Post

Flask Backend Development: API, Authentication, Caching & Background Jobs

Posted
By Rajnish kuamr 36 min read

Welcome to this Flask Backend Development Tutorial, where we will build a robust, scalable, and production-ready backend using Flask, SQLite for database management, JWT for authentication, Redis for caching, Celery for background tasks, and SMTP for email functionality.

Backend development is a crucial part of any web application, ensuring smooth data processing, secure authentication, and efficient request handling. This tutorial is designed to provide a hands-on approach, walking you through each component step by step, from setting up the environment to deploying a fully functional backend.

By the end of this tutorial, you will:
✅ Understand the fundamentals of Flask and RESTful API development
✅ Learn how to use SQLite for lightweight and efficient database management
✅ Implement JWT-based authentication for secure session management
✅ Integrate Redis caching to optimize API performance
✅ Use Celery for handling asynchronous and batch jobs
✅ Configure SMTP for sending emails programmatically

This guide is beginner-friendly but assumes you have basic knowledge of Python and web development concepts. Each chapter will include code examples to solidify your understanding.

Let’s get started! 🚀

Prerequisites

Before diving into this tutorial, ensure you have the following:

1. Technical Skills

✔️ Basic understanding of Python (functions, classes, modules)
✔️ Familiarity with Flask and HTTP concepts (requests, responses, status codes)
✔️ Knowledge of SQL databases (CRUD operations, SQL queries)
✔️ Awareness of authentication concepts (tokens, sessions, hashing)

2. System Requirements

🔹 Python 3.8+ installed (Recommended: Python 3.10)
🔹 pip (Python package manager) installed
🔹 SQLite installed (comes with Python by default)
🔹 Redis installed and running
🔹 SMTP credentials for email testing (Gmail, SendGrid, etc.)

📚 Table of Contents

1️⃣ Introduction to Flask Backend Development

2️⃣ Setting Up the Development Environment

3️⃣ Working with SQLite Database

4️⃣ Implementing Authentication with JWT

5️⃣ Implementing Redis for Caching

6️⃣ Background Tasks with Celery

7️⃣ Sending Emails with SMTP

8️⃣ Building a RESTful API

9️⃣ Securing the Flask Application

🔟 Testing and Debugging

1️1 Deployment and Scaling

12 Final Project: Building a Full-Stack Application

1️⃣ Introduction to Flask Backend Development

In modern web applications, the backend is responsible for handling requests, processing data, managing databases, and ensuring security. Flask, a lightweight yet powerful web framework in Python, provides developers with the flexibility and simplicity needed to build scalable backend systems.

This section will introduce you to Flask, its advantages, the core components of a backend system, and the technologies we will be using throughout this tutorial.

📌 What is Flask?

Flask is a micro web framework for Python that enables developers to create web applications quickly and efficiently. Unlike Django, which follows a “batteries-included” approach, Flask is minimalistic and allows developers to integrate only the components they need.

Key Features of Flask:Lightweight & Minimal – Provides only the essential features, allowing flexibility.
Modular & Extensible – Easily integrates with other libraries and tools.
RESTful API Support – Ideal for building APIs and microservices.
Jinja2 Templating Engine – Helps render dynamic content in web applications.
Built-in Development Server & Debugger – Speeds up the development process.

🔹 Official Flask Documentation: https://flask.palletsprojects.com/

📌 Why Choose Flask for Backend Development?

Flask is an excellent choice for backend development because of its flexibility and ease of use. Here’s why:

🔹 Minimal Boilerplate Code: Unlike Django, Flask requires minimal setup, making it ideal for small to medium-sized applications.
🔹 API-First Approach: Perfect for creating RESTful APIs, which are widely used in modern applications.
🔹 Scalability: Can be used for both simple applications and large-scale projects by integrating extensions like Flask-SQLAlchemy, Flask-JWT-Extended, etc.
🔹 Full Control: Developers have complete control over how components are used and structured.
🔹 Active Community: A large and active community means continuous improvements, extensions, and support.

When to use Flask?
✔ Small to medium-sized applications
✔ REST APIs for frontend applications (Vue.js, React, Angular)
✔ Microservices architecture
✔ Prototyping new ideas quickly

📌 Core Components of a Backend System

A well-structured backend consists of several key components:

1️⃣ Web Framework - Handles HTTP requests and responses.

  • We will use Flask for this.

2️⃣ Database Management - Stores and manages application data.

  • We will use SQLite for simplicity and lightweight storage.

3️⃣ Authentication & Authorization - Ensures secure access control.

  • We will use JWT (JSON Web Token) for user authentication.

4️⃣ Caching System - Improves performance by storing frequently accessed data.

  • We will integrate Redis for caching.

5️⃣ Background Jobs - Handles time-consuming tasks asynchronously.

  • We will use Celery for batch processing and scheduled tasks.

6️⃣ Email Service - Sends automated emails for notifications.

  • We will configure SMTP for email sending.

7️⃣ Deployment & Scaling - Optimizes for production and performance.

  • We will explore Gunicorn, Docker, and Nginx for deployment.

Each of these components plays a crucial role in making the backend secure, scalable, and efficient.

📌 Overview of Technologies Used

Here’s a quick rundown of the technologies and tools we will be using:

TechnologyPurpose
FlaskWeb framework for handling API requests
SQLiteLightweight database for storing data
Flask-JWT-ExtendedToken-based authentication system
RedisIn-memory caching for performance optimization
CeleryTask queue for background job processing
Flask-MailLibrary for sending emails via SMTP
GunicornWSGI server for deploying Flask applications
NginxReverse proxy and load balancer for production
DockerContainerization for deployment

By mastering these tools, you’ll be able to build a scalable, secure, and production-ready backend system.

