# 👩‍💻 RESTful API & Flask Assignment Solutions

Welcome! This notebook provides comprehensive answers and code examples for the RESTful API and Flask assignment. The structure is divided into two main parts: Conceptual Questions and Practical Implementation.

---

## Part 1: Conceptual Assignment Questions (Theory)
This section covers the fundamental concepts of REST, APIs, and the Flask framework based on the assignment questions.

### 1. What is a RESTful API?

A **RESTful API** (Representational State Transfer) is an architectural style for designing networked applications. It uses standard HTTP methods (like GET, POST, PUT, DELETE) to interact with **resources** (e.g., users, posts, products) identified by unique URIs (Uniform Resource Identifiers). The primary principles include **statelessness** and a **uniform interface**, making the communication predictable and scalable.

### 2. Explain the concept of API specification.

An **API Specification** (or API documentation) is essentially a **contract** that clearly describes the functionality of a web service. It details all available endpoints, the required HTTP methods, expected input parameters (in the request body, query, or path), and the format of the response data (including successful payloads and error messages). Popular standards like **OpenAPI (Swagger)** help enforce this contract for both developers consuming and maintaining the API.

### 3. What is Flask, and why is it popular for building APIs?

**Flask** is a **lightweight Python web framework**, often called a "micro-framework" because it starts with a minimal core: routing, request handling, and templating. It's popular for building APIs due to its:
* **Minimalism & Flexibility:** It doesn't impose a strict structure or force dependencies, letting developers choose their own libraries (e.g., for database, authentication, or serialization).
* **Simplicity:** It has a simple, explicit structure and a low barrier to entry, enabling rapid development of clean, focused APIs.
* **Extensibility:** Its functionality is easily extended through numerous community-maintained **extensions** (like Flask-RESTful, Flask-SQLAlchemy).

### 4. What is routing in Flask?

**Routing** is the process in Flask that **maps a URL path** requested by a client (e.g., `/api/users`) to a specific **Python function** defined in the application (the *view function*). This is primarily done using the `@app.route()` decorator.

### 5. How do you create a simple Flask application?

A simple Flask app requires importing the `Flask` class, creating an instance, and defining at least one route with a view function.

In [None]:
# simple_app.py
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    """Route for the application root."""
    return 'Welcome to the Simple Flask API! (Running on http://127.0.0.1:5000)'

# To run the app (in a real terminal):
# if __name__ == '__main__':
#     app.run(debug=True)

### 6. What are HTTP methods used in RESTful APIs?

HTTP methods (or verbs) define the **action** to be performed on the resource:
* **GET:** Retrieve data (Read). Safe and Idempotent.
* **POST:** Create new data (Create). Not safe, not idempotent.
* **PUT:** Update an existing resource completely (Update). Idempotent.
* **PATCH:** Apply partial modifications to a resource (Update). Not idempotent.
* **DELETE:** Remove a specified resource (Delete). Idempotent.

### 7. What is the purpose of the `@app.route()` decorator in Flask?

The `@app.route()` decorator is used to **bind a URL** to a specific Python function (the view function). When a client requests that URL, Flask knows which function to execute. It can also specify the allowed HTTP methods using the `methods` argument (e.g., `methods=['GET', 'POST']`).

### 8. What is the difference between GET and POST HTTP methods?

| Feature | GET | POST |
| :--- | :--- | :--- |
| **Purpose** | Retrieve (Read) data. | Submit/Create (Create) new data. |
| **Body/Payload** | Should not contain a body; data is in the query string. | Contains the data to be sent (request body/payload). |
| **Safety** | **Safe** (should not modify server state). | **Not Safe** (modifies server state by creating data). |
| **Idempotence** | **Idempotent** (repeated requests have the same outcome). | **Not Idempotent** (repeated requests usually create multiple resources). |

### 9. How do you handle errors in Flask APIs?

Errors are handled using the **`@app.errorhandler(status_code)`** decorator. For APIs, the handler should return a **JSON response** with a descriptive message and the correct HTTP status code.

