- type hints: annotations de type
- type annotations: annotations de type

- autocomplete: autocomplétion
- autocompletion: autocomplétion

- the request (what the client sends to the server): la requête
- the response (what the server sends back to the client): la réponse

- the request body: le corps de la requête
- the response body: le corps de la réponse

- path operation: chemin d'accès

So, let's review it from that simplified point of view:

* The user types the `username` and `password` in the frontend, and hits `Enter`.
* The frontend (running in the user's browser) sends that `username` and `password` to a specific URL in our API (declared with `tokenUrl="token"`).
* The API checks that `username` and `password`, and responds with a "token" (we haven't implemented any of this yet).

So, if your API user (the external developer) sends a request to *your API* to:

```
https://yourapi.com/invoices/?callback_url=https://www.external.org/events
```

with a JSON body of:

```JSON
{
    "id": "2expen51ve",
    "customer": "Mr. Richie Rich",
    "total": "9999"
}
```

* the performance: NOT die Performance
* the query: die Query
* the recap: die Zusammenfassung
* the request (what the client sends to the server): der Request
* the request body: der Requestbody
* the request bodies (plural): die Requestbodys
* the response (what the server sends back to the client): die Response
* the return type: der Rückgabetyp
* the return value: der Rückgabewert

///

## About "Form Fields" { #about-form-fields }

The way HTML forms (`<form></form>`) sends the data to the server normally uses a "special" encoding for that data, it's different from JSON.

**FastAPI** will make sure to read that data from the right place instead of JSON.

/// note | Technical Details

                }
            });
        } catch (final Exception e) {
            logger.warn("Failed to write thread dump: file={}", file, e);
        }
    }

    /**
     * Processes all thread information and sends it to the provided consumer.
     *
     * @param writer the consumer that will handle each line of thread dump output
     */
    public static void processThreadDump(final Consumer<String> writer) {

Then the malicious website could make the local AI agent send angry messages to the user's ex-boss... or worse. 😅

## Open Internet { #open-internet }

If your app is in the open internet, you wouldn't "trust the network" and let anyone send privileged requests without authentication.

    /**
     * Apply inbound settings and send an acknowledgement to the peer that provided them.
     *
     * We need to apply the settings and ack them atomically. This is because some HTTP/2
     * implementations (nghttp2) forbid peers from taking advantage of settings before they have
     * acknowledged! In particular, we shouldn't send frames that assume a new `initialWindowSize`
     * until we send the frame that acknowledges this new size.

        if (dotIndex >= 0) {
            final String extension = path.substring(dotIndex);
            return STATIC_EXTENSIONS.contains(extension);
        }
        return false;
    }

    /**
     * Sends a 429 JSON response for API requests.
     * @param response the HTTP response
     * @throws IOException if an I/O error occurs
     */

            """
        ),
    ] = None
    raw_data: Annotated[
        str | None,
        Doc(
            """
            Raw string to send as the `data:` field **without** JSON encoding.

            Use this when you need to send pre-formatted text, HTML fragments,
            CSV lines, or any non-JSON payload. The string is placed directly
            into the `data:` field as-is.