2️⃣ Setting Up the Development Environment

Before diving into Flask development, we need to set up our environment properly. This section covers installing Python and Flask, setting up a virtual environment, understanding the project structure, creating a basic Flask application, and running the Flask server.

📌 Installing Python and Flask

Step 1: Install Python

Flask is a Python-based framework, so ensure you have Python installed.

🔹 Check if Python is installed:
Run the following command in your terminal or command prompt:

1

python --version

or

1

python3 --version

If Python is not installed, download and install it from Python’s official website.

🔹 Ensure pip is installed:
Check if pip (Python package manager) is available:

1

pip --version

If missing, install it using:

1

python -m ensurepip --default-pip

Step 2: Install Flask

Once Python is installed, install Flask using pip:

1

pip install flask

Verify the installation:

1

python -m flask --version

📌 Setting Up a Virtual Environment

A virtual environment isolates project dependencies, preventing conflicts between different Python projects.

🔹 Create a Virtual Environment:
Navigate to your project directory and run:

1

python -m venv venv

This creates a folder venv/ containing the virtual environment.

🔹 Activate the Virtual Environment:

  • Windows:
    1

    venv\Scripts\activate
  • Mac/Linux:
    1

    source venv/bin/activate

Once activated, you should see (venv) in the terminal prompt, indicating that the virtual environment is active.

🔹 Install Dependencies in the Virtual Environment:

1

pip install flask flask-sqlalchemy flask-jwt-extended redis celery flask-mail

📌 Project Structure Overview

A well-structured Flask project makes development easier. Below is a suggested structure:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

flask_app/
│── app/
│   ├── __init__.py
│   ├── models.py
│   ├── routes.py
│   ├── services.py
│   ├── tasks.py
│── migrations/
│── static/
│── templates/
│── tests/
│── .env
│── config.py
│── main.py
│── requirements.txt
│── README.md

Folder & File Explanation:

  • app/ → Contains the main application code.
    • __init__.py → Initializes Flask and extensions.
    • models.py → Defines database models.
    • routes.py → Defines API endpoints.
    • services.py → Contains business logic.
    • tasks.py → Defines background tasks (Celery).
  • migrations/ → Contains database migration files (for Flask-Migrate).
  • static/ → Stores static files (CSS, JS, images).
  • templates/ → Stores HTML templates (if using Jinja2).
  • tests/ → Stores test scripts for API testing.
  • .env → Contains environment variables.
  • config.py → Stores Flask configuration settings.
  • main.py → Entry point for running the Flask app.
  • requirements.txt → Lists dependencies.
  • README.md → Documentation file.

📌 Creating the First Flask App

Now, let’s create a basic Flask app.

🔹 Step 1: Create main.py
Inside your project folder (flask_app/), create main.py and add the following code:

1
2
3
4
5
6
7
8
9
10

from flask import Flask

app = Flask(__name__)

@app.route("/")
def home():
    return "Hello, Flask!"

if __name__ == "__main__":
    app.run(debug=True)

🔹 Step 2: Run the Flask App
To run the Flask server, use:

1

python main.py

This starts a development server at http://127.0.0.1:5000/.

📌 Running the Flask Server

To start the Flask server:

1

python main.py

After running the command, you should see output like this:

1
2

 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
 * Debug mode: on

🔹 Access your Flask app in a browser:
Open http://127.0.0.1:5000/, and you should see:

1

Hello, Flask!

🔹 Stopping the Server:
Press CTRL+C in the terminal to stop the server.

3️⃣ Working with SQLite Database

SQLite is a lightweight, file-based relational database that is ideal for small to medium-sized applications. It requires no separate server and is easy to set up with Flask using Flask-SQLAlchemy.

In this section, we’ll cover the basics of SQLite, setting up SQLAlchemy in Flask, creating models, performing CRUD operations, and querying data efficiently.

📌 Introduction to SQLite

SQLite is a self-contained, serverless database engine stored as a single file on disk. It is widely used for local storage in applications due to its simplicity and lightweight nature.

Why use SQLite for Flask?
No setup required – Comes pre-installed with Python
Lightweight & Fast – Suitable for development and small applications
Single file storage – Stores data in a .sqlite3 file
SQL Support – Uses standard SQL syntax

CommandDescription
SELECTRetrieve data from the database
INSERTAdd new records to a table
UPDATEModify existing records
DELETERemove records from a table
CREATE TABLEDefine a new table
DROP TABLEDelete a table

By integrating Flask-SQLAlchemy, we can manage our SQLite database using Python ORM (Object-Relational Mapping) instead of raw SQL queries.

📌 Setting Up Flask-SQLAlchemy

🔹 Step 1: Install Flask-SQLAlchemy
If you haven’t installed it yet, run:

1

pip install flask-sqlalchemy

🔹 Step 2: Configure Flask to Use SQLite
Modify your main.py or app/__init__.py:

1
2
3
4
5
6
7
8
9
10
11
12
13

from flask import Flask
from flask_sqlalchemy import SQLAlchemy
import os

app = Flask(__name__)

# Configure the SQLite database path
BASE_DIR = os.path.abspath(os.path.dirname(__file__))
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///" + os.path.join(BASE_DIR, "database.sqlite3")
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False

# Initialize SQLAlchemy
db = SQLAlchemy(app)

🔹 Step 3: Create the Database File
Run:

1

python

1
2
3

from main import db
db.create_all()
exit()

This will generate a database.sqlite3 file in your project directory.

📌 Creating Models and Migrations

In Flask-SQLAlchemy, models represent database tables. Each model class extends db.Model and defines fields as columns.