In [None]:
from flask import Flask, jsonify
app = Flask(__name__)

@app.errorhandler(404)
def not_found_error(error):
    # Returns a JSON error response with a 404 status code
    return jsonify({
        'status': 404,
        'error': 'Not Found',
        'message': 'The requested URL was not found on the server.'
    }), 404

### 10. How do you connect Flask to a SQL database?

The standard way is to use the **Flask-SQLAlchemy** extension. This integrates the powerful SQLAlchemy ORM (Object-Relational Mapper) with Flask, simplifying configuration and database session management.

### 11. What is the role of Flask-SQLAlchemy?

**Flask-SQLAlchemy** manages the integration of the SQLAlchemy ORM into a Flask application. Its main roles are:
* **Configuration:** Automatically handles the setup and configuration of the database engine using Flask's config.
* **Model Definition:** Allows defining database tables as Python classes (models).
* **Session Management:** Correctly manages the database session lifecycle during a request (opening, committing, and closing connections).

### 12. What are Flask blueprints, and how are they useful?

**Flask Blueprints** are a way to organize a Flask application into smaller, reusable, and modular components. They act as a template for application sections (e.g., an `/admin` module, a `/users` API, or an `/auth` system).
* **Usefulness:** They promote **separation of concerns** and **code reusability**, preventing the main application file from becoming too large in complex projects.

### 13. What is the purpose of Flask's `request` object?

The **`request` object** is a global object that holds all the **incoming data** for the current client request. It allows view functions to access:
* `request.method`: The HTTP method used (GET, POST).
* `request.args`: Query string parameters (e.g., `?limit=10`).
* `request.form`: Form data (for POST requests).
* `request.json`: Incoming JSON payload (crucial for APIs).
* `request.headers`: HTTP headers.

### 14. How do you create a RESTful API endpoint using Flask?

Define a view function and use `@app.route()`, specifying the resource path and the allowed `methods`. Use `request.json` to read the input data and `jsonify()` to return structured data.

In [None]:
from flask import request, jsonify
# ... app instance setup ...

@app.route('/api/users', methods=['POST'])
def create_user():
    if request.is_json:
        user_data = request.json
        # In a real app: save user_data to database
        return jsonify({'message': 'User created successfully', 'id': 101, 'data': user_data}), 201
    return jsonify({'error': 'Invalid content type'}), 400

### 15. What is the purpose of Flask's `jsonify()` function?

The **`jsonify()`** function is a helper in Flask used to create a proper **JSON response**. It does two key things:
1.  **Serialization:** Converts the Python dictionary, list, or other object into a JSON formatted string.
2.  **Headers:** Sets the `Content-Type` header of the HTTP response to `application/json`, ensuring the client knows the data format.

### 16. Explain Flask's `url_for()` function.

The **`url_for()`** function is used to **dynamically build a URL** for a specific view function. It takes the function name as the first argument and any variable parts of the URL as keyword arguments.
* **Benefit:** It avoids hardcoding URLs. If you change the URL path in the `@app.route()` decorator, `url_for()` automatically generates the correct path elsewhere, making the code more robust.

### 17. How does Flask handle static files (CSS, JavaScript, etc.)?

Flask, by convention, looks for static files (CSS, JS, images) in a folder named **`static`** located in the root of the application directory. You can generate the URL for these files using the `url_for()` function with the special endpoint name `'static'`.

### 18. What is an API specification, and how does it help in building a Flask API?

*(This is similar to question 2, offering a slightly different focus on the benefit.)*
An API specification (like OpenAPI) defines the public interface of the API. It helps in building a Flask API by:
* **Design First:** Forcing developers to define the API contract *before* coding, leading to better, more consistent design.
* **Testing:** Allowing the generation of mock servers or automated test cases directly from the specification.
* **Documentation:** Providing immediate, up-to-date documentation for consumers (front-end developers, partners).

