# Restful API & flask Assignment
---

## 1.What is a RESTful API?

### A **RESTful API** stands for **Representational State Transfer Application Programming Interface**. It is a web service that allows systems to communicate over the internet using standard **HTTP methods** like **GET** (read), **POST** (create), **PUT** (update), and **DELETE** (remove).

### It follows REST principles such as **statelessness**, **resource-based URLs**, and typically returns data in **JSON format**. RESTful APIs are widely used in web and mobile apps due to their **simplicity, speed, and scalability**.

---


## 2.Explain the concept of API specification?

### An **API specification** is a detailed guide that defines **how an API works**. It lists the **endpoints (URLs), HTTP methods (GET, POST, etc.), request/response formats**, and **authentication rules**.

### It acts like a **contract** between the API provider and user, ensuring clear communication and smooth integration. Tools like **OpenAPI (Swagger)** are commonly used to write API specifications.

---


## 3. What is Flask, and why is it popular for building APIs?

### **Flask** is a **lightweight Python web framework** used to build web applications and **RESTful APIs** quickly and easily.

It is popular because it is:

* **Simple and beginner-friendly**
* **Flexible** (no strict rules or structure)
* **Extensible** with many plugins
* Perfect for **small to medium-sized projects and APIs**

Flask makes it easy to create APIs with just a few lines of code using Python.

---


## 4.What is routing in Flask?

### **Routing in Flask** connects a **URL path** to a **Python function**. When a user accesses that URL, the linked function runs and returns a response.

#### It helps define **what should happen** when a specific web address is visited.

---


## 5.How do you create a simple Flask application?

* First, install Flask using the command `pip install flask`.
* Create a Python file (e.g., `app.py`).
* Import the Flask class using `from flask import Flask`.
* Create a Flask app object with `app = Flask(__name__)`.
* Define a route using `@app.route('/')` and a function to return a response.
* Add `if __name__ == '__main__': app.run(debug=True)` to run the app.
* Run the file, and open `http://localhost:5000` in your browser to see the output.

---



## 6. What are HTTP methods used in RESTful APIs?

### In RESTful APIs, **HTTP methods** define the type of operation to perform on a resource. The main methods are:

* **GET** – To **retrieve** data
* **POST** – To **create** new data
* **PUT** – To **update** existing data
* **DELETE** – To **remove** data
* **PATCH** – To **partially update** data
* **OPTIONS** – To describe **available methods** for a resource

These methods make REST APIs clear, consistent, and easy to use.

---


## 7.What is the purpose of the @app.route() decorator in Flask?

### The `@app.route()` decorator in Flask is used to **bind a URL path to a Python function**.

When a user visits that URL in the browser, Flask runs the linked function and returns the response.

 **Example**:

```python
@app.route('/hello')
def hello():
    return "Hello, World!"
```

 Here, visiting `/hello` will show **"Hello, World!"**.

---


## 8.What is the difference between GET and POST HTTP methods?

* **GET** is used to **retrieve data** from the server.
* **POST** is used to **send or submit data** to the server.
* In **GET**, data is sent through the **URL** as query parameters.
* In **POST**, data is sent through the **body** of the request.
* **GET** requests are **visible in the browser’s address bar**.
* **POST** requests are **not visible** and are more **secure** for sensitive data.
* **GET** is commonly used for **reading data**, while **POST** is used for **creating or updating data**.

---


## 9.How do you handle errors in Flask APIs?

* Flask provides built-in support for **error handling** using the `@app.errorhandler()` decorator.
* You can catch specific HTTP errors like **404 (Not Found)** or **500 (Internal Server Error)**.
* Custom error messages or JSON responses can be returned for better API clarity.
* Flask also allows using **try-except blocks** inside route functions to handle logical or runtime errors.
* Proper error handling improves **user experience**, **debugging**, and **API reliability**.

