REST APIs with Flask and Python
4.6 (10,510 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
58,054 students enrolled

REST APIs with Flask and Python

Build professional REST APIs with Python, Flask, Flask-RESTful, and Flask-SQLAlchemy
4.6 (10,510 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
58,054 students enrolled
Last updated 5/2020
English, French [Auto], 6 more
  • German [Auto]
  • Indonesian [Auto]
  • Italian [Auto]
  • Polish [Auto]
  • Portuguese [Auto]
  • Spanish [Auto]
Current price: $76.99 Original price: $109.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 17 hours on-demand video
  • 22 articles
  • 16 downloadable resources
  • 7 coding exercises
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Connect web or mobile applications to databases and servers via REST APIs
  • Create secure and reliable REST APIs which include authentication, logging, caching, and more
  • Understand the different layers of a web server and how web applications interact with each other
  • Handle seamless user authentication with advanced features like token refresh
  • Handle log-outs and prevent abuse in your REST APIs with JWT blacklisting
  • Develop professional-grade REST APIs with expert instruction
Course content
Expand all 155 lectures 17:02:20
+ Welcome!
4 lectures 01:44

This course is structured in a specific way to make it as easy as possible for you to get exactly what you want out of it.

This lecture looks at maximising your time's value by making the course as efficient as possible for you.

How to take this course

A short set of questions for you to evaluate your Python knowledge, and determine where to start the course.

Before we get started: a self-assessment

Installing Python is very simple! Follow these steps and you'll be up and running in no time.

Python on Windows

Installing Python is very simple! Follow these steps and you'll be up and running in no time.

Python on Mac
+ A Full Python Refresher
48 lectures 05:14:00

This is a short introductory video to this section. I'm really excited to guide you through this Python refresher course!

Preview 01:01

This lecture has a link to all the Python code we'll write in this section. Use it to check your code as you write it, or to refresh your memory!

Access the code for this section here

Let's look at variables in Python. Variables are just names for values, which we can reuse and reset.

Python is a dynamic typed language, which means variables don't need be constrained to a specific type.

Preview 08:26
1 question

The solution to the "Variables" Python coding exercise.

Solution to coding exercise: Variables
Writing our first Python app

In this lecture we look at three essential data structures in Python: lists, tuples, and sets.

A list is an ordered collection of items.

A tuple is an immutable ordered collection of items.

A set is an unordered collection of unique items.

Lists, tuples, and sets

In this fascinating video, we look at advanced set operations: calculating items which are in two sets, or items which are in one set but not another.

Advanced set operations
Lists, tuples, and sets
1 question

The solution to the "Lists, tuples, and sets" Python coding exercise.

Solution to coding exercise: Lists, tuples, sets
Booleans in Python

This video explores how to create programs which can change depending on some input. For example, we might ask the user if they want to continue or not.

This makes use of boolean comparisons, such as:

  • 1 == 1 (which is True)
  • 5 > 5 (which is False)

The boolean comparisons we have available in Python are many:

  • ==
  • !=
  • >, <, <=, >=
  • is
  • is not
  • in
  • not in
If statements
The 'in' keyword in Python
If statements with the 'in' keyword

Loops allow us to repeat things over and over. This video explores two different types of loop in Python: for loop and while loop.

Loops in Python
Flow control—loops and ifs
1 question

The solution to the "Flow control" Python coding exercise.

Solution to coding exercise: Flow control

List comprehension is a relatively unique thing to Python.

It allows us to succinctly use a for loop inside a list to generate values. These values then end up in the list.

For example, [x for x in range(10)] generates a list [0, 1, 2, 3, 4, 5, 6, 7, 8, 9].

List comprehensions in Python

Dictionaries are an extremely useful thing in Python.

They are akin to sets, but instead of being a set of unique values, they are a set of unique keys, and each has a value associated with it.

Destructuring variables

In this video, let's look at methods in Python by creating some examples. Creating methods is simple, you just need the one keyword: def.

Functions in Python
Function arguments and parameters
Default parameter values
Functions returning values
1 question

The solution to the "Method" Python coding exercise.

Solution to coding exercise: Functions
Lambda functions in Python
Dictionary comprehensions
Dictionaries and students
1 question

The solution to the "Dictionaries and students" Python coding exercise.

