DEV Community: kumar ramanathan

Rest api 3: Create Item in store

kumar ramanathan — Wed, 11 Feb 2026 14:13:45 +0000

Requirement:
We have list stores , need to append item from the rest api end point using path param input as store name and item in request body.

our new method will be below for this case:

@app.post("/stores/<string:store_name>/items")
def create_item_in_store(store_name):
    request_data = request.get_json()
    for store in stores:
        if store["name"] == store_name:
            new_item = {"name": request_data["name"], "price": request_data["price"]}
            store["items"].append(new_item)
            return new_item, 201
    return {"message": "store not found"}, 404

in post man using the below url and input hit the api end point :

now again retrieve all the data:

Now we will try to add more then one item in to the request, to access more than one item we need to modify our code logic little bit

@app.post("/stores/<string:store_name>/items")
def create_items_in_store(store_name):
    request_data = request.get_json()
    for store in stores:
        if store["name"] == store_name:
            for item in request_data["items"]:
                new_item = {"name": item["name"], "price": item["price"]}
                store["items"].append(new_item)
            return {"message": "items created"}, 201
    return {"message": "store not found"}, 404

now hit the get stores again

Rest API 2: Create Store and retrieve all stores

kumar ramanathan — Tue, 10 Feb 2026 14:10:11 +0000

Requirement:
Need to create a new store in our My store.

Scenario1:
We create a dummy post method in our code with pass , try to hit from post man using post request and see what is the response flask provides.

from flask import Flask,app
app = Flask(__name__)

stores = [
    {
    "name": "my store",
    "items": [
        {"name": "my item",
            "price": 15.99
        }
    ]
}
]

@app.get("/stores")
def get_stores():
    return stores

@app.post("/stores")    
def create_store():
    pass

Output:

As we see we are getting 500 internal server error. This is due to Flask always expects a response.

Scenario 2:
Now change the code snippet to below:

@app.post("/stores")    
def create_store():
    pass

Restart the server and hot from post man you get below.

Scenario 3:
Now add a code to add the incoming data from post request to the stores in our app and show it back.

For this one to read the inputs from the request , we need to import request from flask like below. After using the request object read the values.

from flask import Flask, request
app = Flask(__name__)

stores = [
    {
    "name": "my store",
    "items": [
        {"name": "my item",
            "price": 15.99
        }
    ]
}
]

@app.get("/stores")
def get_stores():
    return stores

@app.post("/stores")    
def create_store():
   request_data = request.get_json()
   new_store = { "name": request_data["name"], "items": []}
   stores.append(new_store)
   return new_store, 201

output:

Now hit our get endpoint

First Rest api end point

kumar ramanathan — Mon, 09 Feb 2026 14:20:47 +0000

Requirement:
Create a stores list with a dictionary of stores and items. items is again a list with dictionary of name and price.
Create a method which has a get endpoint to get the stores details in the list.

from flask import Flask,app
app = Flask(__name__)

stores = [
    {
    "name": "my store",
    "items": [
        {"name": "my item",
            "price": 15.99
        }
    ]
}
]

@app.get("/stores")
def get_stores():
    return stores

Save the code in the VS code editor.

In your venv , run flask and hit the browser or post man with the URL
http://127.0.0.1:5000/stores

you get below output:

Python Flask set up in VS Code windows 11

kumar ramanathan — Mon, 09 Feb 2026 13:52:28 +0000

Install VS Code and python

UVS Code : sing Microsoft installer from the page: https://code.visualstudio.com/download

Python: https://www.python.org › downloads

step 1 : Set up new VSCode project

Create a folder Mystore in documents
Open that folder in vscode

Step 2:open terminal in terminal -> new terminal

click on + sign
choose cmd for windows
type command python -m venv .venv

Now you all set with virtual enviornment

Note: Make sure next you enable the Microsoft extension for python by clicking ctr+shift+x

step 3: Now setting interpreter
type ctrl+shift+p , search interpreter , choose python recommended version

step 4: Install flask
python -m pip install flask

Note: if you unable to find the installed flask libs under venv , possibly it is installed in your python installation folder. If so follow below.

