Flask is a lightweight microframework for the Web. However, as happens with Django, one of the biggest drawbacks related to Flask and Flask-RESTful is that each HTTP request is blocking. Thus, whenever the Flask server receives an HTTP request, it doesn't start working on any other HTTP requests in the incoming queue until the server sends the response for the first HTTP request it received.
We used Flask to develop a RESTful Web Service. They key advantage of these kind of Web Services is that they are stateless, that is, they shouldn't keep a client state on any server. Our API is a good example of a stateless RESTful Web Service with Flask and Flask RESTful. Thus, we can make the API run on as many servers as necessary to achieve our scalability goals. Obviously, we must take into account that we can easily transform the database server in our scalability bottleneck.
We always have to make sure that we profile the API and the database before we deploy the first version of our API. It is very important to make sure that the generated queries run properly on the underlying database and that the most popular queries do not end up in sequential scans. It is usually necessary to add the appropriate indexes to the tables in the database.
We have been using basic HTTP authentication. We can improve it with a token-based authentication. We must make sure that the API runs under HTTPS in production environments. In addition, we must make sure that we change the following line in the api/config.py file:
DEBUG = True
We must always turn off debug mode in production, and therefore, we must replace the previous line with the following one:
DEBUG = False
Tip
It is convenient to use a different configuration file for production. However, another approach that is becoming extremely popular, especially for cloud-native applications, is to store configuration in the environment. If we want to deploy cloud-native RESTful Web Services and follow the guidelines established in the twelve-factor App, we should store config in the environment.
Each platform includes detailed instructions to deploy our application. All of them will require us to generate the requirements.txt file that lists the application dependencies together with their versions. This way, the platforms will be able to install all the necessary dependencies listed in the file.
Run the following pip freeze to generate the requirements.txt file.
pip freeze > requirements.txt
The following lines show the contents of a sample generated requirements.txt file. However, bear in mind that many packages increase their version number quickly and you might see different versions in your configuration:
alembic==0.8.8 aniso8601==1.1.0 click==6.6 cov-core==1.15.0 coverage==4.2 Flask==0.11.1 Flask-HTTPAuth==3.2.1 flask-marshmallow==0.7.0 Flask-Migrate==2.0.0 Flask-RESTful==0.3.5 Flask-Script==2.0.5 Flask-SQLAlchemy==2.1 itsdangerous==0.24 Jinja2==2.8 Mako==1.0.4 MarkupSafe==0.23 marshmallow==2.10.2 marshmallow-sqlalchemy==0.10.0 nose2==0.6.5 passlib==1.6.5 psycopg2==2.6.2 python-dateutil==2.5.3 python-editor==1.0.1 pytz==2016.6.1 six==1.10.0 SQLAlchemy==1.0.15 Werkzeug==0.11.11