Solution to coding exercise: Dictionaries

*args and **kwargs are truly fascinatingly confusing. For eons, they have annoyed Python learners.

To this I say no more!

They're just a way of passing arguments.

Unpacking arguments
Unpacking keyword arguments

Objects are the natural progression from dictionaries. Instead of just holding data, objects hold another special type of data: methods.

A method is a function which operates on the object calling it. Thus, an object can use its own values to calculate outputs of methods. Very cool.

Object-Oriented Programming in Python
Magic methods: __str__ and __repr__
Classes and objects
1 question

The solution to the "Classes and objects" Python coding exercise.

Solution to coding exercise: Classes and objects

In many instances, we don't want our methods to be solely referencing the object which calls them. Sometimes, we want to reference the class of the object. Other times, we don't need either the object or the class.

@classmethod and @staticmethod are two decorators (looking at that shortly!) which extend the capabilities of methods.

@classmethod and @staticmethod
@classmethod and @staticmethod
1 question

The solution to the "@classmethod and @staticmethod" Python coding exercise.

Solution to coding exercise: @classmethod and @staticmethod

Classes in Python can also inherit from one another. This essentially means that a class contains all of the properties and methods of the class it inherits from—but with the added bonus that it can have more.

Class inheritance
Class composition
Type hinting in Python 3.5+
Imports in Python
Relative imports in Python
Errors in Python
Custom error classes

Not only we can pass values from one method to another, but we can also pass functions.

This is not used very often, but it can sometimes yield very powerful methods in very few lines of code.

First-class functions

One of the most confusing aspects of Python for learners is the concept of decorators.

These are things we can place on top of function definitions which allow us to extend the function by executing code before and after the function.

They are extremely powerful when used well!

Simple decorators in Python
The 'at' syntax for decorators
Decorating functions with parameters

In this video we look at advanced decorators in Python, which is decorators that take arguments.

This amplifies the decorator's usefulness, although also makes them slightly more contrived.

Decorators with parameters
Mutability in Python
Mutable default parameters (and why they're a bad idea)
+ Your first REST API
11 lectures 01:13:30

What is an API? How do you interact with them? What's the difference between a client and a provider?

Answers to all these questions are in this short lecture and the linked blog post!

What is an API?

Installing Flask is a necessary first step. Fortunately, installing things in Python is really simple.

All we have to do is execute pip3.5 install Flask, and that will use the Python Package Index to download the package and install it for us.

Installing Flask

This lecture has a link to all the Python code we'll write in this section. Use it to check your code as you write it, or to refresh your memory!

Access the code for this section here

Already we can create our first web server application! This is an application that returns some data when called using a GET request (such as through a web browser).

Preview 09:54

In this lecture we look at how HTTP works and what the verbs mean. They're going to be extremely important when we come to think of REST APIs.

HTTP Verbs

In this lecture we look at the principles behind REST.

REST APIs are only APIs that follow and comply with the REST principles.

Two of the main REST principles are:

  • That it is resource-based
  • That it is stateless
REST Principles

Now that we know about HTTP and REST, we can create our application endpoints (the routes), so we can return different data depending on which endpoint is called.

Creating our application endpoints

In this video we extend the application by returning a list of stores.

Returning a list of stores

In this video we implement the other missing endpoints in the application. We now have a complete web server application!

Implementing other endpoints

Although the focus of the course is not on creating applications to interact with our API, it's useful to know how the API will be called from within a web application.

Normally, APIs are called to retrieve data to create elements on a page, or to do things like authentication, saving to database, or delegate processing to the server.

Calling the API from JavaScript

Testing your API is essential. Without testing, you cannot be sure that your API works. Therefore, you cannot tell your users to use your API! What if it breaks?

In this video we look at Postman, a great tool to test APIs.

Using Postman for API testing
+ Flask-RESTful for more efficient development
13 lectures 01:33:32

A very nice piece of software that we can use with Python is the virtualenv.

This allows us to have a different Python installation for every project, which means no shared libraries and context.

This is nice because libraries evolve over time. Something that worked in Flask-RESTful a year ago may not work today, so it makes sense to keep each project separate.

Or else, if we created a project last year and today we update Flask-RESTful, things may not work as expected!