🔹 Step 1: Define a Model (Table Structure)
Create a file models.py:

1
2
3
4
5
6
7
8
9
10

from main import db

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    password = db.Column(db.String(128), nullable=False)

    def __repr__(self):
        return f"<User {self.username}>"

🔹 Step 2: Apply Migrations
Install Flask-Migrate:

1

pip install flask-migrate

Modify main.py to initialize Flask-Migrate:

1
2
3

from flask_migrate import Migrate

migrate = Migrate(app, db)

Run these commands to apply migrations:

1
2
3

flask db init
flask db migrate -m "Initial migration"
flask db upgrade

This creates a migrations/ folder and updates the database schema.

📌 Performing CRUD Operations

Let’s implement Create, Read, Update, and Delete (CRUD) operations using Flask routes.

1️⃣ Creating a New User (INSERT)

1
2
3
4
5
6
7
8
9
10
11

from flask import request, jsonify
from main import app, db
from models import User

@app.route("/user", methods=["POST"])
def create_user():
    data = request.json
    new_user = User(username=data["username"], email=data["email"], password=data["password"])
    db.session.add(new_user)
    db.session.commit()
    return jsonify({"message": "User created successfully"}), 201

2️⃣ Retrieving Users (SELECT)

1
2
3
4

@app.route("/users", methods=["GET"])
def get_users():
    users = User.query.all()
    return jsonify([{"id": u.id, "username": u.username, "email": u.email} for u in users])

3️⃣ Updating a User (UPDATE)

1
2
3
4
5
6
7
8
9
10

@app.route("/user/<int:user_id>", methods=["PUT"])
def update_user(user_id):
    data = request.json
    user = User.query.get(user_id)
    if user:
        user.username = data["username"]
        user.email = data["email"]
        db.session.commit()
        return jsonify({"message": "User updated successfully"})
    return jsonify({"error": "User not found"}), 404

4️⃣ Deleting a User (DELETE)

1
2
3
4
5
6
7
8

@app.route("/user/<int:user_id>", methods=["DELETE"])
def delete_user(user_id):
    user = User.query.get(user_id)
    if user:
        db.session.delete(user)
        db.session.commit()
        return jsonify({"message": "User deleted successfully"})
    return jsonify({"error": "User not found"}), 404

📌 Querying and Filtering Data

Flask-SQLAlchemy provides easy methods to query data.

1️⃣ Fetch a User by ID

1
2
3
4
5
6

@app.route("/user/<int:user_id>", methods=["GET"])
def get_user(user_id):
    user = User.query.get(user_id)
    if user:
        return jsonify({"id": user.id, "username": user.username, "email": user.email})
    return jsonify({"error": "User not found"}), 404

2️⃣ Fetch Users by a Specific Field

1
2
3
4
5
6

@app.route("/user/email/<string:email>", methods=["GET"])
def get_user_by_email(email):
    user = User.query.filter_by(email=email).first()
    if user:
        return jsonify({"id": user.id, "username": user.username, "email": user.email})
    return jsonify({"error": "User not found"}), 404

3️⃣ Fetch Users with Sorting and Filtering

1
2
3
4

@app.route("/users/sorted", methods=["GET"])
def get_sorted_users():
    users = User.query.order_by(User.username.asc()).all()
    return jsonify([{"id": u.id, "username": u.username, "email": u.email} for u in users])

📌 Summary

SQLite is a lightweight database ideal for small applications.
Flask-SQLAlchemy provides an ORM to interact with SQLite using Python.
CRUD operations allow us to create, retrieve, update, and delete user records.
Querying and filtering helps us fetch and manage data efficiently.

4️⃣ Implementing Authentication with JWT

Authentication is a crucial part of any web application. JWT (JSON Web Token) is a widely used method for securing APIs by issuing signed tokens to users upon authentication. These tokens can be used for stateless authentication, meaning the server does not need to store session data.

In this section, we will explore JWT, set up authentication using Flask-JWT-Extended, implement user registration & login, generate and validate JWT tokens, and implement role-based access control (RBAC).

📌 What is JWT and Why Use It?

JWT (JSON Web Token) is an encoded string that securely transmits authentication information between a client and a server.

🔹 How JWT Works

  1. The user logs in with a username & password.
  2. The server validates the credentials and issues a JWT token.
  3. The client stores the token (usually in local storage or cookies).
  4. For subsequent API requests, the token is included in the Authorization header.
  5. The server verifies the token and grants access if valid.

🔹 JWT Token Structure

A JWT consists of three parts:

1

Header.Payload.Signature

Example JWT:

1

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

🔹 Why Use JWT?

✅ Stateless Authentication No need to store session data on the server.
🔐 Secure Uses **signatures** to prevent tampering.
⚡ Fast Reduces server-side lookup times.
🔄 Scalable Ideal for microservices and distributed systems.
🌍 Cross-Platform Works across web, mobile, and APIs.

📌 Setting Up Flask-JWT-Extended

To implement JWT authentication in Flask, we will use Flask-JWT-Extended.

🔹 Step 1: Install Flask-JWT-Extended

1

pip install flask-jwt-extended

🔹 Step 2: Configure JWT in main.py

1
2
3
4
5
6
7
8
9
10

from flask import Flask
from flask_jwt_extended import JWTManager

app = Flask(__name__)

# Secret key for signing JWTs (store securely in .env)
app.config["JWT_SECRET_KEY"] = "your_secret_key_here"

# Initialize JWT
jwt = JWTManager(app)

📌 User Registration and Login

We will create register and login routes that store user credentials securely and generate JWT tokens.

