30. Web Development with Flask

What we will learn in this post?

• 👉 Introduction to Flask
• 👉 Setting Up Flask and First Application
• 👉 Routing and URL Building
• 👉 Templates with Jinja2
• 👉 Handling Forms and User Input
• 👉 Flask and Databases
• 👉 Flask REST APIs

Introduction to Flask 🌐

Flask is a lightweight web framework for Python that makes building web applications easy and fun! It follows the micro-framework philosophy, meaning it provides the essentials without unnecessary features. This allows developers to add only what they need, keeping applications simple and efficient.

Flask vs. Django ⚖️

• Flask:
  • Lightweight and flexible
  • Great for small to medium projects
  • Easy to learn and use
  • Ideal for microservices
• Django:
  • Full-featured framework
  • Best for large applications
  • Comes with built-in features like admin panels and ORM

When to Choose Flask 🤔

• You want quick development for small projects.
• You prefer flexibility and control over components.
• You need a simple API or microservice.

Flask is also highly extensible! You can easily add libraries and tools to enhance your application. Companies like Netflix, Reddit, and Lyft use Flask to power critical microservices handling millions of requests per day.

graph TD
    A["🎯 Start with Flask"]:::style1 --> B{"💡 Choose Components"}:::style2
    B -- "Minimal" --> C["⚡ Core Flask Only"]:::style3
    B -- "Extended" --> D["🔧 Add Extensions"]:::style4
    C --> E["🚀 Build Your App"]:::style5
    D --> E
    
    classDef style1 fill:#ff4f81,stroke:#c43e3e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style5 fill:#ff9800,stroke:#f57c00,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    
    linkStyle default stroke:#e67e22,stroke-width:3px;

With Flask, you can create powerful web applications while keeping things simple and enjoyable! Happy coding! 🎉

Getting Started with Flask! 🚀

Installing Flask

To start, you need to install Flask. Open your terminal and run:

pip install Flask

Creating a Minimal Flask Application

Now, let’s create a simple “Hello World” app! Create a file named app.py and add the following code:

from flask import Flask

app = Flask(__name__)

@app.route('/')
def hello():
    return 'Hello, World!'

if __name__ == '__main__':
    app.run(debug=True)

Understanding the Code

• Flask(__name__): This creates the app object.
• @app.route('/'): This defines a route for the homepage.
• hello(): This function returns “Hello, World!” when you visit the homepage.
• app.run(debug=True): This runs the server in debug mode.

Running the Development Server

To run your app, execute:

python app.py

Now, open your browser and go to http://127.0.0.1:5000/ to see your “Hello, World!” message! 🎉 In production, you’d use a WSGI server like Gunicorn or uWSGI instead of the development server.

%%{init: {'theme':'base', 'themeVariables': { 'primaryColor':'#ff4f81','primaryTextColor':'#fff','primaryBorderColor':'#c43e3e','lineColor':'#e67e22','secondaryColor':'#6b5bff','tertiaryColor':'#ffd700'}}}%%
sequenceDiagram
    participant B as 🌐 Browser
    participant F as ⚙️ Flask App
    participant R as 🎯 Route Handler
    
    Note over B,F: HTTP Request Lifecycle
    B->>+F: GET / HTTP/1.1
    F->>F: Match route decorator
    F->>+R: Call hello()
    R-->>-F: Return 'Hello, World!'
    F-->>-B: HTTP 200 with HTML
    Note left of B: Page rendered ✅

Flask Routing Made Easy! 🚀

Flask is a fantastic web framework for Python, and one of its coolest features is routing! Let’s break it down.

What is Routing? 🌐

Routing in Flask helps you connect URLs to functions. You use the @app.route() decorator to define a route. Here’s a simple example:

@app.route('/')
def home():
    return "Welcome to my website!"

Using URL Parameters 📦

You can also capture parts of the URL as parameters. For example:

@app.route('/user/<username>')
def show_user(username):
    return f"Hello, {username}!"

