This chapter began somewhat differently than the previous ones. Our objective was to create a JSON-based API instead of a typical web application that produced HTML and consumed submitted HTML form data.

We first took a bit of a sidestep to explain the existence and usefulness of Werkzeug and then created a basic API with a Flask extension called Flask-RESTful. Next, we made sure that our API could be protected by requiring authentication and explained the subtle but fundamental difference between authentication and authorization.

We then looked at how we could implement validation rules for our API in order to ensure that clients could create valid resources (for example, new users, upload photos, and so on). We implemented several functional ...