(.venv) C:\Users\kumar\Documents\2026\Minimal execution plan\mypthon\Mystore>rmdir /s /q .venv

(.venv) C:\Users\kumar\Documents\2026\Minimal execution plan\mypthon\Mystore>python -m venv .venv

(.venv) C:\Users\kumar\Documents\2026\Minimal execution plan\mypthon\Mystore>.venv\Scripts\activate

(.venv) C:\Users\kumar\Documents\2026\Minimal execution plan\mypthon\Mystore>python -m pip install flask

Step 5: Run flask
(.venv) C:\Users\kumar\Documents\2026\Minimal execution plan\mypthon\Mystore>flask run

Debug mode: off WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. ** * Running on http://127.0.0.1:5000 Press CTRL+C to quit**

As you see above flask server started in the above URL.

Step 6: Stop flask
give ctl+c

Spring Security Basic Authentication

kumar ramanathan — Tue, 29 Apr 2025 10:52:14 +0000

Spring security can be implemented in many ways. Common ways are
a. basic authentication
b. form based authentication
c. digest authentication
d. oauth authentication
e. ldap authentication
f. JWT authentication
g. SAML authentication

Basic authentication is used for test application , apis with low level security is needed. Here username and password is encoded in base4 format. No encryption operation.

How to implement a simple basic authentication.

step1: include gradle dependency "'org.springframework.boot:spring-boot-starter-security'"

Create a spring security configuration class:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityWebConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception{
        httpSecurity.authorizeHttpRequests(
                auth -> auth.requestMatchers("/hello").authenticated()
                        .anyRequest().authenticated())
                .httpBasic(Customizer.withDefaults());
        return httpSecurity.build();
    }

    @Bean
    public InMemoryUserDetailsManager userDetailsService() {
        UserDetails user = User.withUsername("user")
                .password(passwordEncoder().encode("password"))
                .roles("USER")
                .build();
        return new InMemoryUserDetailsManager(user);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


}

Here the flow will work in this way !

Instead inMemoryUserDetailsManager we can use : JdbcUserDetailsManager to get details from a DB.

Spring Security

kumar ramanathan — Tue, 29 Apr 2025 01:22:11 +0000

What is spring security ?
Spring Security is a framework helps to protect web apps, apis, MVC applications from external security issues. It helps to authenticate , authorize, protect the app from externals hackers.

Authenticate:
Identify the user is a valid user to enter/use our application.

Authorization:
Identified user's permission to access a particular resource inside the application.

In spring boot we have a Gradle/maven dependency 'org.springframework.boot:spring-boot-starter-security' helps to add spring security feature in our application.

By default we have added the "form based authentication" , it prompts for user name and password .

Default user name is user, password get from the spring boot application started terminal:

Spring security filters:
When a http requests comes it will land in set of filter chain which handles the security operations. Below Diagram shows the flow.

In a spring mvc application,

Client send the request to tomcat servlet container
Container sends the http request to dispatcher servlet in the format of http servlet.
Dispatcher servlet with help of handler mapping , transfers the request to controller
After dispatcher servlet using view resolver send the data back to tomcat container 5.Tomcat container converts the servlet response to http response and send it to client

Here the filter chain is created by Tomcat which contains the filters responsible to map the request to dispatcher servlet. Dispatcher servlet will do all remaining.

Filters as in above diagram can be a single filter/ filter chain that will be handled by servlet api.

DelegatingFilterProxy

The management of filters will be handed over to spring IOC container through a filter called DelegatingFilterProxy.

FilterChainProxy

FilterChainProxy is a special type of filter provided by spring security helps to delegate multiple filters using the class securityfilterchain

Securityfilterchain:
Securityfilterchain is used by filterchainproxy to identify which security filter should be invoked to handle the current request.

Even we have multiple security filter chains , filterchain proxy identify which secuirtyfilter chain should be used.

Basic Flow of Spring security:
Basically the https request passed to securityfilterchain, filter communicates with Authentication manager object which contains authorize method , which in turn communicates with Authentaicationproviders provided by spring (LDAPauthentication provider,oauthauthenticationprovider,daoauthenticationprovider) , which in turn calls the userdetails object which has implementations for "cachinguserdetailsservice", "inmemoryuserdetailsservice","JDBCdaoImpl"
service.