### 19. What are HTTP status codes, and why are they important in a Flask API?

**HTTP Status Codes** are three-digit numbers returned by the server in the response header that indicate the outcome and status of the request. They are vital in a Flask API because they:
* **Signal Success/Failure:** They tell the client immediately whether their request succeeded (2xx), failed due to the client (4xx), or failed due to the server (5xx).
* **Standardization:** They use a universally understood system, ensuring clients (like web browsers or mobile apps) can interpret the API's response correctly.
* *Examples: `200 OK`, `201 Created`, `404 Not Found`, `500 Internal Server Error`.*

### 20. How do you handle POST requests in Flask?

1.  Specify `methods=['POST']` in the `@app.route()` decorator.
2.  Inside the view function, check `if request.method == 'POST'` (optional, but good practice if handling multiple methods).
3.  Retrieve data using **`request.form`** (for form submissions) or **`request.json`** (for JSON API payloads).
4.  Return a response, typically with a `201 Created` status code.

### 21. How would you secure a Flask API?

Key security measures include:
* **Authentication:** Use **Token-Based Authentication** (like JWTs) instead of sessions for REST APIs.
* **Authorization:** Implement access control checks to ensure users only access resources they are permitted to see.
* **HTTPS:** Enforce SSL/TLS encryption for all traffic.
* **Input Validation:** Sanitize and validate all user inputs to prevent **SQL Injection** and **XSS** (Cross-Site Scripting) attacks.
* **CORS:** Properly configure **CORS** (Cross-Origin Resource Sharing) headers to only allow trusted domains to access the API.

### 22. What is the significance of the Flask-RESTful extension?

**Flask-RESTful** is an extension that simplifies the process of building REST APIs in Flask. It is significant because it:
* **Resource Abstraction:** Provides a **`Resource`** class that maps HTTP methods (GET, POST, etc.) to class methods, making the code cleaner and more strictly RESTful.
* **Simplified Routing:** Uses a custom way to add resources, often simplifying routing for large numbers of endpoints.
* **Marshaling/Serialization:** Helps with data formatting and validation.

### 23. What is the role of Flask's session object?

Flask's **session object** is a dictionary used to store **user-specific information** that needs to persist between different requests. The data is typically stored in a **signed cookie** on the client's browser, protected by a secret key. It is essential for managing user login status or temporary state in traditional web applications, though it's less common (or replaced by tokens) in pure REST APIs.

---
## Part 2: Practical


### 1. How do you create a basic Flask application?



In [24]:
# simple_app.py
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    """Route for the application root."""
    return 'Welcome to the Simple Flask API! (Running on http://127.0.0.1:5000)'

# To run the app (in a real terminal):
# if __name__ == '__main__':
#     app.run(debug=True)

### 2. How do you serve static files like images or CSS in Flask?

Flask automatically serves files from a directory named **`static`** in the application root. We use **`url_for('static', filename='...')`** to generate the correct path in HTML templates.

In [23]:
# Example usage in a (hypothetical) template:
STATIC_FILE_USAGE = """

<link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">

"""
print("Static file resolution example:")
print(STATIC_FILE_USAGE)

Static file resolution example:


<link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">




### 3. How do you define different routes with different HTTP methods in Flask?

Use the `methods` argument in the `@app.route()` decorator to specify the allowed methods for a single view function that handles a resource.

In [22]:
TEMP_DB = [{'id': 1, 'name': 'Item A'}]

@app.route('/items', methods=['GET', 'POST'])
def item_handler():
    if request.method == 'GET':
        return jsonify({'items': TEMP_DB})
    elif request.method == 'POST':
        new_item = request.json
        new_item['id'] = len(TEMP_DB) + 1
        TEMP_DB.append(new_item)
        return jsonify({'message': 'Item added', 'item': new_item}), 201

print("Route '/items' configured for both GET (Read) and POST (Create) methods.")

Route '/items' configured for both GET (Read) and POST (Create) methods.


### 4. How do you render HTML templates in Flask?

Use the **`render_template()`** function. Flask automatically looks for HTML files in a directory named **`templates`** in the application root.

In [21]:
# You would need a file named 'index.html' inside a 'templates' folder.