 **Example:**

```python
@app.errorhandler(404)
def not_found(e):
    return {"error": "Resource not found"}, 404
```

---

## 10.How do you connect Flask to a SQL database?

### To connect Flask to a SQL database, we use an Object Relational Mapper (ORM) like **Flask-SQLAlchemy**. It allows developers to interact with databases using Python code instead of raw SQL queries.

First, the Flask application is configured with the **database URI**, which tells Flask where the database is located and what type it is (e.g., SQLite, MySQL, PostgreSQL).

Once configured, **SQLAlchemy** is initialized with the app. Developers then define **models** as Python classes that represent database tables. Each model contains **fields** which correspond to the columns in the table.

Using SQLAlchemy, developers can perform all common database operations like **inserting**, **updating**, **deleting**, and **retrieving** data in a more Pythonic and readable way.

This approach makes the database integration clean, secure, and scalable for web applications built with Flask.

---


## 11. What is the role of Flask-SQLAlchemy ?

### **Flask-SQLAlchemy** is an **Object Relational Mapper (ORM) extension** for Flask that simplifies working with SQL databases using Python code.

It acts as a **bridge between Flask and SQL databases**, allowing developers to interact with database tables as **Python classes and objects** instead of writing raw SQL queries.

### 🔹 Key Roles:

* **Simplifies database operations** like insert, update, delete, and query.
* Helps in defining **database models** using Python classes.
* Automatically manages **connections and sessions** with the database.
* Makes the code **cleaner, readable, and secure** by avoiding manual SQL.
* Supports **multiple SQL databases** like SQLite, MySQL, and PostgreSQL.

Flask-SQLAlchemy makes database handling in Flask **easy, efficient, and more Pythonic**.

---


## 12.What are Flask blueprints, and how are they useful ?

### **Flask Blueprints** are a way to **organize and structure** a Flask application into **modular, reusable components**.

Instead of writing all routes and logic in a single file, Blueprints allow you to **split your application** into smaller parts (like users, admin, API, etc.), each with its own routes, views, and logic.

 **How They Are Useful:**

* **Improves code organization** in large applications.
* Allows **modular development** by breaking code into smaller, manageable files.
* Helps in **reusing code** across multiple applications.
* Makes the app easier to **test, debug, and maintain**.
* Supports **team collaboration**, where each developer can work on different modules.

## Blueprints make large Flask apps **cleaner, scalable, and easier to manage** by keeping different features in separate files.

---


## 13. What is the purpose of Flask's request object ?

### The **`response` object** in Flask is used to **send data back to the client** after processing a request.

It contains the **response body**, **status code**, and **headers**. You can return plain text, HTML, JSON, or even custom responses using it.

**Example:**

```python
from flask import Response

return Response("Success", status=200)
```

It gives full control over what is returned to the user.

---


## 14. How do you create a RESTful API endpoint using Flask?

### **Smart & Short Statement-wise Answer:**

* Flask provides a built-in function called **`jsonify()`** to return JSON responses.
* `jsonify()` converts Python dictionaries or lists into **proper JSON format**.
* It also automatically sets the **content type** to `application/json`.
* This makes it ideal for RESTful APIs to send structured data to clients.

**Example:**

```python
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/data')
def get_data():
    return jsonify({"name": "Khushi", "role": "Data Analyst"})
```

This endpoint returns a **JSON response** when accessed.

---


## 15.What is the purpose of Flask's jsonify() function ?

### The **`jsonify()`** function in Flask is used to **convert Python data (like dictionaries or lists) into a proper JSON response**.

###  **Key Purposes:**

* Automatically formats the data as **JSON**
* Sets the correct **Content-Type: application/json** header
* Makes it easy to return **structured API responses** in RESTful APIs

 **Example:**

```python
return jsonify({"message": "Success", "status": 200})
```

In short, `jsonify()` helps send **clean, standard JSON responses** from Flask APIs.

