# RESTful API & Flask — Assignment (23 Theory + 15 Practical)

## Section 1: Theoretical Questions (23)

### 1) What is a RESTful API?

A RESTful API is a web interface that follows the principles of Representational State Transfer (REST). 
It treats everything as resources identified by URLs and uses standard HTTP methods—GET, POST, PUT/PATCH, DELETE—to operate on them. 
REST encourages stateless communication: each request contains all needed information, so the server does not store client session state. 
Responses are usually JSON, making them easy to read and use in web or mobile apps. 
Key ideas include client–server separation, cacheability, layered systems, and uniform interfaces. 
RESTful APIs are popular because they are simple, scalable, and work well with existing web standards and tools.

### 2) Explain the concept of API specification.

An API specification is a precise, human‑ and machine‑readable document that describes how clients should interact with an API. 
It defines endpoints (URLs), request methods, parameters, headers, authentication schemes, expected responses, status codes, and error formats. 
Specifications remove guesswork, enabling consistent implementation and easier collaboration between backend and frontend teams. 
Popular formats include OpenAPI (formerly Swagger) and RAML. 
With OpenAPI, you can auto‑generate interactive documentation, client SDKs, and server stubs from one source of truth. 
A good spec also includes data models, examples, constraints, and versioning details. 
In short, an API spec is a contract that ensures reliability, clarity, and maintainability.

### 3) What is Flask, and why is it popular for building APIs?

Flask is a lightweight, micro web framework for Python. 
It provides the essentials for building web applications and APIs—routing, request/response handling, and templating—without enforcing heavy structure. 
Developers add only the extensions they need, such as Flask‑SQLAlchemy for databases or Flask‑RESTful for API helpers. 
Its simplicity, excellent documentation, and large ecosystem make Flask beginner‑friendly yet powerful for production. 
Flask supports JSON responses out of the box, integrates easily with WSGI servers, and works well with popular tools like Jinja2, Click, and testing libraries. 
Because it is unopinionated, teams can design clean architectures while keeping code readable, modular, and easy to maintain.

### 4) What is routing in Flask?

Routing in Flask maps incoming URLs to specific Python functions called view functions. 
You define routes using the @app.route() decorator, which associates a path like '/' or '/users/<id>' with a handler function. 
When a request arrives, Flask matches the URL and HTTP method, then calls the corresponding view. 
Routes can capture variables from the URL, support different methods (GET, POST, etc.), and return strings, JSON, templates, or Response objects. 
Routing enables clean, meaningful URLs and separates concerns inside the application. 
Dynamic converters (e.g., int:, string:) validate parameters automatically. 
Good routing design improves readability, testability, and the overall structure of a web app or API.

### 5) How do you create a simple Flask application?

To create a simple Flask app, install Flask (pip install flask), then write a small script. 
Import Flask, instantiate app = Flask(__name__), define a route with @app.route('/'), and return a response from a view function. 
Finally, run app.run(debug=True) for development. 
For example: define home() returning 'Hello, World!'. 
Visiting http://127.0.0.1:5000/ in a browser will show the message. 
Use debug mode to auto‑reload on code changes and to display helpful error pages. 
As the app grows, add more routes, templates, static files, configuration, and extensions. 
Keep secrets out of code and use environment variables for production settings.

### 6) What are HTTP methods used in RESTful APIs?

Common HTTP methods map to CRUD operations. 
GET retrieves resources without changing server state. 
POST creates new resources and is used for submissions. 
PUT replaces a resource entirely, while PATCH updates it partially. 
DELETE removes a resource. 
OPTIONS describes communication options for a target resource, and HEAD is like GET without the response body, useful for metadata. 
Choosing the correct method improves clarity, caching, idempotency, and security semantics. 
For example, GET and HEAD should be safe and cacheable, PUT and DELETE are idempotent, and POST is not. 
Using methods consistently helps clients understand and interact with APIs predictably.