Variable Rules 🔄

You can define variable rules in your routes:

@app.route('/post/<int:post_id>')
def show_post(post_id):
    return f"Post ID: {post_id}"

HTTP Methods (GET, POST) 📬

Flask supports different HTTP methods. By default, routes respond to GET requests. To handle POST requests, you can specify it like this:

@app.route('/submit', methods=['POST'])
def submit():
    return "Form submitted!"

Using url_for() 🔗

The url_for() function helps you build URLs dynamically. For example:

url_for('show_user', username='Alice')

This generates the URL /user/Alice.

graph TD
    A["👤 User Request"]:::style1 --> B{"🎯 HTTP Method"}:::style2
    B -- "GET /" --> C["🏠 Home Page"]:::style3
    B -- "GET /user/<name>" --> D["👥 User Profile"]:::style4
    B -- "POST /submit" --> E["📝 Submit Form"]:::style5
    B -- "GET /api/data" --> F["📊 JSON Response"]:::style6
    
    classDef style1 fill:#ff4f81,stroke:#c43e3e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style5 fill:#ff9800,stroke:#f57c00,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style6 fill:#00bfae,stroke:#005f99,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    
    linkStyle default stroke:#e67e22,stroke-width:3px;

Real-World Example: RESTful User API 🎯

from flask import Flask, jsonify, request, abort
from functools import wraps
import jwt
import datetime

app = Flask(__name__)
app.config['SECRET_KEY'] = 'your-secret-key-here'

# In-memory user database (use real DB in production)
users = {
    1: {'id': 1, 'name': 'Alice', 'email': 'alice@example.com'},
    2: {'id': 2, 'name': 'Bob', 'email': 'bob@example.com'}
}

def token_required(f):
    """Decorator to protect routes with JWT authentication"""
    @wraps(f)
    def decorated(*args, **kwargs):
        token = request.headers.get('Authorization')
        if not token:
            return jsonify({'message': 'Token is missing'}), 401
        
        try:
            token = token.split()[1]  # Remove 'Bearer' prefix
            data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=['HS256'])
            current_user_id = data['user_id']
        except:
            return jsonify({'message': 'Token is invalid'}), 401
        
        return f(current_user_id, *args, **kwargs)
    return decorated

@app.route('/api/login', methods=['POST'])
def login():
    """Generate JWT token for authentication"""
    auth = request.get_json()
    
    # Validate credentials (simplified for demo)
    if auth and auth.get('email') == 'alice@example.com':
        token = jwt.encode({
            'user_id': 1,
            'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=24)
        }, app.config['SECRET_KEY'], algorithm='HS256')
        
        return jsonify({'token': token})
    
    return jsonify({'message': 'Invalid credentials'}), 401

@app.route('/api/users', methods=['GET'])
@token_required
def get_users(current_user_id):
    """Get all users (protected route)"""
    return jsonify({'users': list(users.values())})

@app.route('/api/users/<int:user_id>', methods=['GET'])
@token_required
def get_user(current_user_id, user_id):
    """Get specific user by ID"""
    user = users.get(user_id)
    if not user:
        abort(404, description='User not found')
    return jsonify(user)

@app.route('/api/users', methods=['POST'])
@token_required
def create_user(current_user_id):
    """Create new user"""
    data = request.get_json()
    
    if not data or 'name' not in data or 'email' not in data:
        abort(400, description='Missing required fields')
    
    new_id = max(users.keys()) + 1
    users[new_id] = {
        'id': new_id,
        'name': data['name'],
        'email': data['email']
    }
    
    return jsonify(users[new_id]), 201

@app.route('/api/users/<int:user_id>', methods=['PUT'])
@token_required
def update_user(current_user_id, user_id):
    """Update existing user"""
    if user_id not in users:
        abort(404, description='User not found')
    
    data = request.get_json()
    users[user_id].update(data)
    return jsonify(users[user_id])

@app.route('/api/users/<int:user_id>', methods=['DELETE'])
@token_required
def delete_user(current_user_id, user_id):
    """Delete user"""
    if user_id not in users:
        abort(404, description='User not found')
    
    del users[user_id]
    return '', 204

if __name__ == '__main__':
    app.run(debug=True)

Why This Matters: This RESTful API pattern with JWT authentication is used by companies like Stripe, Twilio, and GitHub for their APIs. It provides secure, stateless authentication perfect for microservices architectures.

