В дополнение к презентации "Введение в API".

TODO API Example.py

from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
import datetime

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///db.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
db = SQLAlchemy(app)


class Note(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    note_text = db.Column(db.String, nullable=False)
    created = db.Column(db.DateTime, default=datetime.datetime.utcnow)

    @property
    def serialize(self):
        return {
            'id': self.id,
            'note_text': self.note_text,
            'created': self.created
        }


@app.route('/notes/<int:id>', methods=['GET'])
def get_note(id):
    """Получить ОДНУ запись запись по ID"""
    note = Note.query.get(id)

    if not note:
        return jsonify({'msg': 'Note not found. Did you send correct id?'}), 404

    return jsonify({'response': note.serialize}), 200


@app.route('/notes', methods=['GET'])
def get_notes():
    """Получить все записи"""
    notes = Note.query.order_by(Note.created.desc()).all()

    serialized_notes = []
    for note in notes:
        serialized_notes.append(note.serialize)

    return jsonify({'response': serialized_notes}), 200


@app.route('/notes', methods=['POST'])
def create_note():
    try:
        request_json = request.get_json(force=True)
    except:
        return jsonify({'msg': 'Send me correct application/json please :('}), 400

    if 'note_text' not in request_json:
        return jsonify({'msg': 'Your JSON correct, but required param "note_text" is missed.'}), 400

    note = Note(note_text=request_json['note_text'])
    db.session.add(note)
    db.session.commit()

    return jsonify(note.serialize), 200


@app.route('/notes/<int:id>', methods=['PUT'])
def update_note(id):
    try:
        request_json = request.get_json(force=True)
    except:
        return jsonify({'msg': 'Send me correct application/json please :('}), 400

    if 'note_text' not in request_json:
        return jsonify({'msg': 'Param "note_text" is missed'}), 400

    note = Note.query.get(id)

    if not note:
        return jsonify({'msg': 'Note not found. Did you send correct id?'}), 404

    note.note_text = request_json['note_text']

    db.session.add(note)
    db.session.commit()

    return jsonify({'response': note.serialize}), 200


@app.route('/notes/<int:id>', methods=['DELETE'])
def delete_note(id):
    note = Note.query.get(id)

    if not note:
        return jsonify({'msg': 'Note not found. Did you send correct id?'}), 404

    db.session.delete(note)
    db.session.commit()

    return jsonify({'msg': 'Resource deleted'}), 200


# Ниже - пример работы с Basic Auth.
# Использовать ее - не круто и НИКОГДА не используйте ее без HTTPS.
# Лучше использовать токены, например - JWT. Но это уже другая история.
# Используйте Basic Auth очень аккуратно.

@app.route('/protected', methods=['GET'])
def show_protected_resource():
    def check_auth():
        test_login = 'root'
        test_password = 'toor'

        auth = request.authorization

        return auth.username == test_login and auth.password == test_password

    if not check_auth():
        return jsonify({'msg': 'Auth failed'}), 403

    return jsonify({'msg': 'I am protected resource. Hello, root!'})


if __name__ == '__main__':
    db.create_all()
    app.run(debug=True)