### 7) What is the purpose of the @app.route() decorator in Flask?

The @app.route() decorator registers a URL pattern with a view function so Flask knows which function to call for a given request. 
You can specify the path (e.g., '/users') and allowed HTTP methods (methods=['GET','POST']). 
The decorator enables clean, declarative mapping of routes to logic, keeping code readable. 
It also supports dynamic URL segments like '/users/<int:user_id>', passing captured values as function arguments. 
Multiple routes can point to the same view when needed. 
By centralizing route definitions near their handlers, @app.route() promotes maintainability and helps developers structure APIs and web pages clearly and consistently.

### 8) What is the difference between GET and POST HTTP methods?

GET requests are used to retrieve data without changing server state. 
Parameters are usually sent in the URL query string, making them visible and length‑limited. 
GET is cacheable, bookmarkable, safe, and should not have side effects. 
POST requests send data in the request body to create or process resources. 
They are not cacheable by default, are not idempotent, and are suited for form submissions, uploads, and operations that modify state. 
Sensitive data should be sent via POST with HTTPS. 
In RESTful design, use GET for reads and POST for creations or actions, keeping semantics clear and predictable for clients and caches.

### 9) How do you handle errors in Flask APIs?

Handling errors in Flask APIs involves returning consistent, meaningful responses with correct HTTP status codes. 
Use error handlers via @app.errorhandler(code) to customize messages for 400, 404, 405, 500, and more. 
Return JSON bodies containing 'error', 'message', and possibly 'details' to help clients debug. 
Validate inputs early, handle exceptions with try/except or custom exceptions, and log errors for monitoring. 
Enable or disable debugging appropriately and avoid leaking stack traces in production. 
Consider using Marshmallow or Pydantic for validation. 
Consistent error handling improves developer experience, reliability, and makes integration with frontend or third‑party consumers smoother.

### 10) How do you connect Flask to a SQL database?

To connect Flask to a SQL database, configure a database URI and use an ORM or driver. 
Flask‑SQLAlchemy is a popular extension that integrates SQLAlchemy ORM with Flask. 
Install it, set SQLALCHEMY_DATABASE_URI (e.g., for SQLite or PostgreSQL), initialize db = SQLAlchemy(app), and define models as Python classes. 
Create tables with db.create_all() in development, then use sessions to query and commit. 
Alternatively, use raw drivers like psycopg2 or sqlite3 for direct SQL. 
For production, manage migrations with Flask‑Migrate (Alembic), keep credentials in environment variables, and pool connections through a WSGI server.

### 11) What is the role of Flask‑SQLAlchemy?

Flask‑SQLAlchemy provides convenient integration of the SQLAlchemy ORM with Flask applications. 
It simplifies configuration, session management, and model declarations while preserving SQLAlchemy’s power. 
You define models as Python classes with db.Model, columns with db.Column, and relationships using foreign keys and backrefs. 
It offers helpful defaults, context‑aware sessions, and easy access to queries via Model.query. 
In development, db.create_all() creates tables quickly; in production, combine with Flask‑Migrate for schema changes. 
Using Flask‑SQLAlchemy improves productivity, keeps code organized, and abstracts repetitive boilerplate when working with relational databases in Flask APIs or web apps.

### 12) What are Flask blueprints, and how are they useful?

Blueprints are modular components for organizing groups of related routes, templates, and static files in Flask. 
Instead of defining everything in a single app file, you define blueprints in separate modules and register them on the application. 
This promotes clean structure, reusability, and teamwork. 
For example, an 'auth' blueprint handles login, register, and logout routes, while an 'api' blueprint exposes JSON endpoints. 
Blueprints also support URL prefixes, error handlers, and template folders. 
They make large applications easier to navigate and test, and they enable packaging features for reuse across projects without coupling to a specific Flask instance.