---


## 16.Explain Flask’s url_for() function.

### The **`url_for()`** function in Flask is used to **generate URLs for routes dynamically** using the function name.

### **Key Purposes:**

* Avoids hardcoding URLs
* Makes the app more **flexible and maintainable**
* Automatically updates URLs if route paths change

 **Example:**

```python
from flask import url_for

url_for('home')  # Returns: '/' if 'home' is a route function
```

In short, `url_for()` ensures your Flask app is **clean, dynamic, and error-free** when handling URLs.

---


## 17.How does Flask handle static files (CSS, JavaScript, etc.)?

### **Smart & Brief Answer:**

* Flask uses **Jinja2 templating engine** to render HTML templates.
* Templates are stored in the **`templates/`** folder.
* The **`render_template()`** function is used to load and return an HTML file.
* You can pass data from Flask to the template using variables.

 **Example:**

```python
from flask import render_template

@app.route('/')
def home():
    return render_template('index.html', name="Khushi")
```

This renders `index.html` and sends the variable `name` to it.

---


## 18. What is an API specification, and how does it help in building a Flask API?

### An **API specification** is a **detailed blueprint** that defines how an API works — including its **endpoints, request methods, input/output formats, and error codes**.

### **How It Helps in Building a Flask API:**

* Acts as a **clear guide** for developers to implement consistent routes and responses.
* Ensures all team members follow the **same structure and rules**.
* Helps in **auto-generating documentation** and **testing tools** (e.g., Swagger/OpenAPI).
* Reduces confusion, bugs, and rework by defining expectations **before coding**.

In short, an API specification ensures your Flask API is **well-planned, standardized, and developer-friendly**.

---

## 19.What are HTTP status codes, and why are they important in a Flask API ?

### **HTTP status codes** are **3-digit numbers** returned by the server to indicate the **result of a client’s request**.

### **Why They Are Important in Flask API:**

* They help the **client understand** if the request was successful, failed, or had issues.
* Improve **error handling** and **debugging**.
* Make the API **more professional and reliable**.

###  **Common Codes:**

* `200 OK` – Request successful
* `201 Created` – New resource created
* `400 Bad Request` – Invalid input
* `401 Unauthorized` – Not authenticated
* `404 Not Found` – Resource missing
* `500 Internal Server Error` – Server crash or bug

Note: status codes keep communication between client and server **clear and meaningful**.

---


## 20. How do you handle POST requests in Flask?

### In Flask, **POST requests** are used to **send data from the client to the server**, typically when submitting forms or JSON data.

To handle POST requests, Flask allows defining a route with the **`methods=['POST']`** argument in the `@app.route()` decorator. When a POST request is received at that endpoint, Flask executes the corresponding function.

Inside the function, you can access the incoming data using the `request` object:

* `request.form` – for form data
* `request.get_json()` – for JSON data
* `request.data` – for raw request data

After processing the data, a response (often in JSON format) is sent back to the client using `jsonify()` or other return types.

This mechanism is essential for tasks like **user registration, form submission, file uploads, and API data handling** in a Flask application.

---


## 21. How would you secure a Flask API?

### Securing a Flask API is essential to protect it from unauthorized access, data breaches, and malicious attacks. Several best practices are used to ensure API security:

 **Key Methods to Secure a Flask API:**

1. **Authentication & Authorization**

   * Use **API keys**, **tokens**, or **OAuth2** to verify users.
   * Only allow access to authorized users based on roles or permissions.

2. **HTTPS Protocol**

   * Always deploy the API over **HTTPS** to encrypt data in transit.

3. **Input Validation**

   * Validate all incoming data to prevent attacks like **SQL injection**, **XSS**, or **command injection**.

4. **Rate Limiting**

   * Limit the number of requests from each user/IP to prevent **abuse or denial-of-service attacks**.

5. **Error Handling**

   * Avoid exposing internal details in error messages. Use **custom error handlers**.

6. **CORS (Cross-Origin Resource Sharing)**

   * Use Flask-CORS to control which domains can access your API.

7. **Secure Headers**

   * Add security-related HTTP headers like **Content-Security-Policy** or **X-Content-Type-Options**.