# @app.route('/html')
# def render_html_page():
#     # Passing a variable to the template (Jinja2 context)
#     user = {'username': 'AssignmentSolver'}
#     return render_template('index.html', user=user)

print("The 'render_template()' function uses Jinja2 to render HTML files from the 'templates' folder.")

The 'render_template()' function uses Jinja2 to render HTML files from the 'templates' folder.


### 5. How can you generate URLs for routes in Flask using `url_for`?

`url_for()` takes the view function name and any necessary URL parameters.

In [19]:
from flask import url_for

@app.route('/profile/<username>')
def user_profile_page_demo(username):
    return f'Welcome, {username}'

# Example of URL generation (requires application context, simulating here):
with app.test_request_context():
    # 1. Simple route URL
    home_url = url_for('item_handler') # Uses function name from Q3
    # 2. Route with a parameter
    profile_url = url_for('user_profile_page_demo', username='alex_codes')
    
    print(f"URL for 'item_handler': {home_url}")
    print(f"URL for 'user_profile_page_demo' (with param): {profile_url}")

URL for 'item_handler': /items
URL for 'user_profile_page_demo' (with param): /profile/alex_codes


### 6. How do you handle forms in Flask?



In [5]:
from flask import Flask, render_template_string, request

app = Flask(__name__)

# Simple HTML form using Jinja2 template
form_html = """
<!doctype html>
<html>
<head><title>Flask Form Example</title></head>
<body>
  <h2>Submit Your Name</h2>
  <form method="POST">
    <input type="text" name="username" placeholder="Enter your name" required>
    <button type="submit">Submit</button>
  </form>

  {% if name %}
    <h3>Hello, {{ name }}!</h3>
  {% endif %}
</body>
</html>
"""

@app.route("/", methods=["GET", "POST"])
def index():
    name = None
    if request.method == "POST":
        name = request.form.get("username")  # get value from form
    return render_template_string(form_html, name=name)

if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with watchdog (windowsapi)


SystemExit: 1

  warn("To exit: use 'exit', 'quit', or Ctrl-D.", stacklevel=1)


### 7. How can you validate form data in Flask?



In [3]:
from flask import Flask, request, render_template_string
import re

app = Flask(__name__)

@app.route("/", methods=["GET", "POST"])
def register():
    errors = []
    if request.method == "POST":
        username = request.form.get("username", "").strip()
        email = request.form.get("email", "").strip()
        password = request.form.get("password", "").strip()

        # Username validation
        if not username or len(username) < 3:
            errors.append("Username must be at least 3 characters.")

        # Email validation (simple regex check)
        if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
            errors.append("Invalid email address.")

        # Password validation
        if len(password) < 6:
            errors.append("Password must be at least 6 characters.")

        if not errors:
            return f"✅ Registration successful! Welcome, {username}."

    return render_template_string('''
        <h2>Register</h2>
        <form method="post">
            Username: <input type="text" name="username"><br>
            Email: <input type="text" name="email"><br>
            Password: <input type="password" name="password"><br>
            <input type="submit" value="Register">
        </form>
        {% for error in errors %}
            <p style="color:red;">{{ error }}</p>
        {% endfor %}
    ''', errors=errors)

if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with watchdog (windowsapi)


SystemExit: 1

### 8. How do you manage sessions in Flask?

Use the **`session`** object, which acts like a dictionary. Remember, the application must have a `app.secret_key` configured for sessions to work securely.

In [13]:
@app.route('/set_session')
def set_session_data():
    # Store a value in the user's session
    session['user_id'] = 123
    return 'Session variable set!'

@app.route('/get_session')
def get_session_data():
    # Retrieve a value from the user's session
    user_id = session.get('user_id', 'Guest')
    return f'Current User ID: {user_id}'

print("Session data is stored in the signed cookie using 'session[key] = value'.")

Session data is stored in the signed cookie using 'session[key] = value'.


### 9. How do you redirect to a different route in Flask?

Use the **`redirect()`** function combined with **`url_for()`**.

