# OpenAPI Callbacks { #openapi-callbacks }

You could create an API with a *path operation* that could trigger a request to an *external API* created by someone else (probably the same developer that would be *using* your API).

Now, let's see how you could use that to return a custom response.

Let's say that you want to return an <a href="https://en.wikipedia.org/wiki/XML" class="external-link" target="_blank">XML</a> response.

That way the session would release the database connection, so other requests could use it.

It has a `GET` operation that could return an error.

It has a `POST` operation that could return several errors.

Both *path operations* require an `X-Token` header.

{* ../../docs_src/app_testing/app_b_an_py310/main.py *}

### Extended testing file { #extended-testing-file }

You could then update `test_main.py` with the extended tests:

This client could be a browser with a frontend, a code from someone else, an IoT device, etc.

You could need to tell the client that:

* The client doesn't have enough privileges for that operation.
* The client doesn't have access to that resource.
* The item the client was trying to access doesn't exist.
* etc.

If there's a security flaw in your code, it will still exist.

Hiding the documentation just makes it more difficult to understand how to interact with your API, and could make it more difficult for you to debug it in production. It could be considered simply a form of <a href="https://en.wikipedia.org/wiki/Security_through_obscurity" class="external-link" target="_blank">Security through obscurity</a>.

But for the generated client, we could **modify** the OpenAPI operation IDs right before generating the clients, just to make those method names nicer and **cleaner**.

We could download the OpenAPI JSON to a file `openapi.json` and then we could **remove that prefixed tag** with a script like this:

{* ../../docs_src/generate_clients/tutorial004_py39.py *}

///

And then the `admin_email` setting would be set to `"******@****.***"`.

The `app_name` would be `"ChimichangApp"`.

And the `items_per_user` would keep its default value of `50`.

## Settings in another module { #settings-in-another-module }

## Custom CDN for JavaScript and CSS { #custom-cdn-for-javascript-and-css }

Let's say that you want to use a different <abbr title="Content Delivery Network">CDN</abbr>, for example you want to use `https://unpkg.com/`.

This could be useful if for example you live in a country that restricts some URLs.

### Disable the automatic docs { #disable-the-automatic-docs }

The first step is to disable the automatic docs, as by default, those use the default CDN.

<img src="/img/tutorial/extending-openapi/image03.png">

## Change the Theme { #change-the-theme }

The same way you could set the syntax highlighting theme with the key `"syntaxHighlight.theme"` (notice that it has a dot in the middle):

{* ../../docs_src/configure_swagger_ui/tutorial002_py39.py hl[3] *}

That configuration would change the syntax highlighting color theme:

<img src="/img/tutorial/extending-openapi/image04.png">