### 13) What is the purpose of Flask’s request object?

Flask’s request object represents the incoming HTTP request and provides access to method, headers, URL, query parameters, form data, JSON body, files, and cookies. 
It is context‑local, meaning it refers to the current request being processed. 
Developers use request.args for query strings, request.form for form fields, request.get_json() for JSON payloads, and request.files for uploads. 
It also exposes path, remote address, and content type. 
By centralizing request data, Flask simplifies input handling and validation. 
Properly reading and sanitizing request content is essential for security, correctness, and building predictable API endpoints and web forms.

### 14) How do you create a RESTful API endpoint using Flask?

To create a RESTful API endpoint, define a route and return JSON with appropriate status codes. 
Use @app.route('/items', methods=['GET','POST']) and implement logic for each method. 
Serialize Python dictionaries with jsonify(), and validate inputs before processing. 
Return tuples like (json_body, status_code) for clarity, e.g., return jsonify(item), 201 when creating resources. 
Handle errors with try/except and custom error handlers. 
For structure, separate routes into blueprints and business logic into services. 
Optionally use Flask‑RESTful or Flask‑Smorest for resource classes, request parsing, and automatic documentation.

### 15) What is the purpose of Flask’s jsonify() function?

jsonify() converts Python data structures—dicts, lists, and primitives—into a JSON HTTP response with the correct application/json content type. 
It also handles UTF‑8 encoding and ensures keys and values are serializable. 
Using jsonify() is safer than manually dumping JSON because it integrates with Flask’s Response object, sets headers correctly, and can accept multiple arguments or keyword pairs. 
Combined with proper status codes, jsonify() helps build clear, client‑friendly REST endpoints. 
It improves consistency, reduces boilerplate, and avoids common serialization mistakes when returning structured data from Flask views.

### 16) Explain Flask’s url_for() function.

url_for() generates URLs for routes using the endpoint (function name) and parameters rather than hard‑coding paths. 
This prevents broken links when routes change and supports URL building with dynamic arguments and blueprints. 
For example, url_for('user', id=5) might produce '/users/5'. 
It respects SCRIPT_NAME, application context, and can generate external absolute URLs with _external=True. 
Using url_for() in templates and views improves maintainability, supports localization or versioning, and helps avoid subtle bugs caused by manually concatenating strings to form URLs.

### 17) How does Flask handle static files (CSS, JavaScript, etc.)?

Flask serves static assets from a folder named 'static' located beside your application module by default. 
Files in that directory are automatically available under the '/static/' URL path, e.g., '/static/style.css'. 
In templates, you should generate links using url_for('static', filename='style.css') to avoid hard‑coded paths. 
You can configure the static_folder or use blueprint‑specific static directories. 
For production, serve static files with a web server or CDN for better performance and caching. 
Flask’s built‑in static handling is convenient for development and small projects.

### 18) What is an API specification, and how does it help in building a Flask API?

An API specification (like OpenAPI) describes endpoints, parameters, data models, auth, and responses in a single source of truth. 
For Flask projects, a spec guides design, ensures consistency, and enables automatic documentation (Swagger UI), client SDK generation, and mock servers. 
It reduces ambiguity between frontend and backend teams and simplifies onboarding. 
Versioning and deprecation policies can be documented clearly. 
By validating requests and responses against the spec, you catch errors early and maintain quality. 
Overall, an API spec accelerates development, improves reliability, and makes your Flask API understandable and maintainable for others.

### 19) What are HTTP status codes, and why are they important in a Flask API?

HTTP status codes are standardized numbers indicating the result of a request. 
2xx means success (200 OK, 201 Created), 4xx indicates client errors (400 Bad Request, 401 Unauthorized, 404 Not Found), and 5xx signals server errors (500 Internal Server Error). 
Choosing correct codes communicates outcomes clearly to clients, enables proper error handling, and leverages browser or proxy behavior. 
In Flask, return (json, code) to set them explicitly. 
Good use of status codes improves API usability, debuggability, and contract clarity between services.