🔹 Step 1: Modify models.py to Add User Model

1
2
3
4
5
6
7

from main import db

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    password = db.Column(db.String(128), nullable=False)  # Store hashed passwords

🔹 Step 2: User Registration Route

1
2
3
4
5
6
7
8
9
10
11
12

from flask import request, jsonify
from werkzeug.security import generate_password_hash
from models import User, db

@app.route("/register", methods=["POST"])
def register():
    data = request.json
    hashed_password = generate_password_hash(data["password"], method="pbkdf2:sha256")
    new_user = User(username=data["username"], email=data["email"], password=hashed_password)
    db.session.add(new_user)
    db.session.commit()
    return jsonify({"message": "User registered successfully"}), 201

🔹 Step 3: User Login Route

1
2
3
4
5
6
7
8
9
10
11
12
13

from flask_jwt_extended import create_access_token
from werkzeug.security import check_password_hash

@app.route("/login", methods=["POST"])
def login():
    data = request.json
    user = User.query.filter_by(email=data["email"]).first()

    if not user or not check_password_hash(user.password, data["password"]):
        return jsonify({"error": "Invalid credentials"}), 401

    access_token = create_access_token(identity={"id": user.id, "username": user.username})
    return jsonify({"access_token": access_token}), 200

📌 Generating and Validating Tokens

Once a user logs in, we generate a JWT token that must be included in API requests.

🔹 Protecting Routes Using JWT

1
2
3
4
5
6
7

from flask_jwt_extended import jwt_required, get_jwt_identity

@app.route("/protected", methods=["GET"])
@jwt_required()
def protected():
    current_user = get_jwt_identity()
    return jsonify({"message": f"Hello, {current_user['username']}!"})

🔹 Sending Token in API Request The frontend must include the JWT token in the Authorization header:

1

Authorization: Bearer <your_jwt_token>

🔹 Token Expiration Handling Set token expiry time in main.py:

1
2

from datetime import timedelta
app.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(hours=1)

📌 Role-Based Access Control (RBAC)

RBAC allows defining user roles (admin, user, editor) to restrict access to certain API endpoints.

🔹 Step 1: Modify models.py to Add Role Field

1
2
3
4
5
6

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    password = db.Column(db.String(128), nullable=False)
    role = db.Column(db.String(20), default="user")  # Default role: user

🔹 Step 2: Protect Routes Based on Role

1
2
3
4
5
6
7
8
9

def admin_required(fn):
    @jwt_required()
    def wrapper(*args, **kwargs):
        current_user = get_jwt_identity()
        user = User.query.get(current_user["id"])
        if user.role != "admin":
            return jsonify({"error": "Admins only!"}), 403
        return fn(*args, **kwargs)
    return wrapper

🔹 Step 3: Use RBAC in API Routes

1
2
3
4

@app.route("/admin", methods=["GET"])
@admin_required
def admin_dashboard():
    return jsonify({"message": "Welcome, Admin!"})

📌 Summary

JWT enables secure and stateless authentication.
Flask-JWT-Extended simplifies JWT token creation and validation.
User registration & login allows authentication using hashed passwords.
JWT-protected routes ensure access only to authenticated users.
Role-Based Access Control (RBAC) restricts actions based on user roles.

5️⃣ Implementing Redis for Caching

Caching is an essential technique for optimizing application performance by storing frequently accessed data in memory instead of making repeated database queries. Redis is an in-memory data store that provides lightning-fast access to data and is widely used for caching, session storage, and real-time analytics.

In this section, we will explore Redis, set up Flask-Redis for caching, implement rate limiting, and learn how to cache API responses.

📌 What is Redis and Why Use It?

Redis (Remote Dictionary Server) is a high-performance, in-memory key-value store that can be used for caching, message brokering, and real-time analytics.

🔹 Why Use Redis for Caching?

⚡ Ultra-Fast Redis stores data in RAM, making it significantly faster than databases.
🔁 Reduces DB Load Cached data prevents repeated queries, improving performance.
🔄 Supports Expiry Cached items can expire automatically, preventing stale data.
🚀 Scalable Works well for large-scale applications and distributed systems.
🔑 Key-Value Store Data is stored as key-value pairs for fast lookups.

📌 Installing and Configuring Redis

🔹 Step 1: Install Redis

On Linux/macOS, install Redis via:

1
2

sudo apt install redis -y  # Ubuntu/Debian
brew install redis  # macOS

On Windows, use WSL (Windows Subsystem for Linux) or install Redis from Memurai or Docker.

Start Redis:

1

redis-server

Verify Redis is running:

1
2

redis-cli ping
# Output: PONG

🔹 Step 2: Install Flask-Redis

1

pip install redis flask-redis

🔹 Step 3: Configure Redis in main.py

1
2
3
4
5
6
7
8

from flask import Flask
from redis import Redis

app = Flask(__name__)

# Redis configuration
app.config["REDIS_URL"] = "redis://localhost:6379/0"
redis_client = Redis.from_url(app.config["REDIS_URL"], decode_responses=True)

📌 Using Flask-Redis for Caching

We can store and retrieve data from Redis to avoid frequent database queries.

🔹 Step 1: Store and Retrieve Data

1
2
3
4
5
6
7
8
9
10
11

@app.route("/set_cache/<key>/<value>")
def set_cache(key, value):
    redis_client.set(key, value, ex=60)  # Set key with 60 seconds expiry
    return f"Cached {key}: {value}"

@app.route("/get_cache/<key>")
def get_cache(key):
    value = redis_client.get(key)
    if value:
        return f"Cached Value: {value}"
    return "Cache miss!"

