
```

If the client sends:

```json
{ "name": "Laptop", "price": 50000 }
```

The API will return a response confirming the item was added.

**Steps in handling POST requests:**

1. Client sends data (JSON, form data, etc.) to the API.
2. Flask reads the data using `request.form` or `request.json`.
3. The server processes the data (e.g., saves to database).
4. A response is returned, usually with status code **201 (Created)**.

Handling POST properly is important because most APIs rely on POST to accept **user input, forms, or new data entries**.

---



### **21. What is REST architecture, and why is it important for APIs?**

**REST (Representational State Transfer)** is an architecture style used to design APIs. It is based on a few simple principles that make communication between client (like a mobile app or browser) and server (where the data lives) easy and standard.

**Key principles of REST:**

1. **Resources** → Everything (users, books, products) is treated as a resource and represented by a URL. Example: `/users/1` means user with ID 1.
2. **HTTP Methods** → Use GET, POST, PUT, PATCH, DELETE for actions.
3. **Statelessness** → Every request is independent; the server doesn’t remember past requests.
4. **JSON/XML** → Data is usually exchanged in JSON for simplicity.

**Why important?**

* REST APIs are **easy to understand** because they work like browsing web pages.
* They are **scalable** because stateless requests reduce server load.
* They are **platform-independent**, so the same API can be used by a mobile app, website, or IoT device.

For example, an e-commerce API might have:

* `GET /products` → Get all products.
* `POST /orders` → Place a new order.

In short, REST architecture gives **simplicity, flexibility, and global standardization**, making it the most popular API design.

---

### **22. How does Flask differ from Django for building APIs?**

Both **Flask** and **Django** are popular Python frameworks, but they are very different in style.

* **Flask**:

  * Lightweight and minimal.
  * Gives freedom to structure the project however you like.
  * Best for small to medium APIs or projects where you need flexibility.
  * Example: You write your own authentication system or choose your own database library.

* **Django**:

  * Full-featured framework (“batteries included”).
  * Has built-in tools like authentication, ORM, admin panel, and more.
  * Best for large applications where you need a lot of built-in features.
  * Example: You get a ready-made admin dashboard to manage your database.

**Flask Example:**

```python
@app.route('/hello')
def hello():
    return "Hello Flask!"
```

**Django Example:** Requires creating models, views, and URLs with a more structured pattern.

**In summary**:

* Use **Flask** if you want **simplicity, control, and quick development**.
* Use **Django** if you want **ready-made tools, strict structure, and large project support**.

---

### **23. What are some best practices for building Flask APIs?**

When building APIs with Flask, following best practices ensures that your application is **secure, efficient, and easy to use**.

1. **Use Blueprints** → Organize routes into modules (e.g., `auth.py`, `products.py`).
2. **Return JSON responses** → Always use `jsonify()` so clients get consistent data.
3. **Use proper HTTP status codes** → Example: 200 for success, 404 for not found, 500 for server errors.
4. **Validate input data** → Never trust user input directly. Use libraries like `marshmallow` for validation.
5. **Error handling** → Write custom error handlers for better user experience.
6. **Use environment variables** → Keep secret keys, database URLs, and passwords outside the code.
7. **Documentation** → Use OpenAPI (Swagger) to explain how your API works.
8. **Testing** → Write unit tests to check endpoints before deploying.
9. **Security** → Use authentication (like JWT tokens or OAuth) and HTTPS.
10. **Database management** → Use SQLAlchemy for clean database interactions.

Example of a good API response:

```json
{
  "status": "success",
  "data": {"id": 1, "name": "Vanshika"}
}
```

By following these best practices, Flask APIs become **cleaner, more professional, and ready for real-world use**.

---


# **Practical**

In [None]:
# 1. Create a basic Flask application
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask!"

if __name__ == "__main__":
    app.run(debug=True)


In [5]:
# 2. Serve static files (images, CSS, JS)
<!-- index.html -->
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
<img src="{{ url_for('static', filename='image.png') }}">


SyntaxError: invalid syntax (ipython-input-1268792651.py, line 2)

In [None]:
# 3. Different routes with different HTTP methods
@app.route('/submit', methods=['GET', 'POST'])
def submit():
    if request.method == 'POST':
        return "Form submitted!"
    return "Send a POST request"


In [None]:
# 4. How do you render HTML templates in Flask
from flask import render_template

@app.route('/page')
def page():
    return render_template('index.html')



In [None]:
# 5 Generate URLs with url_for
@app.route('/profile')
def profile():
    return "This is your profile page!"

@app.route('/go')
def go():
    return f'<a href="{url_for("profile")}">Go to Profile</a>'


In [None]:
# 6. Handle forms
<!-- form.html -->
<form method="POST" action="/form">
  <input type="text" name="username">
  <input type="submit">
</form>


In [None]:

@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        return "Hello " + request.form['username']
    return render_template('form.html')


In [11]:
# 7. Validate form data
@app.route('/validate', methods=['POST'])
def validate():
    username = request.form.get('username')
    if not username:
        return "Username required!"
    return f"Welcome {username}"


AssertionError: View function mapping is overwriting an existing endpoint function: validate

In [None]:
# 8 Manage sessions
from flask import session

app.secret_key = "secret"

@app.route('/login')
def login():
    session['user'] = 'Vanshika'
    return "Logged in!"

@app.route('/dashboard')
def dashboard():
    return f"Hello {session['user']}"


In [None]:
# 9. Redirect to another route
from flask import redirect

@app.route('/old')
def old():
    return redirect('/new')

@app.route('/new')
def new():
    return "New Page"


In [None]:
# 10. Handle errors (404 example)
@app.errorhandler(404)
def page_not_found(e):
    return "Page not found!", 404


In [None]:
# 11. Use Blueprints
from flask import Blueprint

bp = Blueprint('simple', __name__)

@bp.route('/hello')
def hello():
    return "Hello from Blueprint!"

app.register_blueprint(bp)


In [None]:
# 12. Custom Jinja filter
@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]

@app.route('/filter')
def filter_example():
    return render_template('index.html', name="Vanshika")


In [None]:
<!-- index.html -->
{{ name|reverse }}


In [None]:
# 13. Redirect with query parameters
@app.route('/search')
def search():
    return redirect(url_for('result', q="Flask"))

@app.route('/result')
def result():
    return "You searched for: " + request.args.get('q')


In [None]:
# 14. Return JSON response
from flask import jsonify

@app.route('/json')
def json_example():
    return jsonify({"name": "Vanshika", "age": 21})


In [None]:
# 15. Capture URL parameters
@app.route('/user/<name>')
def user(name):
    return f"Hello {name}"
