if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

	users := r.Form["users"]
	isAll := r.Form.Get("all") == "true"
	selfOnly := !isAll && len(users) == 0

	if isAll && len(users) > 0 {
		// This should be checked on client side, so return generic error
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL)

				if err != nil {
					return err
				}
				c.mustNotListObjects(ctx, uClient, bucket)
				return nil
			}
		}(i), i)
	}
	if errs := g.Wait(); len(errs) > 0 {
		c.Fatalf("unable to remove users: %v", errs)
	}

# OpenAPI Webhooks { #openapi-webhooks }

There are cases where you want to tell your API **users** that your app could call *their* app (sending a request) with some data, normally to **notify** of some type of **event**.

This means that instead of the normal process of your users sending requests to your API, it's **your API** (or your app) that could **send requests to their system** (to their API, their app).

This is normally called a **webhook**.

    }

    // Test delete with multiple users
    public void test_delete_multipleUsers() {
        TestAuthenticationChain chain = new TestAuthenticationChain();
        List<User> users = new ArrayList<>();
        for (int i = 0; i < 5; i++) {
            users.add(createTestUser("user" + i, "User " + i));
        }

        for (User user : users) {
            chain.delete(user);
        }

					Schema:      "User",
					FieldSchema: "Toy",
					Polymorphic: Polymorphic{ID: "OwnerID", Type: "OwnerType", Value: "users"},
					References: []Reference{
						{ForeignKey: "OwnerType", ForeignSchema: "Toy", PrimaryValue: "users"},
						{ForeignKey: "OwnerType", ForeignSchema: "Toy", PrimaryValue: "users"},
					},
				},
				"Toys": {
					Name:        "Toys",
					Type:        schema.HasMany,

			} else if u2.Name != users[1].Name || u2.ID != users[1].ID {
				t.Errorf("found invalid user, got %v, expect %v", u2, users[1])
			}

			if users, err := reusedb.Where("id IN ?", []uint{users[0].ID, users[1].ID}).Find(ctx); err != nil {
				t.Errorf("failed to find user, got error: %v", err)
			} else if len(users) != 2 {
				t.Errorf("should find 2 users, but got %d", len(users))
			}
			sg.Done()
		}()
	}
	sg.Wait()
}

```

### Include the `APIRouter`s for `users` and `items` { #include-the-apirouters-for-users-and-items }

Now, let's include the `router`s from the submodules `users` and `items`:

```Python hl_lines="10-11" title="app/main.py"
{!../../docs_src/bigger_applications/app/main.py!}
```

/// info

`users.router` contains the `APIRouter` inside of the file `app/routers/users.py`.

MinIO supports multiple long term users in addition to default user created during server startup. New users can be added after server starts up, and server can be configured to deny or allow access to buckets and resources to each of these users. This document explains how to add/remove users and modify their access rights.

## Get started

In this document we will explain in detail on how to configure multiple users.

### 1. Prerequisites

	for cfgName, usersMap := range cfgToUsersMap {
		users := make([]madmin.OpenIDUserAccessKeys, 0, len(usersMap))
		for _, user := range usersMap {
			users = append(users, user)
		}
		sort.Slice(users, func(i, j int) bool {
			return users[i].MinioAccessKey < users[j].MinioAccessKey
		})
		resp = append(resp, madmin.ListAccessKeysOpenIDResp{
			ConfigName: cfgName,
			Users:      users,
		})
	}

MinIO supports multiple admin users in addition to default operator credential created during server startup. New admins can be added after server starts up, and server can be configured to deny or allow access to different admin operations for these users. This document explains how to add/remove admin users and modify their access rights.

## Get started