🔹 Step 2: Flush Redis Cache

1
2
3
4

@app.route("/clear_cache")
def clear_cache():
    redis_client.flushall()
    return "Cache cleared!"

📌 Implementing Rate Limiting with Redis

Rate limiting prevents API abuse by restricting the number of requests per user/IP.

🔹 Step 1: Create a Rate Limiting Middleware

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

import time
from flask import request, jsonify

def rate_limiter(limit: int, window: int):
    def decorator(fn):
        def wrapper(*args, **kwargs):
            user_ip = request.remote_addr
            key = f"rate_limit:{user_ip}"
            current = redis_client.get(key)

            if current and int(current) >= limit:
                return jsonify({"error": "Too many requests, slow down!"}), 429
            
            if not current:
                redis_client.setex(key, window, 1)
            else:
                redis_client.incr(key)
            
            return fn(*args, **kwargs)
        return wrapper
    return decorator

🔹 Step 2: Apply Rate Limiting to Routes

1
2
3
4

@app.route("/limited_api")
@rate_limiter(limit=5, window=60)  # Max 5 requests per minute
def limited_api():
    return jsonify({"message": "This API is rate-limited!"})

📌 Caching API Responses

Caching API responses can significantly reduce database queries and response times.

🔹 Step 1: Create a Caching Wrapper

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

import json
from functools import wraps

def cache_response(timeout: int):
    def decorator(fn):
        @wraps(fn)
        def wrapper(*args, **kwargs):
            cache_key = f"cache:{request.path}"
            cached_data = redis_client.get(cache_key)

            if cached_data:
                return jsonify(json.loads(cached_data))

            response = fn(*args, **kwargs)
            redis_client.setex(cache_key, timeout, json.dumps(response.json))
            return response
        return wrapper
    return decorator

🔹 Step 2: Apply Caching to an API Endpoint

1
2
3
4
5

@app.route("/expensive_query")
@cache_response(timeout=120)  # Cache response for 2 minutes
def expensive_query():
    data = {"message": "This is a cached response!", "time": time.time()}
    return jsonify(data)

🔹 Step 3: Clear Cache for an API Endpoint

1
2
3
4

@app.route("/clear_api_cache")
def clear_api_cache():
    redis_client.flushdb()
    return "API Cache Cleared!"

📌 Summary

Redis is a fast, in-memory key-value store used for caching.
Flask-Redis enables easy integration with Redis in Flask apps.
Rate limiting prevents excessive API requests using Redis keys.
Caching API responses reduces unnecessary database queries and improves performance.

8️⃣ Building a RESTful API with Flask-RESTful

Flask-RESTful is an extension for Flask that simplifies building REST APIs by providing a structured way to define resources and request handling.

In this section, we will explore what a REST API is, learn how to design RESTful endpoints, handle requests and responses using Flask-RESTful, return JSON data, and implement API versioning.

📌 What is a REST API?

A REST API allows clients (like web applications, mobile apps) to interact with a backend service using HTTP methods.

🔹 Key Principles of REST API

🌐 Stateless The server does not store client session data.
🔄 Cacheable Responses can be cached to improve performance.
🏗️ Layered Architecture The API can have multiple layers (e.g., security, caching, logging).
🔑 Resource-Based Each entity (user, product) is a resource with a unique URL.
🔍 Uses HTTP Methods CRUD operations map to GET, POST, PUT, DELETE.

📌 Setting Up Flask-RESTful

To build APIs using Flask-RESTful, we need to install it first.

🔹 Install Flask-RESTful

1

pip install flask-restful

🔹 Modify main.py to Use Flask-RESTful

1
2
3
4
5
6
7

from flask import Flask
from flask_restful import Api

app = Flask(__name__)

# Initialize Flask-RESTful API
api = Api(app)

📌 Designing RESTful Endpoints

A RESTful API should follow clear endpoint naming conventions.

🔹 API Endpoint Design Guidelines

1️⃣ Use nouns for resource names
/users (Good)
/getUsers (Bad)

2️⃣ Use HTTP methods properly
GET /users/1 (Fetch user)
POST /users (Create user)
PUT /users/1 (Update user)
DELETE /users/1 (Delete user)

3️⃣ Use plural nouns for collections
/users (Good)
/user (Bad)

4️⃣ Nested routes for related resources
/users/1/orders (Orders for User 1)

📌 Handling Requests and Responses with Flask-RESTful

Flask-RESTful provides the Resource class to define API endpoints.

🔹 Define API Resources in resources/user.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

from flask_restful import Resource
from flask import request

# Dummy in-memory user data
users = [
    {"id": 1, "name": "Alice", "email": "alice@example.com"},
    {"id": 2, "name": "Bob", "email": "bob@example.com"},
]

class UserList(Resource):
    def get(self):
        """Get all users"""
        return users, 200

    def post(self):
        """Create a new user"""
        data = request.json
        new_user = {"id": len(users) + 1, "name": data["name"], "email": data["email"]}
        users.append(new_user)
        return new_user, 201

class User(Resource):
    def get(self, user_id):
        """Get a user by ID"""
        user = next((u for u in users if u["id"] == user_id), None)
        if user:
            return user, 200
        return {"error": "User not found"}, 404

    def put(self, user_id):
        """Update a user"""
        user = next((u for u in users if u["id"] == user_id), None)
        if user:
            data = request.json
            user.update({"name": data["name"], "email": data["email"]})
            return user, 200
        return {"error": "User not found"}, 404

    def delete(self, user_id):
        """Delete a user"""
        global users
        users = [u for u in users if u["id"] != user_id]
        return {"message": "User deleted"}, 200

🔹 Register API Endpoints in main.py

1
2
3
4
5
6
7
8

from resources.user import UserList, User

# Register API Endpoints
api.add_resource(UserList, "/users")
api.add_resource(User, "/users/<int:user_id>")

if __name__ == "__main__":
    app.run(debug=True)

📌 Returning JSON Data

Flask-RESTful automatically formats responses as JSON.