What HTTP method should you use to update an existing resource in a RESTful API?

Explanation

PUT is the standard HTTP method for updating existing resources. POST creates new resources, GET retrieves them, and DELETE removes them.

Happy coding! 😊

Introduction to Jinja2 Templating Engine 🎉

Jinja2 is a powerful templating engine for Python, widely used in web frameworks like Flask. It allows you to create dynamic web pages by separating HTML from Python code. Let’s explore its key features!

Template Syntax 📝

Jinja2 uses a simple syntax to embed Python-like expressions in HTML. Here are some basics:

• Variables: Use double curly braces with variable name to display variables (e.g., variable_name inside double braces)
• Filters: Modify variables with filters like name|capitalize inside double braces

Control Structures 🔄

You can control the flow of your templates using:

• If Statements: Check conditions with if user blocks that show different content based on conditions

  <!-- Example: if user exists, show "Hello, user!", else show "Hello, Guest!" -->
  <div>
    Hello, Alice!
  </div>
  

• For Loops: Iterate over lists to create repeated HTML elements

  <!-- Example: loop through items and display each in a list -->
  <ul>
    <li>Item 1</li>
    <li>Item 2</li>
    <li>Item 3</li>
  </ul>
  

Template Inheritance 🏗️

Jinja2 supports template inheritance, allowing you to create a base template and extend it:

• Create a base.html with common structure (header, footer)
• Child templates extend the base and fill in specific content blocks
• This avoids code duplication across pages

<!-- base.html -->
<html>
  <head><title>My Site</title></head>
  <body>
    <header>Site Header</header>
    <!-- Content goes here -->
    <footer>Site Footer</footer>
  </body>
</html>

Rendering Templates 🚀

To render templates in Flask, use render_template():

from flask import render_template

@app.route('/')
def home():
    return render_template('index.html', user='Alice')

Handling Form Data in Flask 😊

Flask makes it easy to handle form data! Let’s explore how to use request.form, request.args, and request.json for different types of data.

Getting Data from Forms 📝

When you submit a form, you can access the data in different ways:

• request.form: Use this for form data sent via POST. It’s great for handling user inputs like text fields.

  from flask import Flask, request
    
  @app.route('/submit', methods=['POST'])
  def submit():
      name = request.form['name']
      return f"Hello, {name}!"
  

• request.args: This is for data sent via GET requests, like query parameters in the URL.

• request.json: Use this for JSON data sent in the body of a POST request.

Form Validation with Flask-WTF ✅

To ensure your forms are filled out correctly, you can use Flask-WTF. It simplifies form handling and validation.

Basic Steps to Use Flask-WTF:

1. Install Flask-WTF:

   pip install Flask-WTF
   

2. Create a form class with validation rules.

3. Use the form in your route to handle submissions.

graph TD
    A["📝 User Submits Form"]:::style1 --> B["🔍 Flask-WTF Validates"]:::style2
    B --> C{"✅ Is Valid?"}:::style3
    C -- "Yes" --> D["💾 Process Data"]:::style4
    C -- "No" --> E["❌ Show Errors"]:::style5
    D --> F["✨ Success Response"]:::style6
    E --> G["🔄 Re-render Form"]:::style7
    
    classDef style1 fill:#ff4f81,stroke:#c43e3e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#00bfae,stroke:#005f99,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style5 fill:#c43e3e,stroke:#8b2e2e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style6 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style7 fill:#ff9800,stroke:#f57c00,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    
    linkStyle default stroke:#e67e22,stroke-width:3px;

graph TD
    A["📄 base.html"]:::style1 --> B["🎨 Header Block"]:::style2
    A --> C["📦 Content Block"]:::style3
    A --> D["🔻 Footer Block"]:::style4
    
    E["📄 index.html"]:::style5 --> F["🔗 extends base.html"]:::style6
    F --> G["✏️ Override content"]:::style7
    G --> C
    
    classDef style1 fill:#ff4f81,stroke:#c43e3e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#00bfae,stroke:#005f99,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style5 fill:#ff9800,stroke:#f57c00,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style6 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style7 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    
    linkStyle default stroke:#e67e22,stroke-width:3px;

Which Flask object contains form data submitted via POST request?