Virtualenvs and setting up Flask-RESTful

This lecture has a link to all the Python code we'll write in this section. Use it to check your code as you write it, or to refresh your memory!

Access the code for this section here

In this video we create our first Flask-RESTful app, which includes our first Resource (remember REST APIs work with resources, instead of just data?).

Preview 10:39

In this video we explore the concept of test-first API design—akin to Test Driven Development.

It's important to first understand what we want our API to do, before we start writing any code. After all, it's easy to get bogged down on technical details and forget to actually write things that we want to use!

Test-first API design—what is that?

In this video we create our Item resource, which represents the actions we can perform on a store item.

Creating our Item Resource

In this video we look at the ItemList, which represents the actions we can perform on a collection of items; and also at creating items and putting them in an in-memory database.

The ItemList and creating Items

In this video we look at refactoring the code and making it better. This is extremely important in programming. Every now and then, stop and look at what you've written. Then, make it nicer without changing what it does.

This is a sure way of making sure your code is always readable and maintainable—which means you or other people will find it easy to work with and improve later on.

Improving code and error control

Ah, a key focus of the course!

Authentication is something virtually every API needs in one way or another.

In this video we look at part 1 of authentication, which includes another Flask extension: Flask-JWT.

Authentication and logging in—part 1

Part 2 of the authentication videos. Here we complete the authentication process and test it with Postman.

Authentication and logging in—part 2

In this video we implement the DELETE HTTP verb, which is very simple with Flask-RESTful.

Now we can delete items from our in-memory database.

DELETE to delete Items

In this video we implement the PUT HTTP verb. One of the key definitions of PUT is that it has to be idempotent.

To be idempotent means that if we call the same endpoint 5 times in a row, only the first call will exert a change in the server.

We can use it to create an item, or to update an item if it already exists.

PUT to create or update Items

Very often we want to limit the data we accept in our requests. Using reqparse it becomes very easy to do this, and it's built into Flask-RESTful!

Advanced request parsing with Flask-RESTful

In this final video we look once again at our code, and making it nicer and more efficient.

Something that often works is to look at code duplication, and trying to remove duplication.

Optimising our final code and request parsing
+ Storing resources in a SQL database
13 lectures 01:33:38

In this short video we look at setting up our project for this section and installing the required libraries (which, to interact with a SQLite database, happens to be none!).

Setting up our project

This lecture has a link to all the Python code we'll write in this section. Use it to check your code as you write it, or to refresh your memory!

Access the code for this section here

In this video we look at running a local SQLite database and interacting with it from our Python code.

Running a SQLite database and interacting with it from Python

In this video we look at logging our users in by using sample data stored in our database.

This entails retrieving our user's data using SQL, which we can do by using a SELECT statement.

Logging in and retrieving Users from a database

In this video we look at signing our users up to our app by writing their details to a database. This includes creating a /register endpoint to handle the incoming data.

Signing up and writing Users to a database

In this video we take a quick look at preventing duplicate usernames—a good example of things you have to think about when doing API design.

Preventing duplicate usernames when signing users up

In this video we look at retrieving items from a database. Similar to getting our users to log in, but this time accessing our items table.

Retrieving our Item resources from a database

Naturally, retrieving items only is not enough!

In this video we look at creating items and writing them to the database, which means that our API is now usable by other applications if they want to store and retrieve data from our database.

Writing our Item resources to a database

In this video we look at implementing item deletion, which involves deleting the appropriate row from the table.

Warning: it's easy to delete all data from the table, so be careful!

Deleting our Item resources from the database

In this video we look at refactoring (improving) the code so that the insertion of items is not coupled to the endpoint responsible for inserting.

This will be essential for when the PUT method is implemented.

Refactoring insertion of items

In this video we look at implementing the PUT HTTP verb, and this entails either creating or updating an existing item.

The PUT method with database interaction

In this video, we retrieve a list of items from the database and also perform final Postman testing.

Everything works!

Retrieving many items from the database

A great little PDF on advanced configuration, including modifying the authentication URL, key, and various handlers.

Advanced Flask-JWT Configuration
+ Simplifying storage with Flask-SQLAlchemy
15 lectures 02:03:16

This lecture has a link to all the Python code we'll write in this section. Use it to check your code as you write it, or to refresh your memory!