🔹 Example Response

1
2
3
4
5

{
    "id": 1,
    "name": "Alice",
    "email": "alice@example.com"
}

🔹 Handling HTTP Status Codes

**Status Code** **Meaning**
`200 OK` Successful request
`201 Created` Resource successfully created
`400 Bad Request` Invalid input data
`401 Unauthorized` User authentication required
`404 Not Found` Resource not found
`500 Internal Server Error` Server encountered an error

📌 API Versioning Best Practices

API versioning ensures compatibility for future updates.

🔹 API Versioning Methods

**Method** **Example** **Pros & Cons**
URL Versioning `/api/v1/users` ✅ Easy to implement, ❌ URL changes required
Header Versioning `Accept: application/vnd.api.v1+json` ✅ Clean URLs, ❌ Requires custom headers
Query Parameter Versioning `/users?version=1` ✅ Simple, ❌ Pollutes query parameters

🔹 Example: URL Versioning in Flask-RESTful

1
2

api.add_resource(UserList, "/api/v1/users")
api.add_resource(User, "/api/v1/users/<int:user_id>")

📌 Summary

Flask-RESTful simplifies building structured APIs.
Resource classes define API endpoints cleanly.
Proper endpoint design ensures scalability.
Returning JSON data is easy with Flask-RESTful.
API versioning ensures smooth upgrades.

9️⃣ Securing the Flask Application

Security is a crucial aspect of backend development. A Flask application must be secured against common vulnerabilities like CORS issues, excessive API requests, credential leaks, and sensitive data exposure.

In this section, we will cover CORS handling, rate limiting, using environment variables for security, and protecting sensitive data.

📌 Handling CORS with Flask-CORS

CORS (Cross-Origin Resource Sharing) is a security feature that restricts resources on a web server to be accessed by different domains.

🔹 Why Use Flask-CORS?

🌍 Cross-Origin Support Allows secure API access from different domains.
🔒 Security Control Prevents unauthorized scripts from making API calls.
🛠️ Fine-Grained Rules Restrict access to specific domains, methods, or headers.

🔹 Install Flask-CORS

1

pip install flask-cors

🔹 Enable CORS for Flask API

Modify main.py:

1
2
3
4
5
6
7
8
9
10

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)

# Allow all origins (useful for development)
CORS(app)

# Allow only specific origins
CORS(app, resources={r"/api/*": {"origins": "https://yourdomain.com"}})

🔹 CORS for Flask-RESTful API

1
2
3
4
5
6
7

from flask_restful import Api
from flask_cors import CORS

app = Flask(__name__)
CORS(app)  # Enables CORS globally

api = Api(app)

📌 Rate Limiting and Security Best Practices

Rate limiting prevents excessive API requests, reducing the risk of DDoS attacks and API abuse.

🔹 Install Flask-Limiter

1

pip install flask-limiter

🔹 Apply Rate Limiting to API

Modify main.py:

1
2
3
4
5
6
7
8
9
10

from flask_limiter import Limiter
from flask_limiter.util import get_remote_address

# Initialize rate limiter
limiter = Limiter(
    key_func=get_remote_address,  # Uses client's IP address
    default_limits=["100 per hour", "10 per minute"]  # Global limit
)

limiter.init_app(app)

🔹 Apply Rate Limiting to API Endpoints

1
2
3
4
5
6
7
8
9

from flask_restful import Resource

class LimitedResource(Resource):
    decorators = [limiter.limit("5 per minute")]  # Limit to 5 requests per minute

    def get(self):
        return {"message": "This API is rate-limited"}, 200

api.add_resource(LimitedResource, "/limited")

📌 Using Environment Variables for Security

Environment variables hide sensitive data, such as API keys, database credentials, and secret keys.

🔹 Install Python Dotenv

1

pip install python-dotenv

🔹 Create a .env File

1
2
3

FLASK_SECRET_KEY="your_super_secret_key"
DATABASE_URL="sqlite:///database.sqlite3"
JWT_SECRET_KEY="your_jwt_secret_key"

🔹 Load Environment Variables in Flask

Modify main.py:

1
2
3
4
5
6
7
8
9

import os
from dotenv import load_dotenv

# Load .env file
load_dotenv()

app.config["SECRET_KEY"] = os.getenv("FLASK_SECRET_KEY")
app.config["SQLALCHEMY_DATABASE_URI"] = os.getenv("DATABASE_URL")
app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY")

🔹 Best Practices for Environment Variables

✅ Use `.env` files Store secrets securely in `.env`.
🚀 Do not commit `.env` Add `.env` to `.gitignore` to prevent leaks.
🔑 Use strong secrets Generate secure API keys and passwords.

📌 Protecting Sensitive Data

Applications must ensure data is stored and transmitted securely.

🔹 Hash User Passwords

Store hashed passwords instead of plain text.

1
2
3
4
5
6
7

from werkzeug.security import generate_password_hash, check_password_hash

# Hashing a password
hashed_password = generate_password_hash("securepassword")

# Verifying a password
check_password_hash(hashed_password, "securepassword")  # Returns True

🔹 Secure Database Connections

Use parameterized queries to prevent SQL injection.

1

db.session.execute("SELECT * FROM users WHERE email = :email", {"email": email})

🔹 Use HTTPS

Enable HTTPS to secure API communication.