Explanation

request.form contains form data from POST requests (application/x-www-form-urlencoded). request.args is for URL query parameters, and request.json is for JSON payloads.

Integrating Databases with Flask using Flask-SQLAlchemy 🚀

Flask-SQLAlchemy makes it easy to work with databases in your Flask app. Let’s dive into how to set it up and perform some basic CRUD operations!

Setting Up Flask-SQLAlchemy 🛠️

First, install Flask and Flask-SQLAlchemy:

pip install Flask Flask-SQLAlchemy

Defining Models 📚

Create a simple model for a User:

from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///users.db'
db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(80), nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)

Creating Tables 🏗️

Run this in your Python shell to create the database:

db.create_all()

Performing CRUD Operations 🔄

Create a User

@app.route('/add_user/<name>/<email>')
def add_user(name, email):
    new_user = User(name=name, email=email)
    db.session.add(new_user)
    db.session.commit()
    return f'User {name} added!'

Read Users

@app.route('/users')
def get_users():
    users = User.query.all()
    return {user.id: user.name for user in users}

Update a User

@app.route('/update_user/<int:id>/<name>')
def update_user(id, name):
    user = User.query.get(id)
    user.name = name
    db.session.commit()
    return f'User {id} updated!'

Delete a User

@app.route('/delete_user/<int:id>')
def delete_user(id):
    user = User.query.get(id)
    db.session.delete(user)
    db.session.commit()
    return f'User {id} deleted!'

graph TD
    A["⚙️ Flask Application"]:::style1 --> B["🔗 Flask-SQLAlchemy"]:::style2
    B --> C["🗃️ SQLite/PostgreSQL/MySQL"]:::style3
    
    D["📊 Model Classes"]:::style4 --> B
    D --> E["👤 User Model"]:::style5
    D --> F["📝 Post Model"]:::style6
    D --> G["💬 Comment Model"]:::style7
    
    E -."1:N".-> F
    F -."1:N".-> G
    
    classDef style1 fill:#ff4f81,stroke:#c43e3e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#00bfae,stroke:#005f99,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style5 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style6 fill:#ff9800,stroke:#f57c00,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style7 fill:#9e9e9e,stroke:#616161,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    
    linkStyle default stroke:#e67e22,stroke-width:3px;

Which method is used to add a new record to the database in Flask-SQLAlchemy?

Explanation

db.session.add() adds a new object to the session, and db.session.commit() persists it to the database. Flask-SQLAlchemy uses SQLAlchemy's session pattern for database operations.

Feel free to ask if you have any questions! 😊

Real-World Example: Blog System with Relationships 🎯

from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
from datetime import datetime
from werkzeug.security import generate_password_hash, check_password_hash

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///blog.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)

# Models with relationships
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    password_hash = db.Column(db.String(200), nullable=False)
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    
    # Relationships
    posts = db.relationship('Post', backref='author', lazy='dynamic', 
                          cascade='all, delete-orphan')
    comments = db.relationship('Comment', backref='author', lazy='dynamic',
                              cascade='all, delete-orphan')
    
    def set_password(self, password):
        self.password_hash = generate_password_hash(password)
    
    def check_password(self, password):
        return check_password_hash(self.password_hash, password)
    
    def to_dict(self):
        return {
            'id': self.id,
            'username': self.username,
            'email': self.email,
            'created_at': self.created_at.isoformat(),
            'post_count': self.posts.count()
        }

class Post(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    title = db.Column(db.String(200), nullable=False)
    content = db.Column(db.Text, nullable=False)
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    updated_at = db.Column(db.DateTime, default=datetime.utcnow, 
                          onupdate=datetime.utcnow)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
    
