# Handling Errors { #handling-errors }

There are many situations in which you need to notify an error to a client that is using your API.

This client could be a browser with a frontend, a code from someone else, an IoT device, etc.

You could need to tell the client that:

* The client doesn't have enough privileges for that operation.
* The client doesn't have access to that resource.
* The item the client was trying to access doesn't exist.
* etc.

///

An environment variable (also known as "**env var**") is a variable that lives **outside** of the Python code, in the **operating system**, and could be read by your Python code (or by other programs as well).

Environment variables could be useful for handling application **settings**, as part of the **installation** of Python, etc.

## Create and Use Env Vars { #create-and-use-env-vars }

     *
     * @param originatingArtifact the artifact that was being resolved
     * @param resolvedArtifacts   artifacts that could be resolved
     * @param missingArtifacts    artifacts that could not be resolved
     * @param remoteRepositories  remote repositories where the missing artifacts were not found
     */
    public MultipleArtifactsNotFoundException(

     */
    @Nonnull
    SettingsBuilderResult build(@Nonnull SettingsBuilderRequest request);

    /**
     * Builds the effective settings of the specified settings sources.
     *
     * @return the result of the settings building, never {@code null}
     * @throws SettingsBuilderException if the effective settings could not be built
     */
    @Nonnull

# OpenAPI Callbacks { #openapi-callbacks }

You could create an API with a *path operation* that could trigger a request to an *external API* created by someone else (probably the same developer that would be *using* your API).

If there's a security flaw in your code, it will still exist.

Hiding the documentation just makes it more difficult to understand how to interact with your API, and could make it more difficult for you to debug it in production. It could be considered simply a form of <a href="https://en.wikipedia.org/wiki/Security_through_obscurity" class="external-link" target="_blank">Security through obscurity</a>.

│   └── main.py
```

In the file `main.py` you have your **FastAPI** app:


{* ../../docs_src/app_testing/main.py *}

### Testing file { #testing-file }

Then you could have a file `test_main.py` with your tests. It could live on the same Python package (the same directory with a `__init__.py` file):

``` hl_lines="5"
.
├── app
│   ├── __init__.py
│   ├── main.py
│   └── test_main.py
```

Now, let's see how you could use that to return a custom response.

Let's say that you want to return an <a href="https://en.wikipedia.org/wiki/XML" class="external-link" target="_blank">XML</a> response.

	keyBytes, err := os.ReadFile("./testdata/invalid_test_key.pub")
	if err != nil {
		c.Fatalf("could not read test key file: %s", err)
	}

	testKey, _, _, _, err := ssh.ParseAuthorizedKey(keyBytes)
	if err != nil {
		c.Fatalf("could not parse test key file: %s", err)
	}

	newSSHCon := newSSHConnMock("dillon=ldap")
	_, err = sshPubKeyAuth(newSSHCon, testKey)

For example, let's say you are using version `0.112.0` in your app.

If you use a `requirements.txt` file you could specify the version with:

```txt
fastapi[standard]==0.112.0
```

that would mean that you would use exactly the version `0.112.0`.

Or you could also pin it with:

```txt
fastapi[standard]>=0.112.0,<0.113.0
```