DAY-1

1. About Project:
This project is for analyzing Bank statements or Transactions. In this project we will develop
a model which can analyze our transactions and provide us details like where we are using
our money. It shows us where we spend more or less, how much ,and how frequently. It also
categorizes our transactions like entertainment, grocery, transport etc. In this project we will
be using API integration, accurate OCR data extraction, comprehensive salary and expenses
analysis ,and full deployment and integration with existing financial systems.
It is mostly suitable for large companies where there are a lot of bank statements to
categorize. They will be able to picture where and how their money is being spent.

2. Fetching Data:
For providing data to our model for Testing we can use Kaggle or other sites which provides
data sets or We can even create our own data i.e. synthetic data or dummy data.

3. What is Synthetic Data ?

The data which is not real and created by humans for a particular purpose like for testing in
our case. This data is then fed to our model for categorizing it.

4. What is Merchant Category Code?

A merchant category code (MCC) is a four-digit number that categorizes a business based on
the type of goods or services it offers. For example if we go to purchase some grocery from
local store our system can scan its MCC for placing it on grocery category or it can trace the
location. The MCC for grocery is 5411.

5. Why are we using API’s and not LLM?

LLM’s are good but they lack high computational power and it is less suitable for our project
so we are using API’s.

DAY-2
1. What are the types of API’s
Authentication and Authorization are the types of API

Authentication:

This is the process of verifying who someone is. When we log in to a website, for example,
we typically enter a username and password. The system checks these credentials against its
database to confirm our identity.
Authorization:
Once our identity is verified, the system needs to know what we're allowed to do.
Authorization determines our access level and permissions. For example, after logging in to a
website (authenticated), we may be allowed to view our profile (authorized) but not change
system settings if we're not an admin. In essence, authorization answers the question, "What
can you do?"

2. What are the types of Authentication?

OAuth and Multi-Factor are the types of Authentication

OAuth (Open Authorization):

It is an authorization framework that allows users to grant applications access to their

information without sharing their passwords or personal details, like using Google Account or
Gmail.

Multi-Factor Authentication (MFA):

Requires a user to pass multiple factors to gain access to a service or network. MFA methods
include one-time passwords (OTPs) generated from a smartphone, Captcha tests, fingerprints,
voice biometrics, or facial recognition.

3. What is a token ?

A token is nothing but a temporary key that allows a user to log in to a service and access
protected resources without re-entering their credentials every time they log in.

DAY-3

1. About HTTP:
Hypertext Transfer Protocol (HTTP) is a set of rules that govern how data is transmitted over
the web. It defines how messages are formatted and transmitted, and how web servers and
browsers should respond to various commands. It is a CLIENT-SERVER protocol.

2. What are HTTP requests?

HTTP requests are messages sent by a client (like a web browser) to a server to request
resources or perform actions on a web server.

Methods of HTTP request:

GET: Used to retrieve data from a server.

POST: Used to create new resources.

PUT: Used to replace an existing resource with an updated version.

PATCH: Used to update an existing resource.

DELETE: Used to remove data.

HEAD: retrieve header only

Components of http requests:

URL: The address of the resource being requested.

Headers: These provide additional information(metadata) about the request, such as the type
of data being sent or accepted, authentication credentials, and more.

Body: This is optional and typically used with methods like POST and PUT to include data to
be sent to the server.

Query Parameter: A defined set of parameters attached at the end of an URL used to provide
additional information to a web server when making requests.

3. What is Meta Data?

A set of data that provides the information about the data in the website simply, it is the data
about the data.

4. What are common HTTP headers?

Content type:

The content-type provides the information about the media type and the format of the content
in the request body.

Authorization:

It is used to send the client’s credentials to the server when client is attempting to access a
protected resource.

Accept:

It defines the media types that are accepted by the client from the server.

5. HTTP Response:
An HTTP response is a message sent by a server back to a client (like a web browser) after
receiving an HTTP request. It contains the information requested by the client or the status of
the request. Here's a breakdown of its main components:

Status Line: This includes the HTTP version, status code, and a reason phrase.

For example: HTTP/1.1 200 OK

Headers:
These provide additional information about the response, such as content type, date, server
details, and more.

