tblib == 2.0.0
ml_dtypes >= 0.5.1, < 0.6.0
auditwheel >= 6.1.0
# Install tensorboard, and keras
# Note that here we want the latest version that matches TF major.minor version
# Note that we must use nightly here as these are used in nightly jobs
# For release jobs, we will pin these on the release branch
keras-nightly ~= 3.10.0.dev
tb-nightly ~= 2.20.0.a
# For new protobuf, if V.x.y is gencode version, then runtime version U must be
# V <= U <= V+1

tblib == 2.0.0
ml_dtypes >= 0.5.1, < 0.6.0
auditwheel >= 6.1.0
# Install tensorboard, and keras
# Note that here we want the latest version that matches TF major.minor version
# Note that we must use nightly here as these are used in nightly jobs
# For release jobs, we will pin these on the release branch
keras-nightly ~= 3.10.0.dev
tb-nightly ~= 2.20.0.a
# For new protobuf, if V.x.y is gencode version, then runtime version U must be
# V <= U <= V+1

Using these `dependencies` in the *path operation decorator* you can make sure they are executed while avoiding editor/tooling errors.

It might also help avoid confusion for new developers that see an unused parameter in your code and could think it's unnecessary.

///

/// info

In this example we use invented custom headers `X-Key` and `X-Token`.

/// note

It's common that each authentication provider names their flows in a different way, to make it part of their brand.

But in the end, they are implementing the same OAuth2 standard.

///

**FastAPI** includes utilities for all these OAuth2 authentication flows in `fastapi.security.oauth2`.

## `Security` in decorator `dependencies` { #security-in-decorator-dependencies }

# Additional Responses in OpenAPI { #additional-responses-in-openapi }

/// warning

This is a rather advanced topic.

If you are starting with **FastAPI**, you might not need this.

///

You can declare additional responses, with additional status codes, media types, descriptions, etc.

Those additional responses will be included in the OpenAPI schema, so they will also appear in the API docs.

This style of using `async` and `await` is relatively new in the language.

But it makes working with asynchronous code a lot easier.

This same syntax (or almost identical) was also included recently in modern versions of JavaScript (in Browser and NodeJS).

But before that, handling asynchronous code was quite more complex and difficult.

But because of our changes in `GzipRequest.body`, the request body will be automatically decompressed when it is loaded by **FastAPI** when needed.

## Accessing the request body in an exception handler { #accessing-the-request-body-in-an-exception-handler }

/// tip

Now, when the clients **create a new hero**, they will send the `secret_name`, it will be stored in the database, but those secret names won't be returned in the API to the clients.

/// tip

This is how you would handle **passwords**. Receive them, but don't return them in the API.

You would also **hash** the values of the passwords before storing them, **never store them in plain text**.

///

The fields of `HeroCreate` are:

* `name`

And they send a request with a username `johndoe` and a password `love123`.

Then the Python code in your application would be equivalent to something like:

```Python
if "johndoe" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

///

/// tip

If you want to call `async` functions in your tests apart from sending requests to your FastAPI application (e.g. asynchronous database functions), have a look at the [Async Tests](../advanced/async-tests.md){.internal-link target=_blank} in the advanced tutorial.

///

## Separating tests { #separating-tests }

In a real application, you probably would have your tests in a different file.