* 그래서 사용자는 나중에 어느 시점엔 다시 로그인해야 합니다.
        * 그리고 token이 도난당하더라도 위험이 더 낮습니다. 대부분의 경우 영구적으로 항상 동작하는 키와는 다릅니다.
* frontend는 그 token을 임시로 어딘가에 저장합니다.
* 사용자가 frontend에서 클릭해서 frontend 웹 앱의 다른 섹션으로 이동합니다.
* frontend는 API에서 더 많은 데이터를 가져와야 합니다.
    * 하지만 그 특정 endpoint에는 인증이 필요합니다.
    * 그래서 우리 API에 인증하기 위해 `Authorization` 헤더를, 값은 `Bearer `에 token을 더한 형태로 보냅니다.

[CORS or "Cross-Origin Resource Sharing"](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) refers to the situations when a frontend running in a browser has JavaScript code that communicates with a backend, and the backend is in a different "origin" than the frontend.

## Origin { #origin }

Imagine you build a way to run a local AI agent.

It provides an API at

```
http://localhost:8000/v1/agents/multivac
```

There's also a frontend at

```
http://localhost:8000
```

/// tip

Note that both have the same host.

///

Then using the frontend you can make the AI agent do things on your behalf.

```console
$ pip install websockets

---> 100%
```

</div>

## WebSockets client { #websockets-client }

### In production { #in-production }

In your production system, you probably have a frontend created with a modern framework like React, Vue.js or Angular.

And to communicate using WebSockets with your backend you would probably use your frontend's utilities.

But then, when you open the integrated docs UI (the frontend), it would expect to get the OpenAPI schema at `/openapi.json`, instead of `/api/v1/openapi.json`.

So, the frontend (that runs in the browser) would try to reach `/openapi.json` and wouldn't be able to get the OpenAPI schema.

Because we have a proxy with a path prefix of `/api/v1` for our app, the frontend needs to fetch the OpenAPI schema at `/api/v1/openapi.json`.

      Map<? extends Class<? extends S>, ? extends S> map) {
    if (map instanceof ImmutableClassToInstanceMap) {
      @SuppressWarnings("rawtypes") // JDT-based J2KT Java frontend does not permit the direct cast
      Map rawMap = map;
      @SuppressWarnings("unchecked") // covariant casts safe (unmodifiable)
      ImmutableClassToInstanceMap<B> cast = (ImmutableClassToInstanceMap<B>) rawMap;

/// tip

You could use the same technique to extend the JSON Schema and add your own custom extra info.

For example you could use it to add metadata for a frontend user interface, etc.

///

/// info

OpenAPI 3.1.0 (used since FastAPI 0.99.0) added support for `examples`, which is part of the **JSON Schema** standard.

// RUnlock - block until read lock is released.
func (di *distLockInstance) RUnlock(lc LockContext) {
	if lc.cancel != nil {
		lc.cancel()
	}
	di.rwMutex.RUnlock(lc.ctx)
}

// localLockInstance - frontend/top-level interface for namespace locks.
type localLockInstance struct {
	ns     *nsLockMap
	volume string
	paths  []string
	opsID  string
}

// NewNSLock - returns a lock instance for a given volume and

# Handling Errors { #handling-errors }

There are many situations in which you need to notify an error to a client that is using your API.

This client could be a browser with a frontend, a code from someone else, an IoT device, etc.

You could need to tell the client that:

* The client doesn't have enough privileges for that operation.
* The client doesn't have access to that resource.
* The item the client was trying to access doesn't exist.
* etc.

Ayrıca, API'nızla iletişim kuran istemciler için otomatik olarak kod üretmekte de kullanabilirsiniz. Örneğin frontend, mobil veya IoT uygulamaları.

### `pyproject.toml` içinde uygulama `entrypoint`'ını yapılandırın { #configure-the-app-entrypoint-in-pyproject-toml }