For example: Content-Type: text/html

Body:
This contains the actual data being returned, such as the HTML of a web page, an image, or
other resource. The body is optional and often used for successful responses (like 200 OK).

Status Code:
1xx (Informational):

100 Continue: The server received the initial part of the request and the client should
continue.

2xx (Success):

200 OK: The request was successful.

201 Created: The request was successful and a new resource was created.

3xx (Redirection):

301 Moved Permanently: The resource has been moved to a new URL permanently.

302 Found: The resource is temporarily located at a different URL.

(Client Error): 4xx

400 Bad Request: The request was malformed or invalid.

401 Unauthorized: Authentication is required and has failed or not been provided.

404 Not Found: The requested resource could not be found.

5xx (Server Error):

500 Internal Server Error: The server encountered an unexpected condition.

503 Service Unavailable: The server is currently unable to handle the request due to
maintenance or overload.

6. File Format in API:

The most common formats found in modern APIs are JSON (JavaScript Object Notation) and
XML (Extensible Markup Language).

JSON (JavaScript Object Notation)-

Widely used due to its readability and ease of use with JavaScript.
Advantages:
Simplicity: JSON is lightweight, easy to use, and has minimal syntax

Fast data transfer: JSON's small file size makes it ideal for scenarios where parsing speed is
important

Disadvantages:
Limited data types: JSON lacks built-in support for complex data types

It doesn't support comments.

XML (extensible Markup Language)-

More verbose than JSON but flexible and widely used in applications.

Advantages:
XML is easy to read and write, making it accessible for anyone to understand.

It allows for easy preservation of backward and forward compatibility.

Disadvantages:
XML syntax is redundant or large relative to binary representation of same data.

XML is not much good at handling of large data.

DAY-4:

Flask:
It is a lightweight WSGI web application framework in Python. It's designed to be easy to get
started with, but also powerful enough to support complex applications. Flask provides the
tools, libraries, and technologies needed to build a web application.

Jsonify:
It is used to format python dictionaries into JSON responses i.e. in human readable format.

Code:
Output:
Home page

/hello:
DAY-5:
Api keys are used for authentication of users. It is used to protect the data from unauthorized
users. A user can access the data only when they have the key.

Code:

Output:
Before accessing secure data
/secure-data
Note: add API key to the extension for request header

A client must include an x-api-key header in the HTTP request with the value
"mysecretapikey"(API_KEY )

If the key matches, the client receives the response:

{"message": "This is secured data"}

If the key is missing or incorrect, the client gets an HTTP 401 Unauthorized error.

TASK-
To get the data from weather App.

Code:
DAY-6
API limit-
Falsk Limiter: It is used for rate limiting i.e. a user can send the specified no.of requests at a
time . if the limit is reached they have to wait until they are allowed to send requests again.
get_remote_address: A utility function provided by Flask-Limiter to determine the IP address
of the client making the request. This is used to apply rate-limiting on a per-client basis.

Code:

Here the limit is 3 per minute

Output:

Once we exceed the limit we get the output as:

Error Handling:
Error handling is a process to handle errors when they occur. Instead of showing the error to
the user in code we can just show the status code with a message. This will prevent the data
from unauthorized users like hackers and prevent vulnerabilities.

Code:
Output:

Accessing the root URL (http://127.0.0.1:5000/) returns "welcome to Home Page".

Accessing a non-existent route (e.g., /non_existent) triggers the 404 Error Handler.

The response is:

{"error": "Resource not found"}

DAY-7:
Code:

The logs of the user i.e their activity will be stored in api.log file
Version:
There are various versions of an application. Suppose there are 2 version
Version 1
Version 2
The developer can allow the user to choose the version according to their preference or he
can make any version as the default version.

Code:
Output:

TASK – Accessing bank API

I choose Union Bank and created developer’s account
Code:
Now using postman I created dummy accounts:

Customer authentication:
Accounts:
Access Token:

Balance check:
Creating sandbox account:

TASK- To use Oauth-2.0 for log in

Code:
Output:
DAY-8:
Token:
A token is used to verify the identity of a user.
It is a temporary key that is generated to give access to data for particular session.
One can even share token when he/she is in the session with the owner’s concern.
Tokens are of 2 types
Session token
Refresh token

Session token: It is used to track a user’s session.