In [12]:
@app.route('/old_page')
def old_page():
    # Redirects the client to the 'new_page' view function (HTTP 302 Found)
    return redirect(url_for('new_page'))

@app.route('/new_destination')
def new_page():
    return 'You have been redirected successfully! 🎉'

print("Use 'redirect(url_for(view_function_name))' for clean redirection.")

Use 'redirect(url_for(view_function_name))' for clean redirection.


### 10. How do you handle errors in Flask (e.g., 404)?



In [3]:
from flask import Flask, render_template, jsonify

app = Flask(__name__)

# Handle 404 Not Found error
@app.errorhandler(404)
def not_found_error(error):
    # You can return HTML, JSON, or a template
    return jsonify({
        "error": "Page not found",
        "status": 404
    }), 404

### 11. How do you structure a Flask app using Blueprints?

1.  Create a **`Blueprint`** instance in a separate file (e.g., `user_bp.py`).
2.  Define routes using the blueprint object (`@user_bp.route(...)`).
3.  **Register** the blueprint with the main `app` instance.

In [11]:
from flask import Flask, Blueprint

app = Flask(__name__)

bp = Blueprint("bp", __name__)

@bp.route("/hello")
def hello():
    return "Hello from blueprint!"

app.register_blueprint(bp, url_prefix="/bp")

if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with watchdog (windowsapi)


SystemExit: 1

### 12. How do you define a custom Jinja filter in Flask?

Custom filters are useful for transforming data in the template. They are defined using the **`@app.template_filter()`** decorator or by adding the function to `app.jinja_env.filters`.

In [4]:
@app.template_filter('initials')
def get_initials(fullname):
    """Converts a full name string into initials (e.g., 'John Doe' -> 'J. D.')."""
    return ". ".join(name[0].upper() for name in fullname.split()) + "."

# Example usage in a template:
JINJA_FILTER_USAGE = "{{ 'alice in wonderland' | initials }}" # Output: A. I. W.

print(f"Custom filter 'initials' defined. Example usage: {JINJA_FILTER_USAGE}")

Custom filter 'initials' defined. Example usage: {{ 'alice in wonderland' | initials }}


### 13. How can you redirect with query parameters in Flask?

Pass the query parameters as extra keyword arguments to **`url_for()`**. They are automatically appended to the generated URL.

In [10]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route("/")
def home():
    return "Home Page"

@app.route("/redirect-example")
def redirect_example():
    # Redirect to /home with query parameters ?name=Vishal&age=30
    return redirect(url_for('home', name='Vishal', age=30))

@app.route("/home")
def home_with_params():
    name = request.args.get('name')
    age = request.args.get('age')
    return f"Hello {name}, you are {age} years old."

if __name__ == "__main__":
    app.run(debug=True)


 * Serving Flask app '__main__'
 * Debug mode: on


 * Running on http://127.0.0.1:5000
Press CTRL+C to quit
 * Restarting with watchdog (windowsapi)


SystemExit: 1

### 14. How do you return JSON responses in Flask?

Use the **`jsonify()`** function to automatically serialize Python data (dictionaries, lists) to JSON and set the correct HTTP headers.

In [11]:
@app.route('/api/data')
def get_json_data():
    data = {
        'id': 5,
        'status': 'active',
        'payload': [1, 2, 3]
    }
    # Returns data as JSON with Content-Type: application/json
    return jsonify(data), 200

print("The 'jsonify()' function is essential for creating REST API responses.")

The 'jsonify()' function is essential for creating REST API responses.


### 15. How do you capture URL parameters in Flask?

URL parameters (or path variables) are captured by defining placeholders in the route rule using angle brackets (`<...>`). These placeholders are passed as keyword arguments to the view function.

In [12]:
@app.route('/products/<int:product_id>')
def get_product(product_id):
    # 'product_id' is automatically captured as an integer and passed to the function
    return f'Retrieving Product ID: {product_id} (Type: {type(product_id).__name__})'

@app.route('/greet/<string:name>')
def greet_name(name):
    # 'name' is automatically captured as a string
    return f'Hello, {name}!'

print("Path variables are captured using <type:name> syntax.")

Path variables are captured using <type:name> syntax.