    # Relationships
    comments = db.relationship('Comment', backref='post', lazy='dynamic',
                              cascade='all, delete-orphan')
    
    def to_dict(self, include_comments=False):
        data = {
            'id': self.id,
            'title': self.title,
            'content': self.content,
            'created_at': self.created_at.isoformat(),
            'updated_at': self.updated_at.isoformat(),
            'author': self.author.username,
            'comment_count': self.comments.count()
        }
        
        if include_comments:
            data['comments'] = [c.to_dict() for c in self.comments]
        
        return data

class Comment(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    content = db.Column(db.Text, nullable=False)
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
    post_id = db.Column(db.Integer, db.ForeignKey('post.id'), nullable=False)
    
    def to_dict(self):
        return {
            'id': self.id,
            'content': self.content,
            'created_at': self.created_at.isoformat(),
            'author': self.author.username
        }

# API endpoints
@app.route('/api/posts', methods=['GET'])
def get_posts():
    """Get all posts with pagination"""
    page = request.args.get('page', 1, type=int)
    per_page = request.args.get('per_page', 10, type=int)
    
    posts = Post.query.order_by(Post.created_at.desc()).paginate(
        page=page, per_page=per_page, error_out=False
    )
    
    return jsonify({
        'posts': [post.to_dict() for post in posts.items],
        'total': posts.total,
        'page': page,
        'pages': posts.pages
    })

@app.route('/api/posts/<int:post_id>', methods=['GET'])
def get_post(post_id):
    """Get single post with comments"""
    post = Post.query.get_or_404(post_id)
    return jsonify(post.to_dict(include_comments=True))

@app.route('/api/posts', methods=['POST'])
def create_post():
    """Create new post"""
    data = request.get_json()
    
    # Validate required fields
    if not data or 'title' not in data or 'content' not in data:
        return jsonify({'error': 'Missing required fields'}), 400
    
    # Get or create user (simplified - use proper auth in production)
    user = User.query.filter_by(username=data.get('author', 'anonymous')).first()
    if not user:
        user = User(username=data.get('author', 'anonymous'),
                   email=f"{data.get('author', 'anonymous')}@example.com")
        user.set_password('password123')
        db.session.add(user)
    
    # Create post
    post = Post(
        title=data['title'],
        content=data['content'],
        author=user
    )
    
    db.session.add(post)
    db.session.commit()
    
    return jsonify(post.to_dict()), 201

@app.route('/api/posts/<int:post_id>/comments', methods=['POST'])
def add_comment(post_id):
    """Add comment to post"""
    post = Post.query.get_or_404(post_id)
    data = request.get_json()
    
    if not data or 'content' not in data:
        return jsonify({'error': 'Missing content'}), 400
    
    # Get or create user
    user = User.query.filter_by(username=data.get('author', 'anonymous')).first()
    if not user:
        user = User(username=data.get('author', 'anonymous'),
                   email=f"{data.get('author', 'anonymous')}@example.com")
        user.set_password('password123')
        db.session.add(user)
    
    comment = Comment(
        content=data['content'],
        post=post,
        author=user
    )
    
    db.session.add(comment)
    db.session.commit()
    
    return jsonify(comment.to_dict()), 201

@app.route('/api/users/<username>/posts', methods=['GET'])
def get_user_posts(username):
    """Get all posts by a user"""
    user = User.query.filter_by(username=username).first_or_404()
    posts = user.posts.order_by(Post.created_at.desc()).all()
    
    return jsonify({
        'user': user.to_dict(),
        'posts': [post.to_dict() for post in posts]
    })

if __name__ == '__main__':
    with app.app_context():
        db.create_all()  # Create tables
    app.run(debug=True)

Why This Matters: This blog system demonstrates SQLAlchemy relationships (one-to-many), cascade deletes, and pagination - essential patterns used by WordPress, Medium, and DEV.to. The relationship handling prevents orphaned records and maintains data integrity across millions of posts.