✅ Use TLS/SSL Encrypt API communication.
🚀 Use strong headers Set **Strict-Transport-Security** headers.
🔒 Protect against CSRF Use **Flask-WTF** or **CSRF tokens**.

🔹 Secure JWT Authentication

Set token expiration to limit misuse.

1
2
3

from datetime import timedelta

app.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(hours=1)  # Expire tokens in 1 hour

📌 Summary

Flask-CORS enables secure cross-origin requests.
Rate limiting prevents excessive API calls.
Environment variables protect sensitive credentials.
Secure password hashing prevents data leaks.
HTTPS & encryption safeguard communication.

11 Deployment and Scaling

Deploying a Flask application involves configuring production-ready environments, optimizing performance, and ensuring scalability. In this section, we will cover deploying Flask on DigitalOcean, using Docker for containerized deployment, configuring Gunicorn for production, setting up Nginx as a reverse proxy, and monitoring and scaling the application.

📌 Deploying Flask on DigitalOcean

DigitalOcean is a cloud provider that offers an easy way to deploy web applications.

🔹 Steps to Deploy on DigitalOcean

1️⃣ Create a DigitalOcean Droplet

  • Go to DigitalOcean
  • Choose an Ubuntu 22.04 droplet
  • Select the required CPU & RAM (Minimum: 1GB RAM)
  • Add SSH keys for secure access

2️⃣ Connect to the Droplet via SSH

1

ssh root@your-server-ip

3️⃣ Install Required Packages

1

sudo apt update && sudo apt install python3-pip python3-venv git -y

4️⃣ Clone Your Flask Project

1
2

git clone https://github.com/your-repo/flask-app.git
cd flask-app

5️⃣ Set Up a Virtual Environment

1
2
3

python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

6️⃣ Run the Flask App (For Testing)

1

python main.py

Access your app at http://your-server-ip:5000/.

📌 Using Docker for Flask Deployment

Docker makes deployment consistent, portable, and scalable by packaging the app into a container.

🔹 Install Docker on the Server

1
2
3

sudo apt install docker.io -y
sudo systemctl start docker
sudo systemctl enable docker

🔹 Create a Dockerfile in Your Flask Project

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# Use an official Python runtime as a parent image
FROM python:3.10

# Set the working directory
WORKDIR /app

# Copy the project files
COPY . /app

# Install dependencies
RUN pip install -r requirements.txt

# Expose the port Flask runs on
EXPOSE 5000

# Define the command to run the app
CMD ["python", "main.py"]

🔹 Build and Run the Docker Container

1
2

docker build -t flask-app .
docker run -d -p 5000:5000 flask-app

Your Flask app will now be running inside a Docker container.

📌 Setting Up Gunicorn for Production

Gunicorn (Green Unicorn) is a WSGI server used for running Flask in production.

🔹 Install Gunicorn

1

pip install gunicorn

🔹 Run Flask with Gunicorn

1

gunicorn -w 4 -b 0.0.0.0:5000 main:app
  • -w 4 → Uses 4 worker processes for handling requests.
  • -b 0.0.0.0:5000 → Binds Gunicorn to port 5000.

🔹 Create a Gunicorn Systemd Service

1

sudo nano /etc/systemd/system/flask.service

Paste the following content:

1
2
3
4
5
6
7
8
9
10
11
12

[Unit]
Description=Flask Application
After=network.target

[Service]
User=root
WorkingDirectory=/home/your-user/flask-app
ExecStart=/home/your-user/flask-app/venv/bin/gunicorn -w 4 -b 0.0.0.0:5000 main:app
Restart=always

[Install]
WantedBy=multi-user.target

🔹 Start and Enable Gunicorn

1
2

sudo systemctl start flask
sudo systemctl enable flask

Gunicorn is now managing your Flask app in production.

📌 Using Nginx as a Reverse Proxy

Nginx is a high-performance reverse proxy that sits between Flask (Gunicorn) and the internet, improving security and performance.

🔹 Install Nginx

1

sudo apt install nginx -y

🔹 Configure Nginx for Flask

1

sudo nano /etc/nginx/sites-available/flask

Paste the following configuration:

1
2
3
4
5
6
7
8
9
10
11

server {
    listen 80;
    server_name your-domain.com;

    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

🔹 Enable and Restart Nginx

1
2
3

sudo ln -s /etc/nginx/sites-available/flask /etc/nginx/sites-enabled/
sudo systemctl restart nginx
sudo systemctl enable nginx

Now, Nginx will forward requests to your Flask app running via Gunicorn.

📌 Monitoring and Scaling the Application

Monitoring ensures that your application runs efficiently and scales properly.

🔹 Monitor Flask Logs

Check Flask logs to debug issues:

1

journalctl -u flask -f

🔹 Monitor Gunicorn Performance

1

ps aux | grep gunicorn

🔹 Monitor Nginx Logs

1
2

sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

🔹 Scaling Flask Application

**Method** **Description**
**Increase Gunicorn Workers** More processes to handle requests (e.g., `gunicorn -w 8`).
**Use Load Balancers** Distribute traffic between multiple Flask servers.
**Use Docker Swarm/Kubernetes** Containerized scaling of Flask apps.
**Optimize Database Queries** Use indexes, caching, and connection pooling.

📌 Summary

Deploy Flask on DigitalOcean with a secure droplet setup.
Use Docker for containerized deployment.
Run Flask with Gunicorn for production performance.
Configure Nginx as a reverse proxy.
Monitor logs and scale Flask for high traffic.

