This project implements a small but realistic secure REST API using Flask. It focuses on:
- Input validation for incoming JSON payloads
- Structured error handling with JSON responses
- Request/response logging to a file
- Simple in-memory rate limiting per client IP
- Clean, readable Python code suitable for learning, demos or small prototypes
The API exposes a minimal /api/v1/items resource that supports creating and listing items.
Data is kept in memory for simplicity (no external database required).
You can use the following topics/tags in your repository:
flask β’ rest-api β’ api-security β’ input-validation β’ rate-limiting β’
logging β’ python-project β’ backend-development β’ web-api
-
POST /api/v1/items
Creates an item with validated fields:name(string),quantity(int β₯ 1),price(float β₯ 0). -
GET /api/v1/items
Returns the list of all created items in memory. -
GET /health
Simple health-check endpoint.
- Rejects invalid JSON payloads with a clear error message
- Validates field types and constraints
- Logs each request with method, path, status code and client IP
- Applies a basic, IP-based rate limit window to mitigate abuse
- Hides internal error details behind generic 500 responses
src/app.pyβ Main Flask application (routes, validation, rate limiting, error handlers)src/config.pyβ Configuration values (rate limit, log file path, etc.)src/rate_limiter.pyβ Simple in-memory rate limiter implementationsrc/validators.pyβ Input validation utilitiessrc/logging_conf.pyβ Central logging configurationlogs/app.logβ Request and error logs (created at runtime)requirements.txtβ Python dependencies
- (Optional) Create and activate a virtual environment:
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate- Install dependencies:
pip install -r requirements.txt- Run the API:
python src/app.py- Example requests (using
curl):
# Health check
curl http://127.0.0.1:5000/health
# Create an item
curl -X POST http://127.0.0.1:5000/api/v1/items -H "Content-Type: application/json" -d '{ "name": "Laptop", "quantity": 2, "price": 1499.90 }'
# List items
curl http://127.0.0.1:5000/api/v1/itemsThis project is intentionally small but written in a clean and extensible way, so you can easily grow it into a larger service or use it as a teaching example for secure API design basics.