Creating RESTful APIs with Flask 🌐

Flask is a lightweight web framework for Python that makes it easy to create RESTful APIs. Let’s break down how to do this in a friendly way!

Getting Started with Flask 🚀

1. Install Flask: Use pip to install Flask:

   pip install Flask
   

2. Create a Simple API: Here’s a basic example of a Flask app that returns JSON responses:

   from flask import Flask, jsonify
   
   app = Flask(__name__)
   
   @app.route('/api/greet', methods=['GET'])
   def greet():
       return jsonify(message="Hello, World!")
   
   if __name__ == '__main__':
       app.run(debug=True)
   

Handling Different HTTP Methods 🔄

You can handle various HTTP methods like GET, POST, PUT, and DELETE. Here’s how:

• GET: Retrieve data.
• POST: Create new data.
• PUT: Update existing data.
• DELETE: Remove data.

Example for a POST request:

@app.route('/api/items', methods=['POST'])
def create_item():
    item = request.json
    return jsonify(item), 201

Using Flask-RESTful 🛠️

Flask-RESTful is an extension that simplifies API creation. It provides tools to build REST APIs quickly.

Example with Flask-RESTful:

from flask_restful import Resource, Api

api = Api(app)

class Item(Resource):
    def get(self):
        return {'item': 'example'}

api.add_resource(Item, '/api/item')

Flowchart of API Request Handling

graph TD
    A["🌐 Client Request"]:::style1 --> B{"🎯 HTTP Method"}:::style2
    B -- "GET" --> C["📖 Retrieve Data"]:::style3
    B -- "POST" --> D["✨ Create Data"]:::style4
    B -- "PUT" --> E["✏️ Update Data"]:::style5
    B -- "DELETE" --> F["🗑️ Delete Data"]:::style6
    
    C --> G["📦 JSON Response 200"]:::style7
    D --> H["📦 JSON Response 201"]:::style8
    E --> G
    F --> I["📦 Empty Response 204"]:::style9
    
    classDef style1 fill:#ff4f81,stroke:#c43e3e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style2 fill:#ffd700,stroke:#d99120,color:#222,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style3 fill:#43e97b,stroke:#38f9d7,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style4 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style5 fill:#ff9800,stroke:#f57c00,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style6 fill:#c43e3e,stroke:#8b2e2e,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style7 fill:#00bfae,stroke:#005f99,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style8 fill:#6b5bff,stroke:#4a3f6b,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    classDef style9 fill:#9e9e9e,stroke:#616161,color:#fff,font-size:16px,stroke-width:3px,rx:14,shadow:6px;
    
    linkStyle default stroke:#e67e22,stroke-width:3px;

🎯 Hands-On Assignment: Build a Task Management API with Authentication 🚀

📝 Your Mission

Create a production-ready RESTful API for task management using Flask. Build a complete system with user authentication (JWT tokens), CRUD operations for tasks, SQLAlchemy database models with relationships, and proper error handling. This project combines routing, forms, databases, and REST API concepts covered in this post.

🎯 Requirements

1. Implement User authentication system:
   • POST /api/register - Register new user with password hashing
   • POST /api/login - Login and receive JWT token
   • Use @token_required decorator to protect routes
2. Create Task CRUD operations:
   • GET /api/tasks - List all tasks for authenticated user
   • GET /api/tasks/</code> - Get single task details</li>
   • POST /api/tasks - Create new task
   • PUT /api/tasks/</code> - Update task</li>
   • DELETE /api/tasks/</code> - Delete task</li> </ul> </li>
   • Database models with Flask-SQLAlchemy:
     • User model: id, username, email, password_hash, created_at
     • Task model: id, title, description, status, priority, due_date, user_id
     • Relationship: User has many Tasks (one-to-many)
   • Add task filtering and pagination:
     • Filter by status: ?status=completed
     • Filter by priority: ?priority=high
     • Pagination: ?page=1&per_page=10
   • Implement proper error handling with appropriate HTTP status codes
   • Write at least 3 test cases using pytest or unittest </ol>