1️2 Final Project: Building a Full-Stack Application

This project is a Task Management System, allowing admins, managers, and employees to manage tasks, users, reports, and notifications using a secure and scalable backend.

🚀 GitHub Repo: Task Management App
📺 YouTube Tutorial: Full Flask Backend Development Guide

Key Features

User Registration & Authentication with JWT
Role-Based Access Control (RBAC) for admins, managers, and employees
Task Management System with CRUD operations
Automated Email Notifications using Flask-Mail
Daily Task Reminders for Employees at 10 AM
Admin & Manager Reports via Email
Redis Caching & Celery for Background Jobs
RESTful API Design using Flask-RESTful
Deployed with Docker, Gunicorn, and Nginx

📌 Project Overview

This Task Management System supports:

  • User Management (Registration, Approval, Role Management)
  • Task Assignment & Tracking (CRUD operations for tasks)
  • Automated Email Notifications (Signup, Daily Reminders, Reports)
  • Security Features (Role-Based Access Control, JWT Authentication)
  • Deployment & Scaling (Dockerized Flask App with Gunicorn & Nginx)

The system follows a role-based hierarchy:

RolePermissions
AdminFull control over users & tasks, generate reports
ManagerAssign tasks, manage employees, generate reports
EmployeeView & complete assigned tasks

📌 Designing the Database Schema

This system consists of two main tables: User and Task.

🔹 User Model

Each user has an ID, username, email, password, role (admin/manager/employee), approval status, and timestamps.

🔹 Task Model

Each task contains an ID, title, description, status (pending/in-progress/completed), deadline, assigned user, and timestamps.

🔹 Users need admin approval before they can access the system.
🔹 Tasks can only be modified by assigned employees, managers, or admins.

📌 Implementing Authentication and Authorization

🔹 User Registration & Login

  • Users can sign up with their details (name, email, password, role).
  • Admins approve or reject users before they gain access.
  • JWT-based authentication ensures secure session management.

🔹 Role-Based Access Control (RBAC)

  • Admin-only endpoints (/users/pending, /users/<id>/approve, /stats)
  • Manager-only endpoints (/tasks, /task/<id>/assign)
  • Employee-specific tasks (/tasks/mine, /task/<id>/status)

🔹 RBAC is enforced using decorators like @role_required(["admin"]).

📌 Building RESTful API Endpoints

The API follows RESTful principles, using Flask-RESTful for structured request handling.

🔹 Authentication Endpoints
EndpointMethodAccessDescription
/loginPOSTPublicAuthenticate users and generate JWT tokens
/registerPOSTPublicAllow new users to register
/users/pendingGETAdminList all pending user approvals
/users/<id>/approvePUTAdminApprove a user
/users/<id>/rejectDELETEAdminReject a user
🔹 Task Management Endpoints
EndpointMethodAccessDescription
/tasksGETAdminRetrieve all tasks
/tasks/mineGETEmployeeFetch assigned tasks for the logged-in employee
/task/<id>GETAssigned User, Manager, AdminGet task details
/tasksPOSTManager, AdminCreate a new task
/task/<id>PUTManager, AdminUpdate task details
/task/<id>/statusPUTEmployee, Manager, AdminUpdate task status
/task/<id>/assignPUTManagerAssign a task to an employee
🔹 Reports & Statistics
EndpointMethodAccessDescription
/statsGETAdmin, ManagerGet system-wide statistics

📌 Caching Data and Using Celery Tasks

🔹 Redis for Caching

  • API responses are cached to reduce database load.
  • Frequently accessed queries (like task lists) are stored in Redis.

🔹 Celery for Background Jobs

  • Sends emails asynchronously without blocking user requests.
  • Daily Task Reminders run at 10 AM for employees.
  • Admin & Manager Reports are sent automatically.

📌 Integrating Email Notifications

🔹 Welcome Email on Signup

  • Sends a welcome email to new employees upon successful registration.

🔹 Daily Task Reminder Emails

  • Every morning at 10 AM, employees receive an email listing pending tasks.

🔹 Task Summary Reports

  • Managers and Admins can request a task summary to be sent via email.

🔹 Flask-Mail Configuration

  • Uses SMTP (smtpout.secureserver.net) for email delivery.
  • Stores credentials securely in environment variables.

📌 Deploying the Final Application

🔹 Deployment Stack
TechnologyPurpose
GunicornWSGI server for handling multiple requests
NginxReverse proxy to handle traffic efficiently
DockerContainerized deployment for consistency
RedisCaching system to optimize database performance
CeleryAsynchronous task execution for background jobs

🔹 Deployment Steps

1️⃣ Run Flask with Gunicorn

1

gunicorn -w 4 -b 0.0.0.0:5000 main:app

2️⃣ Set Up Nginx Reverse Proxy

1
2
3
4
5
6
7

server {
    listen 80;
    server_name your-domain.com;
    location / {
        proxy_pass http://127.0.0.1:5000;
    }
}

3️⃣ Run the Application with Docker

1
2

docker build -t flask-task-app .
docker run -d -p 5000:5000 flask-task-app

4️⃣ Set Up a Background Scheduler for Emails

1

celery -A tasks.celery worker --loglevel=info

📌 Summary

Role-Based Access Control (RBAC) for secure authentication.
Flask-RESTful API for structured backend design.
Redis caching & Celery background tasks for performance.
Automated email notifications for task management.
Dockerized deployment using Gunicorn & Nginx.

🚀 GitHub Repo: Task Management App
📺 YouTube Tutorial: Full Flask Backend Development Guide

🎯 Congratulations! You’ve built a complete Flask backend system! 🎯

Development
vue
This post is licensed under CC BY 4.0 by the author.