### 20) How do you handle POST requests in Flask?

To handle POST requests, define a route with methods=['POST'] or include 'POST' in the list. 
Access data from request.form for HTML forms, request.get_json() for JSON bodies, and request.files for uploads. 
Validate inputs, apply business logic, and return a response with appropriate status codes (often 201 for creation). 
Use CSRF protection for forms, authentication for sensitive endpoints, and limit payload size. 
Return JSON via jsonify() describing the result or created resource location via the Location header. 
Testing with curl or Postman ensures your POST handler behaves correctly.

### 21) How would you secure a Flask API?

Securing a Flask API involves authentication, authorization, validation, rate limiting, and transport security. 
Use HTTPS everywhere, store secrets safely, and implement token‑based auth (JWT or OAuth 2.0). 
Validate and sanitize inputs to prevent injection. 
Use Flask‑Limiter for rate limiting, CORS rules for browser clients, and secure cookies when sessions are used. 
Apply role‑based access control, log important events, and monitor errors. 
Keep dependencies updated, pin versions, and avoid exposing stack traces in production. 
Follow the principle of least privilege for databases and cloud resources.

### 22) What is the significance of the Flask‑RESTful extension?

Flask‑RESTful simplifies building REST APIs by offering Resource classes, request parsing, and standardized response formatting. 
It organizes endpoints as Python classes with methods like get(), post(), put(), and delete(), reducing boilerplate. 
The reqparse utility validates and extracts inputs, while helpful error handling and output marshalling keep responses consistent. 
Although you can build APIs with pure Flask, Flask‑RESTful accelerates development and enforces cleaner structures. 
Many teams now also consider alternatives like Flask‑Smorest or FastAPI, but Flask‑RESTful remains a solid option for small to medium services.

### 23) What is the role of Flask’s session object?

Flask’s session object stores small, per‑user data across requests, such as login status or preferences. 
It is implemented as a signed cookie, meaning data lives on the client but is cryptographically protected by the app’s secret_key to prevent tampering. 
You read and write session like a dict: session['user'] = 'alice'. 
Keep it lightweight; do not store sensitive or large data there. 
For server‑side storage or scalability, integrate Redis or database‑backed session extensions. 
Sessions simplify user experience while keeping Flask apps stateless on the server side.

## Section 2: Practical Questions (15)

### Q1. Create a basic Flask application

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/')
def home():
    return "Hello, this is my first Flask app!"

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/ in the browser, it shows:  
"Hello, this is my first Flask app!"


### Q2. Serve static files like images or CSS

In [None]:
from flask import Flask, send_from_directory

app = Flask(__name__)

@app.route('/static-file')
def static_file():
    return send_from_directory('static', 'hello.txt')  # hello.txt must be inside static/

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/static-file, the content of `hello.txt` from the static folder is shown:  
"This is a static text file served by Flask."

Alternatively, I can open http://127.0.0.1:5000/static/hello.txt directly to see the same file.


### Q3. Define routes with different HTTP methods

In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/method', methods=['GET', 'POST'])
def method_example():
    if request.method == 'GET':
        return "You used GET method"
    else:
        return "You used POST method"

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
- If I open http://127.0.0.1:5000/method in the browser, it shows:  
"You used GET method"  
- If I send a POST request to the same route, it shows:  
"You used POST method"


### Q4. Render HTML templates

In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/')
def home():
    return render_template('index.html')

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/, it renders the `index.html` page and shows:  
"Welcome to Flask Template" (inside an HTML page).


