Fullstack Flask: Handling File Uploads and Downloads via APIs

In modern web applications, file upload and download functionalities are essential—whether you're building a document management system, image-sharing platform, or a backend for mobile apps. Flask, a lightweight Python web framework, offers simple yet powerful tools to handle these operations securely through REST APIs. In this blog, we’ll walk through how to implement file uploads and downloads in a fullstack Flask application.


Why Handle File Uploads and Downloads via APIs?

APIs allow frontend and mobile applications to interact with your Flask backend, making file transfer operations seamless across platforms. Using RESTful endpoints, files can be stored on the server, retrieved by clients, and even integrated with cloud storage solutions if needed.


Setting Up Your Flask App

Before diving into the code, ensure Flask is installed:

bash


pip install Flask

Create a basic Flask app structure:


bash


/app

  ├── uploads/

  ├── app.py

Handling File Uploads

Let’s create an API endpoint to upload files. Flask provides a request.files object to work with uploaded files.


python


from flask import Flask, request, jsonify

import os


app = Flask(__name__)

UPLOAD_FOLDER = 'uploads'

app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER


@app.route('/upload', methods=['POST'])

def upload_file():

    if 'file' not in request.files:

        return jsonify({'error': 'No file part in the request'}), 400


    file = request.files['file']

    if file.filename == '':

        return jsonify({'error': 'No selected file'}), 400


    filepath = os.path.join(app.config['UPLOAD_FOLDER'], file.filename)

    file.save(filepath)

    return jsonify({'message': 'File uploaded successfully', 'filename': file.filename}), 200

Tips for production:

Validate file extensions (.pdf, .jpg, etc.)

Rename files to avoid collisions

Store metadata in a database


Handling File Downloads

To allow users to download files, use Flask’s send_from_directory() function.


python

Copy

Edit

from flask import send_from_directory


@app.route('/download/<filename>', methods=['GET'])

def download_file(filename):

    try:

        return send_from_directory(app.config['UPLOAD_FOLDER'], filename, as_attachment=True)

    except FileNotFoundError:

        return jsonify({'error': 'File not found'}), 404

Now, users can access /download/sample.pdf to download files previously uploaded.


Frontend or API Client Example

A simple cURL command to upload a file:


bash

Copy

Edit

curl -X POST -F "file=@sample.pdf" http://localhost:5000/upload

To download a file:


bash

Copy

Edit

curl -O http://localhost:5000/download/sample.pdf

You can also integrate this with frontend frameworks (React, Vue) using Axios or fetch() for smoother user interaction.


Security Best Practices

File validation: Only accept specific file types.

Sanitize filenames: Use Python’s secure_filename() from werkzeug.utils.

Limit file size: Prevent denial-of-service attacks by restricting file size using MAX_CONTENT_LENGTH.

Authentication: Protect file endpoints using JWT or session-based auth.


Conclusion

Handling file uploads and downloads via APIs in Flask is straightforward but must be done carefully to ensure security, scalability, and usability. By creating RESTful endpoints and adding proper validation, you can build reliable file-handling features in any fullstack application. Whether you're working with images, documents, or multimedia files, Flask gives you the flexibility and control to manage file transfers efficiently.

Learn FullStack Python Training Course

Read More : Building CRUD APIs with Flask and SQLAlchemy

Read More : Flask and OpenAPI: Designing APIs with Swagger for Fullstack Applications

Read More : Fullstack Python: Implementing GraphQL APIs in Flask

Visit Quality Thought Training Institute

Get Direction


Comments

Post a Comment

Popular posts from this blog

Using ID and Name Locators in Selenium Python

When automating browser tasks with Selenium in Python, one of the first challenges is identifying and interacting with web elements. Selenium offers multiple strategies for locating elements, and two of the simplest and most effective methods are using the ID and Name locators. These locators are fast, reliable, and easy to use, making them ideal for beginners and experienced testers alike. In this blog post, we’ll dive into how ID and Name locators work in Selenium Python, provide examples, and share best practices to help you write clean and maintainable test scripts. What Are Locators in Selenium? Locators in Selenium are methods used to find elements on a web page. Selenium supports several locator types, including: ID Name Class Name Tag Name Link Text CSS Selector XPath Among these, ID and Name locators are often the most efficient because browsers optimize them for speed and accuracy. Setting Up Selenium with Python Before using locators, ensure you have Selenium installed: bash...
Read more

Tosca vs Selenium: Which One to Choose?

Choosing the right test automation tool can make or break the efficiency of your QA process. Two widely discussed tools in the test automation space are Tosca by Tricentis and Selenium, the open-source web automation framework. While both tools aim to automate testing and accelerate software delivery, they cater to different needs and teams. In this blog, we’ll provide a comprehensive comparison between Tosca and Selenium to help you decide which one suits your project best. Overview Selenium is an open-source framework primarily used for automating web applications. It supports multiple languages (Java, Python, C#, etc.) and browsers, making it ideal for custom, flexible automation solutions. Tosca, on the other hand, is a commercial test automation tool that supports model-based testing, API testing, mobile, desktop, and even SAP testing. It's designed for enterprise-grade testing with minimal scripting. Key Comparison: Tosca vs Selenium Feature          ...
Read more

Implementing Rate Limiting in Flask APIs with Flask-Limiter

In today’s digital landscape, APIs are the backbone of many applications, enabling smooth data exchange and service communication. However, APIs are also prime targets for abuse, such as excessive requests, scraping, or brute-force attacks. To protect your API and ensure fair usage, rate limiting is essential. In this blog post, we’ll explore how to implement rate limiting in Flask APIs using the powerful and easy-to-use Flask-Limiter extension. What is Rate Limiting? Rate limiting is the process of controlling the number of requests a user or client can make to an API within a specific time frame. This helps: Prevent API abuse or denial-of-service (DoS) attacks. Ensure fair usage across multiple users. Reduce server load and preserve system performance. Getting Started with Flask-Limiter Flask-Limiter is a Flask extension that integrates seamlessly with your application and offers flexible rate-limiting options. Step 1: Installation Install Flask and Flask-Limiter using pip: bash pip ...
Read more