8. **Database Security**

   * Use ORM (like SQLAlchemy) to prevent direct SQL access, and use **parameterized queries**.


In short, securing a Flask API involves combining **authentication, data validation, encrypted communication, and secure coding practices** to keep the application safe and reliable.

---

## 22.What is the significance of the Flask-RESTful extension?

### **Flask-RESTful** is an extension for Flask that simplifies the process of building **RESTful APIs** by providing helpful tools and structure.

 **Significance and Benefits:**

1. **Simplifies API Development**

   * Makes it easier to create RESTful routes using **classes and methods** instead of regular functions.

2. **Class-Based Views**

   * Allows you to organize API logic using **object-oriented programming**, which improves **code readability and reuse**.

3. **Automatic Method Handling**

   * Supports HTTP methods like **GET, POST, PUT, DELETE** directly through class methods.

4. **Built-in Request Parsing**

   * Provides tools like **`reqparse`** to easily extract and validate request data.

5. **Improves Code Structure**

   * Encourages **modular, scalable, and clean API design**, especially useful for large projects.

6. **Better Error Handling**

   * Offers built-in ways to return proper **HTTP status codes and messages**.

> **Flask-RESTful** adds powerful features that make it easier and faster to build **well-structured, scalable, and professional REST APIs** with Flask.

---


## 23. What is the role of Flask’s session object?

###  **Theoretical Answer: Role of Flask’s `session` Object**

The **`session` object** in Flask is used to **store user-specific data across multiple requests**. It helps Flask applications **remember information** (like login status, user preferences, etc.) between different pages or visits.

###  **Key Roles of `session`:**

1. **Stores Temporary Data**

   * Keeps data like usernames, user IDs, or settings during a user’s session.

2. **Client-Side Sessions**

   * Flask stores session data on the **client side** using **secure cookies**.

3. **Secure & Signed**

   * The session data is **encrypted and signed** with a secret key (`app.secret_key`) so that it can’t be tampered with.

4. **Useful in Authentication**

   * Commonly used to **track login/logout status** and control access to protected routes.


 **Example:**

```python
from flask import session

session['username'] = 'Khushi'  # Storing data
user = session.get('username')  # Retrieving data
```

> the `session` object allows Flask apps to **remember user-specific data securely across multiple requests**.

---


# PRACTICAL QUESTIONS

---

## 1.How do you create a basic Flask application?

In [None]:

```python
from flask import Flask
import threading

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, Flask from Jupyter!"

def run():
    app.run(debug=False, use_reloader=False)

# Start Flask in background thread
threading.Thread(target=run).start()
```

### **Open in browser:**

Go to `http://127.0.0.1:5000/`


###  **Output in browser:**

```
Hello, Flask from Jupyter!
```

---


## 2.How do you serve static files like images or CSS in Flask?

### In Flask, static files such as images, CSS, and JavaScript are served from a special directory named static/.By default, Flask automatically maps the /static URL path to the static folder in your project directory.You can reference static files in your HTML templates using the url_for() function:

In [None]:
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
<img src="{{ url_for('static', filename='image.jpg') }}" alt="My Image">


## Key Points:
* Flask uses the folder named static/ for all static files.

* These files are not processed by Flask — they are sent as-is to the browser.

* You can organize them into subfolders like static/css/, static/images/, etc.

* Use url_for('static', filename='...') to generate the correct URL dynamically.