It is created when a user logs in and is stored either in a cookie or in memory on the client
side. The server uses this token to identify the user across different requests and maintain the
state (session) between requests.
After logging in, the user is assigned a session ID, and this session ID is sent with every
request as a cookie to identify the user on the server.
Refresh token:
It is used to obtain a new authentication token when the original one expires.
It is also a key but for longer duration example for days, weeks or even months.

Problems in using Refresh tokens:

As it has long duration when the token is stolen, one can generate multiple new tokens and
steal the information and can even change the owner details.
if he generates new tokens, he gets long term access then he performs unauthorized activities
like accessing personal information selling it using it in bad way.
To avoid this problem we can :
 Use https to encrypt the tokens so that unauthorized users cannot access the token.
Even if he/she tries to decrypt during all this process the token is going to expire.
 Use second factor authentication.

API DATA VALIDATION:

DATA PREPROCESSING: Data pre-processing is a critical step in preparing a dataset for

analysis or machine learning. The quality of the data directly influences the performance of
machine learning models or statistical analysis. Pre-processing ensures that the data is clean,
consistent, and ready for modeling.

Handling Missing Data

Missing data can occur for various reasons and can affect the quality of your model. Handling
missing values is a key aspect of data pre-processing.
 Identify Missing Data: First, check for missing values.
 Imputation: Fill missing values with specific values like the mean, median, mode, or use
techniques like interpolation.
 Remove Rows or Columns: If missing data is substantial, you might decide to drop rows
or columns with missing values.

DAY-9:

What Is Data?
Data is collection of Information. It refers to raw facts, figures, or information that can be
processed and analysed.
Data is of 3 types:

Structured Data:
As the name itself says structured i.e. in the form of rows and columns it is neat and easy to
understand It is suitable for querying.
Ex: Databases, Spreadsheets etc….
Semi structured Data:
Combination of structured and unstructured data. it is mainly stored in json or xml files
it may or may not contain additional information. it may not be that suitable for querying.
Ex: JSON, XML.
Unstructured Data: No specific rules or structure
like text doc, images, videos and audio files. It is very complicated for a computer to store
them in structured manner.

DAY 10:
Google Log in Code Discussion.

DAY 11:

TASK- Research About OCR

OCR(Optical Character Recognition):

It is a technology to analyse data in the form of doc, image, pdf into editable and searchable
data.

For example in our case, when we give the image of bank payslip to OCR model it analyses
the image by dividing it into small pixels and then analyzing the text, their characteristics,
fonts etc… to give us final output or information regarding that image.

OCR recognizes text within an image and translates it into machine-readable text, making it
easier to edit, search, or store electronically.

ORIGIN OF OCR:
OCR was first introduced by Ray Kurzweil in the 1970s. He developed the Kurzweil reading
machine, the first system capable of recognizing text in multiple fonts, It was designed to
assist visually impaired by converting printed text into speech.
The Kurzweil Reading Machine worked by using the following steps:
1. Scanning: A flatbed scanner captured an image of the printed text.
2. Character Recognition: The machine applied pattern recognition algorithms to
identify individual characters and words.
3. Conversion: The recognized text was then converted into machine-readable text.
4. Speech Output: The machine used a speech synthesizer to read the text aloud to the
user.
 5. Scanning: A flatbed scanner captured an image of the printed text.
6. Character Recognition: The machine applied pattern recognition algorithms to
identify individual characters and words.
7. Conversion: The recognized text was then converted into machine-readable text.
8. Speech Output: The machine used a speech synthesizer to read the text aloud to the
user.

Real Time Applications of OCR:

1. Document Digitization: Converting paper to digital text.

2. Banking: Processing checks and receipts.
3. License Plate Recognition: Identifying vehicles for traffic management.
4. Healthcare: Scanning medical records into electronic formats.
5. Translation: Converting text for translation.
6. Automated Data Entry: Extracting data from forms.
7. Assistive Technology: Helping visually impaired by reading text aloud.