     💡 Implementation Hints

     1. Install required packages: pip install Flask Flask-SQLAlchemy PyJWT werkzeug
     2. Use werkzeug.security.generate_password_hash() for password hashing
     3. Generate JWT with: jwt.encode({'user_id': user.id, 'exp': ...}, SECRET_KEY)
     4. Protect routes with decorator that checks JWT from Authorization header
     5. Use db.relationship() with backref for User-Task relationship
     6. For filtering: Task.query.filter_by(status=status, user_id=user_id)
     7. For pagination: .paginate(page=page, per_page=per_page)

     🚀 Example Input/Output

     # 1. Register a new user
     curl -X POST http://localhost:5000/api/register \
       -H "Content-Type: application/json" \
       -d '{"username": "alice", "email": "alice@example.com", "password": "secret123"}'
     
     # Response: {"message": "User created successfully", "user_id": 1}
     
     # 2. Login to get JWT token
     curl -X POST http://localhost:5000/api/login \
       -H "Content-Type: application/json" \
       -d '{"email": "alice@example.com", "password": "secret123"}'
     
     # Response: {"token": "eyJ0eXAiOiJKV1QiLCJhbGc..."}
     
     # 3. Create a task (requires token)
     curl -X POST http://localhost:5000/api/tasks \
       -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc..." \
       -H "Content-Type: application/json" \
       -d '{"title": "Learn Flask", "description": "Complete Flask tutorial", "priority": "high", "status": "in_progress"}'
     
     # Response: {"id": 1, "title": "Learn Flask", "status": "in_progress", "created_at": "2026-01-05T10:30:00"}
     
     # 4. Get all tasks with filtering
     curl -X GET "http://localhost:5000/api/tasks?status=in_progress&page=1" \
       -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc..."
     
     # Response:
     # {
     #   "tasks": [
     #     {"id": 1, "title": "Learn Flask", "status": "in_progress", "priority": "high"},
     #     {"id": 2, "title": "Build API", "status": "in_progress", "priority": "medium"}
     #   ],
     #   "total": 2,
     #   "page": 1,
     #   "pages": 1
     # }
     
     # 5. Update a task
     curl -X PUT http://localhost:5000/api/tasks/1 \
       -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc..." \
       -H "Content-Type: application/json" \
       -d '{"status": "completed"}'
     
     # Response: {"id": 1, "title": "Learn Flask", "status": "completed", "updated_at": "2026-01-05T14:20:00"}
     

     🏆 Bonus Challenges

     • Level 2: Add task categories with many-to-many relationship (Task ↔ Category)
     • Level 3: Implement task sharing: POST /api/tasks//share</code> to share with other users</li>
     • Level 4: Add file attachments to tasks using secure file upload
     • Level 5: Create real-time notifications using Flask-SocketIO when tasks are updated
     • Level 6: Deploy to Heroku with PostgreSQL database and document API with Swagger/OpenAPI </ul>

       📚 Learning Goals

       • Master Flask routing and RESTful API design principles 🎯
       • Implement secure JWT-based authentication 🔐
       • Build database models with SQLAlchemy relationships 🗃️
       • Apply proper HTTP methods and status codes ✨
       • Handle errors gracefully with try-except blocks 🛡️
       • Create production-ready APIs used by real companies 🚀

       💡 Pro Tip: This task management API pattern is used by Trello, Asana, and Todoist! JWT authentication is the industry standard for stateless API authentication, perfect for microservices and mobile apps. Master this, and you can build any RESTful API!

       Share Your Solution! 💬

       Completed the project? Post your code in the comments below! Show us your Flask API mastery! 🚀✨

       </div> </details> --- # Conclusion: Master Flask Web Development 🎓 Flask empowers you to build production-ready web applications and APIs with minimal boilerplate while maintaining maximum flexibility. From routing and templates to databases and REST APIs, Flask provides everything needed to create scalable, maintainable web services used by companies worldwide!