In [None]:
project/
├── app.py
├── static/
│   ├── style.css
│   └── image.jpg                                 # example folder structure
├── templates/
│   └── index.html


In [None]:
<!-- In templates/index.html -->
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">        # example use in templates
<img src="{{ url_for('static', filename='image.jpg') }}" alt="Image">


## This method ensures your static files are easily accessible and managed properly within your Flask web application.

---

## 3.How do you define different routes with different HTTP methods in Flask?

In [None]:
from flask import Flask, request, render_template_string
import nest_asyncio, threading

nest_asyncio.apply()
app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        name = request.form.get('name')
        return f"<h2>Hello, {name}!</h2>"
    return '''
        <form method="POST">
            <input name="name" placeholder="Enter your name">
            <button type="submit">Submit</button>
        </form>
    '''

def run():
    app.run(port=5000)

threading.Thread(target=run).start()

## for output go to browser and enter

http://localhost:5000/form

---


## 4. How do you render HTML templates in Flask?

In [None]:
from flask import Flask, render_template_string
import nest_asyncio
import threading

# Allow Flask to run in Jupyter
nest_asyncio.apply()

# Create Flask app
app = Flask(__name__)

# Use render_template_string to simulate real template rendering
@app.route('/')
def home():
    return render_template_string("""
    <!DOCTYPE html>
    <html>
    <head>
        <title>Flask Template</title>
    </head>
    <body>
        <h1>Hello Khushi! This is Flask rendering HTML template.</h1>
    </body>
    </html>
    """)

# Run the app
def run_app():
    app.run(port=5000)

threading.Thread(target=run_app).start()

## for output run on browser

 http://localhost:5000

---


## 5.How can you generate URLs for routes in Flask using url_for?

In [None]:
from flask import Flask, url_for, render_template_string
import nest_asyncio, threading

nest_asyncio.apply()
app = Flask(__name__)

@app.route('/profile/<name>')
def profile(name):
    return f"<h2>Welcome, {name}!</h2>"

@app.route('/')
def home():
    # Dynamically generate URL for profile route
    link = url_for('profile', name='Khushi')
    return render_template_string(f'''
        <h1>URL Generated using url_for</h1>
        <a href="{link}">Go to Profile</a>
    ''')

def run():

## for output go to;

 http://localhost:5000


## 6.How do you handle forms in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, request
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)  # Start ngrok tunnel

@app.route('/')
def index():
    return '''
        <form method="POST" action="/submit">
            <input type="text" name="username" placeholder="Enter your name" required>
            <input type="submit" value="Submit">
        </form>
    '''

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form['username']
    return f"<h1>Hello, {name}!</h1>"

app.run()



## 7.How can you validate form data in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, request
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

@app.route('/')
def form():
    return '''
        <h2>Register</h2>
        <form method="POST" action="/submit">
            <input type="text" name="name" placeholder="Your Name" required><br><br>
            <input type="email" name="email" placeholder="Your Email" required><br><br>
            <input type="submit" value="Submit">
        </form>
    '''

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form['name']
    email = request.form['email']

    # Manual validation
    if not name.strip():
        return "Name is required."
    elif '@' not in email:
        return "Invalid email address."
    else:
        return f"<h1>Welcome, {name}!</h1><p>Your email: {email}</p>"

app.run()


## for output

* Run the cell

* Open the ngrok link

* Try submitting without name or invalid email like abc

* You’ll get: Name is required. or Invalid email address.

* Correct input shows:
   Welcome, Khushi!


## 8.How do you manage sessions in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, session, request, redirect, url_for
from flask_ngrok import run_with_ngrok

# Step 1: Create Flask App
app = Flask(__name__)
app.secret_key = 'supersecretkey'  # Required for using session
run_with_ngrok(app)  # To get public link in Jupyter

# Step 2: Home Route
@app.route('/')
def index():
    if 'username' in session:
        return f'''
            <h2>Welcome, {session['username']}! </h2>
            <a href="/logout">Logout</a>
        '''
    return '''
        <h2>Login</h2>
        <form action="/login" method="post">
            <input type="text" name="username" placeholder="Enter name" required>
            <input type="submit" value="Login">
        </form>
    '''

# Step 3: Login Route
@app.route('/login', methods=['POST'])
def login():
    session['username'] = request.form['username']
    return redirect(url_for('index'))

# Step 4: Logout Route
@app.route('/logout')
def logout():
    session.pop('username', None)
    return '''
        <h3>You are logged out! </h3>
        <a href="/">Login again</a>
    '''

