# Request Forms and Files { #request-forms-and-files }

You can define files and form fields at the same time using `File` and `Form`.

/// info

To receive uploaded files and/or form data, first install <a href="https://github.com/Kludex/python-multipart" class="external-link" target="_blank">`python-multipart`</a>.

Make sure you create a [virtual environment](../virtual-environments.md){.internal-link target=_blank}, activate it, and then install it, for example:

# Custom Request and APIRoute class { #custom-request-and-apiroute-class }

In some cases, you may want to override the logic used by the `Request` and `APIRoute` classes.

In particular, this may be a good alternative to logic in a middleware.

For example, if you want to read or manipulate the request body before it is processed by your application.

/// danger

This is an "advanced" feature.

Marshmallow and Webargs provide validation, parsing and serialization as plug-ins.

But documentation is still missing. Then APISpec was created.

It is a plug-in for many frameworks (and there's a plug-in for Starlette too).

The way it works is that you write the definition of the schema using YAML format inside the docstring of each function handling a route.

And it generates OpenAPI schemas.

# Concurrency and async / await { #concurrency-and-async-await }

Details about the `async def` syntax for *path operation functions* and some background about asynchronous code, concurrency, and parallelism.

## In a hurry? { #in-a-hurry }

<abbr title="too long; didn't read"><strong>TL;DR:</strong></abbr>

If you are using third party libraries that tell you to call them with `await`, like:

```Python
results = await some_library()
```

In HTTP Basic Auth, the application expects a header that contains a username and a password.

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

A foundational Java library providing essential utilities and components for the CodeLibs project ecosystem. Built with Java 21 and optimized for modern Java development patterns including pattern matching, switch expressions, and sequenced collections.

## ✨ Features

### Core Utilities
- **Bean Manipulation** (`org.codelibs.core.beans`) - JavaBeans metadata handling, property access, and object conversion with comprehensive `BeanDesc` system

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verify the `username` and data shape { #verify-the-username-and-data-shape }

We verify that we get a `username`, and extract the scopes.

And then we validate that data with the Pydantic model (catching the `ValidationError` exception), and if we get an error reading the JWT token or validating the data with Pydantic, we raise the `HTTPException` we created before.

The API docs use **Swagger UI** and **ReDoc**, and each of those need some JavaScript and CSS files.

By default, those files are served from a <abbr title="Content Delivery Network: A service, normally composed of several servers, that provides static files, like JavaScript and CSS. It's commonly used to serve those files from the server closer to the client, improving performance.">CDN</abbr>.

# Conditional OpenAPI { #conditional-openapi }

If you needed to, you could use settings and environment variables to configure OpenAPI conditionally depending on the environment, and even disable it entirely.

## About security, APIs, and docs { #about-security-apis-and-docs }

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

Replication relies on immutability provided by versioning to sync objects between the configured source and replication target. Replication results in the object data, metadata, last modification time and version ID all being identical between the source and target. Thus version ordering is automatically guaranteed on the source and target clusters.

### Replication of object version and metadata