### Q5. Generate URLs using url_for

In [None]:
from flask import Flask, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return f"Go to {url_for('about')}"

@app.route('/about')
def about():
    return "This is the About page"

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/, it shows a link text like:  
"Go to /about"  
When I click it or open http://127.0.0.1:5000/about, it shows:  
"This is the About page"


### Q6. Handle forms

In [None]:
from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/form', methods=['GET', 'POST'])
def form():
    if request.method == 'POST':
        return f"Hello {request.form['name']}"
    return render_template('form.html')

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
- When I open http://127.0.0.1:5000/form, a form is displayed asking for a name.  
- If I type "John" and submit, the page shows:  
"Hello John"


### Q7. Validate form data

In [None]:
from flask import Flask, request

app = Flask(__name__)

@app.route('/validate', methods=['GET', 'POST'])
def validate():
    if request.method == 'POST':
        name = request.form.get('name')
        if not name:
            return "Name is required!"
        return f"Hello {name}"
    return '''
        <form method="POST">
            <input type="text" name="name" placeholder="Enter name">
            <input type="submit">
        </form>
    '''

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
- When I open http://127.0.0.1:5000/validate, a form is shown.  
- If I leave the field empty and submit, it shows:  
"Name is required!"  
- If I enter "Alice" and submit, it shows:  
"Hello Alice"


### Q8. Manage sessions

In [None]:
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
app.secret_key = "secret123"  # required for sessions

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        session['user'] = request.form['username']
        return redirect(url_for('profile'))
    return '''
        <form method="POST">
            <input name="username">
            <input type="submit">
        </form>
    '''

@app.route('/profile')
def profile():
    if 'user' in session:
        return f"Logged in as {session['user']}"
    return "Not logged in"

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
- When I open http://127.0.0.1:5000/login, a form appears to enter a username.  
- If I type "Yogita" and submit, it redirects to /profile.  
- On /profile, it shows:  
"Logged in as Yogita"


### Q9. Redirect to a different route

In [None]:
from flask import Flask, redirect, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return redirect(url_for('hello'))

@app.route('/hello')
def hello():
    return "You were redirected here!"

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/, it automatically redirects to /hello and shows:  
"You were redirected here!"


### Q10. Handle errors (404)

In [None]:
from flask import Flask

app = Flask(__name__)

@app.errorhandler(404)
def not_found(e):
    return "Oops! Page not found.", 404

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
- If I try to open a page that does not exist (e.g., http://127.0.0.1:5000/xyz),  
it shows the custom error message:  
"Oops! Page not found."


### Q11. Structure a Flask app using Blueprints

In [None]:
# File: my_blueprint.py
from flask import Blueprint

bp = Blueprint('bp', __name__)

@bp.route('/blue')
def blue_page():
    return "This is from a Blueprint!"

# Main app
from flask import Flask
from my_blueprint import bp

app = Flask(__name__)
app.register_blueprint(bp)

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/blue, it shows:  
"This is from a Blueprint!"


### Q12. Define a custom Jinja filter

In [None]:
from flask import Flask, render_template_string

app = Flask(__name__)

@app.template_filter('reverse')
def reverse_string(s):
    return s[::-1]

@app.route('/')
def home():
    return render_template_string("{{ 'Flask'|reverse }}")

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/, it shows the reversed string of "Flask":  
"ksalF"


### Q13. Redirect with query parameters

In [None]:
from flask import Flask, redirect, url_for, request

app = Flask(__name__)

@app.route('/')
def home():
    return redirect(url_for('hello', name="John"))

@app.route('/hello')
def hello():
    name = request.args.get('name')
    return f"Hello {name}!"

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/, it redirects to /hello?name=John and shows:  
"Hello John!"


### Q14. Return JSON responses

In [None]:
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/json')
def json_example():
    return jsonify({"name": "Alice", "age": 25})

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/json, it shows JSON data:  
{"name": "Alice", "age": 25}


### Q15. Capture URL parameters

In [None]:
from flask import Flask

app = Flask(__name__)

@app.route('/user/<name>')
def user(name):
    return f"Hello, {name}!"

if __name__ == "__main__":
    app.run(debug=True)

**Expected Output:**  
When I open http://127.0.0.1:5000/user/Yogita, it shows:  
"Hello, Yogita!"  

If I open http://127.0.0.1:5000/user/Alice, it shows:  
"Hello, Alice!"
