It was created to generate the HTML in the backend, not to create APIs used by a modern frontend (like React, Vue.js and Angular) or by other systems (like <abbr title="Internet of Things">IoT</abbr> devices) communicating with it.

They are normally used to declare specific security permissions, for example:

* `users:read` or `users:write` are common examples.
* `instagram_basic` is used by Facebook / Instagram.
* `https://www.googleapis.com/auth/drive` is used by Google.

/// info

In OAuth2 a "scope" is just a string that declares a specific permission required.

It doesn't matter if it has other characters like `:` or if it is a URL.

* It takes each **request** that comes to your application.
* It can then do something to that **request** or run any needed code.
* Then it passes the **request** to be processed by the rest of the application (by some *path operation*).
* It then takes the **response** generated by the application (by some *path operation*).

We shouldn't let that happen, they could overwrite an `id` we already have assigned in the DB. Deciding the `id` should be done by the **backend** or the **database**, **not by the client**.

Additionally, we create a `secret_name` for the hero, but so far, we are returning it everywhere, that's not very **secret**... 😅

We'll fix these things by adding a few **extra models**. Here's where SQLModel will shine. ✨

    /**
     * Returned by {@link jcifs.SmbResource#getType()} if the resource this <code>SmbFile</code>
     * represents is a server.
     */
    int TYPE_SERVER = 0x04;
    /**
     * Returned by {@link jcifs.SmbResource#getType()} if the resource this <code>SmbFile</code>
     * represents is a share.
     */
    int TYPE_SHARE = 0x08;
    /**

        final SuppressErrorReportValve newValve = new SuppressErrorReportValve();

        // Verify both settings are disabled by default
        assertFalse("ShowReport should be disabled by default", newValve.isShowReport());
        assertFalse("ShowServerInfo should be disabled by default", newValve.isShowServerInfo());
    }

    public void test_multipleInstancesHaveIndependentSettings() {

			Used:   float64(diskStats[i].TotalSpace-diskStats[i].AvailableSpace) / float64(diskStats[i].TotalSpace),
		}
		if !ps.Participating {
			continue
		}
		// for participating pools, total bytes to be rebalanced by this pool is given by,
		// pf_c = (f_i + x)/c_i,
		// pf_c - percentage free space across pools, f_i - ith pool's free space, c_i - ith pool's capacity
		// i.e. x = c_i*pfc -f_i

If the client tries to go to `/items`, by default, it would be redirected to `/items/`.

But before setting the *CLI Option* `--forwarded-allow-ips` it could redirect to `http://localhost:8000/items/`.

But maybe your application is hosted at `https://mysuperapp.com`, and the redirection should be to `https://mysuperapp.com/items/`.

Up to now, you have been declaring the parts of the request that you need with their types.

Taking data from:

* The path as parameters.
* Headers.
* Cookies.
* etc.

And by doing so, **FastAPI** is validating that data, converting it and generating documentation for your API automatically.

But there are situations where you might need to access the `Request` object directly.

# Custom Request and APIRoute class { #custom-request-and-apiroute-class }

In some cases, you may want to override the logic used by the `Request` and `APIRoute` classes.

In particular, this may be a good alternative to logic in a middleware.

For example, if you want to read or manipulate the request body before it is processed by your application.

/// danger

This is an "advanced" feature.