# Step 5: Run App
app.run()


In [None]:
## Output in Browser (Ngrok link opens):
* When first opened:
Login
[ Enter name textbox ] [ Login button ]


In [None]:
##  After login:

Welcome, Khushi! 
[ Logout ]


In [None]:
After logout:

You are logged out! 
[ Login again ]


## 9.How do you redirect to a different route in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, redirect, url_for
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

@app.route('/')
def home():
    return '''
        <h2>Home Page </h2>
        <a href="/go">Go to Dashboard</a>
    '''

@app.route('/go')
def go():
    return redirect(url_for('dashboard'))

@app.route('/dashboard')
def dashboard():
    return '<h1> You are now on the Dashboard Page!</h1>'

app.run()


## 10.How do you handle errors in Flask (e.g., 404)?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

@app.route('/')
def home():
    return '''
        <h2>Home Page </h2>
        <p>Try visiting a wrong URL like <code>/wrong</code> to see 404 error handling.</p>
    '''

@app.errorhandler(404)
def not_found(e):
    return '<h1>404 Error </h1><p>Oops! Page not found.</p>', 404

app.run()

## Output in Browser:
* Visit / (Home)

Home Page 
Try visiting a wrong URL like /wrong to see 404 error handling.

* Visit /wrong (Wrong URL):

404 Error 
Oops! Page not found.



## 11.How do you structure a Flask app using Blueprints?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, Blueprint
from flask_ngrok import run_with_ngrok

# Create a Blueprint
simple_bp = Blueprint('simple_bp', __name__)

@simple_bp.route('/hello')
def hello():
    return '<h2>Hello from Blueprint! </h2>'

# Create Flask app
app = Flask(__name__)
run_with_ngrok(app)

# Register the Blueprint
app.register_blueprint(simple_bp, url_prefix='/greet')

# Main route
@app.route('/')
def home():
    return '<h1>Main App Home </h1><p>Try /greet/hello</p>'

app.run()

## 12.How do you define a custom Jinja filter in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, render_template_string
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

# Define custom Jinja filter
@app.template_filter('reverse')
def reverse_filter(s):
    return s[::-1]

@app.route('/')
def index():
    name = "Khushi"
    #  Use the filter in template
    html = '''
        <h2>Original: {{ name }}</h2>
        <h2>Reversed: {{ name|reverse }}</h2>
    '''
    return render_template_string(html, name=name)

app.run()


In [None]:
## Output in Browser;

Original: Khushi  
Reversed: ihsuhK


## 13.How can you redirect with query parameters in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, redirect, url_for, request
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

@app.route('/')
def home():
    # Redirecting with query parameter ?name=Khushi
    return redirect(url_for('greet', name='Khushi'))

@app.route('/greet')
def greet():
    name = request.args.get('name', 'Guest')
    return f"<h2>Hello, {name}! </h2>"

app.run()

##  Output in Browser:
* Open ngrok link → Redirects to /greet?name=Khushi

* You’ll see

Hello, Khushi! 



## 14:How do you return JSON responses in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask, jsonify
from flask_ngrok import run_with_ngrok

# Step 1: Create Flask app
app = Flask(__name__)
run_with_ngrok(app)

# Step 2: Create a JSON endpoint
@app.route('/api/info')
def info():
    return jsonify({
        "name": "Khushi",
        "status": "Learning Flask",
        "skills": ["Python", "Flask", "Pandas"]
    })

# Step 3: Run the app
app.run()


## 15.How do you capture URL parameters in Flask?

In [None]:
!pip install flask flask-ngrok -q

from flask import Flask
from flask_ngrok import run_with_ngrok

app = Flask(__name__)
run_with_ngrok(app)

# Capture parameter from URL like /user/Khushi
@app.route('/user/<name>')
def greet_user(name):
    return f"<h2>Hello, {name}! </h2>"

app.run()