Access the code for this section here

In this lecture we look at installing all the requirements and getting set up.

Setting up this section's project

In this lecture we start discussing Python packages, and how we can create them. We then move some files around to make the project more maintainable by logically grouping our files and classes.

Improving the project structure and maintainability

In this video we create User and Item models. We discuss the difference between a model and a resource, as this is essential in order to design our programs well.

Creating User and Item models

In this video we quickly test using Postman that our refactoring has not broken the API! This is extremely important, as it is easy to forget to test and then end up with a bunch of untested changes.

If something breaks, you won't know where to start fixing it!

Verifying the app works after our changes

In this video we look at advanced Postman usage: tests and environments.

This is extremely useful as it quickly lets us re-use existing text with environment variables.

Tests allow us to quick gauge whether an endpoint call has been successful or not. For example, if it took too long, returned an incorrect error code, didn't return the appropriate values, etc...

Advanced Postman: environments and tests
Errata: small mistake in code in the next video

In this video we tell SQLAlchemy about our tables and columns, which includes defining the data types and primary key.

Telling SQLAlchemy about our tables and columns

In this video we greatly simplify the ItemModel by using methods that SQLAlchemy gives us. We also look into the query builder, which is a key part of SQLAlchemy, and that allows us to easily build SQL queries just by using Python code.

Implementing the ItemModel using SQLAlchemy

In this video we implement the UserModel, which also simplifies it greatly.

Implementing the UserModel using SQLAlchemy

In this video we massively simplify the ItemList resource by virtue of using SQLAlchemy.

Instead of a massive code spew, we can reduce our ItemList to a single line of concise and readable code.

Easily displaying the ItemList resource with SQLAlchemy

In this video we look at the before_first_request decorator, which Flask has.

It allows us to run a method before the first request to the API is processed.

In this video, we create the tables before the first request so that we no longer need to create them manually.

No more creating tables manually—telling SQLAlchemy to create tables

In this video we demonstrate how quick and easy it can be to create new models for our API to use. Here we create a StoreModel, which also includes a relationship to the ItemModel.

Modelling relationships with SQLAlchemy is also surprisingly concise.

Creating a new model: StoreModel

In this video we create the Store and StoreList resources, which is quick since they are similar to the Item and ItemList resources.

Creating the Store Resource

In this video we finalise testing our API using Postman, to make sure that all changes work appropriately.

I encourage you to test your API continuously, so you never write code that you don't know if it works or not.

Final testing of this section's API
+ Git—version control
6 lectures 31:45

In this video we look at installing Git.

Installing Git on Mac and Windows

In this illuminating video, we look at what a Git repository really is (hint: a few hidden files and folders).

What is a Git repository?

In this part 1, we look at how the first few interactions with our local Git repository might go. It includes initialising the repository and adding files to the staging area.

The Git workflow—part 1

In this second part of the Git workflow, we look at committing our code and pushing it to a remote repository, hosted on GitHub.

The Git workflow—part 2, including GitHub

In this video we look at using SSH keys for security, and how we can set up GitHub with our SSH key.

Using SSH keys for security

In this video we look at what a README file is, and why you want one in your repository. It is particularly important for others wanting to use or contribute to your project.

The README file
+ Deploying Flask apps to Heroku
9 lectures 58:30

This lecture contains a link to the Python code we'll write and use in this section. Use it to check for mistakes as you write your code, or to refresh your memory!

Access the code for this section here
What is Heroku?
Getting our code into GitHub
Setting up Heroku for Flask
Adding the required files to the project
Logs in Heroku and troubleshooting errors
Testing the deployed API with Postman
Adding PostgreSQL to our Heroku app
Working with Git and automatic deploys
+ Deploying Flask apps to our own server
8 lectures 01:29:20

In this lecture we look into setting up the DigitalOcean account and server. As per the video, to receive your two free months of a DigitalOcean server, you can use this link:

Setting up a DigitalOcean server
Want to deploy to AWS?

In this lecture we look at installing PostgreSQL in Ubuntu 16.04.

Installing PostgreSQL is not difficult due to Ubuntu's package manager: apt.

Using apt-get, we can easily install PostgreSQL and have it running immediately!

Installing PostgreSQL in Ubuntu 16.04

In this lecture we create a new UNIX user in our Ubuntu server, and give it a password.

Creating a UNIX user in Ubuntu 16.04

In this lecture we set up our new user with a PostgreSQL database, and give it appropriate permissions (including permissions to use a password with the md5 format).

Setting up our new user with PostgreSQL permissions

In this lecture we install nginx and set up the connection from nginx to the uWSGI process.

Setting up nginx and our REST API

In this lecture we install uWSGI and set it up to run our REST API. This is the last step in the deployment!

Setting up uWSGI to run our REST API

In this lecture we verify our API works with the new deployment, and talk about next steps—such as using Varnish to improve performance.

Testing our API to make sure everything works
+ Security in your REST APIs
11 lectures 44:23

This lecture quickly introduces security in REST APIs and what we'll be looking at in this section.

Welcome to this section

This lecture contains an e-book, which you can access to learn about enabling SSL (HTTPS) in REST APIs.

Security in REST APIs e-book

This lecture covers finding and purchasing our domain name.

Getting our domain name

This lecture covers setting up Cloudflare and its various options.

Setting up Cloudflare

This lecture is all about understanding what the Domain Name System is and how it works. Interesting stuff!

What is DNS?

In this lecture we set our DNS records so that our server is accessible through our domain name. We also look into a few different types of DNS records.

Setting our DNS records

Before continuing with SSL, make sure your domain name is working and you can connect to the API!

Verifying everything works—this is important!

In this lecture we create the SSL certificate. Cloudflare can provide us with a valid certificate, which is very handy.

Creating our SSL certificate in Cloudflare

In this lecture we configure our nginx installation to use the SSL certificate. It's just a matter of copying over the certificate and key, and changing some nginx config!

Configuring nginx for SSL

Verify your knowledge of domains and security in this quiz.

Security in REST APIs
5 questions
Extra technical SSL resources

In this section we have looked at security in REST APIs in the form of SSL encryption of traffic between our clients and servers.

This means it's nearly impossible to snoop on the traffic and extract things like emails and passwords that are being sent via HTTPS requests.

Conclusion of this section
  • Some prior programming experience in any programming language will help. The course includes a full Python refresher course.
  • All software used in the course is provided, and completely free
  • Complete beginners may wish to take a beginner Python course first, and then transition to this course afterwards

Are you tired of boring, outdated, incomplete, or incorrect tutorials? I say no more to copy-pasting code that you don’t understand.

Welcome to one of the best resources online on creating REST APIs. I'm Jose, and I'm a software engineer; here to help you truly understand and develop your skills in web and REST API development with Python, using Flask.

Production-ready REST APIs with Flask

This course will guide you in creating simple, intermediate, and advanced REST APIs including authentication, deployments, caching, and much more.

We'll start with a Python refresher that will take you from the very basics to some of the most advanced features of Python—that's all the Python you need to complete the course.

Using Flask and popular extensions Flask-RESTful, Flask-JWT, and Flask-SQLAlchemy we will dive right into developing complete, solid, production-ready REST APIs.

We will also look into essential technologies Git, Heroku, and nginx.

You'll be able to...

  • Create resource-based, production-ready REST APIs using Python, Flask, and popular Flask extensions;

  • Handle secure user registration and authentication with Flask.

  • Using SQLAlchemy and Flask-SQLAlchemy to easily and efficiently store resources to a database; and

  • Understand the complex intricacies of deployments and the performance of Flask REST APIs.

But what is a REST API anyway? Put simply, a REST API is an application that accepts data from clients and returns data back. With the data, it can do many things. For example, a REST API we build in this course accepts text data from the client, processes it and stores it in a database, and then returns some data back so the client can show something to the user.

When working with REST APIs, the client is usually a web app or mobile app. That's in contrast to web apps, where the client is usually the user themselves.

I pride myself on providing excellent support and feedback to every single student. I am always available to guide you and answer your questions.

I'll see you on the inside. Let's take another step toward REST API mastery!

Who this course is for:
  • Students wanting to extend the capabilities of mobile and web applications by using server-side technologies
  • Software developers looking to expand their skill-set by learning to develop professional grade REST APIs
  • Those looking to learn Python while specifically catering to web services