main [Tutorial - User Guide: Security](../../tutorial/security/index.md){.internal-link target=_blank}.

They are all based on the same concepts, but allow some extra functionalities....

And these same full-stack generators were the base of the [**FastAPI** Project Generators](project-generation.md){.internal-link target=_blank}.

!!! info
    Flask-apispec was created by the same Marshmallow developers.

!!! check "Inspired **FastAPI** to"
    Generate the OpenAPI schema automatically, from the same code that defines serialization and validation.

## Client and SDK Generators - Sponsor

There are also some **company-backed** Client and SDK generators based on OpenAPI (FastAPI), in some cases they can offer you **additional features** on top of high-quality generated SDKs/clients.

=== "Linux, macOS, Windows Bash"

    <div class="termy">

    ```console
    $ which pip

    some/directory/fastapi/env/bin/pip
    ```

    </div>

=== "Windows PowerShell"

    <div class="termy">

    ```console
    $ Get-Command pip

    some/directory/fastapi/env/bin/pip
    ```

    </div>

If it shows the `pip` binary at `env/bin/pip` then it worked. 🎉

    response = client.post(
        "/items/", json={"name": "Foo", "price": "50.5", "description": "Some Foo"}
    )
    assert response.status_code == 200
    assert response.json() == {
        "name": "Foo",
        "price": 50.5,
        "description": "Some Foo",
        "tax": None,
    }


@needs_py310
def test_post_with_str_float_description_tax(client: TestClient):

    response = client.post(
        "/items/", json={"name": "Foo", "price": "50.5", "description": "Some Foo"}
    )
    assert response.status_code == 200
    assert response.json() == {
        "name": "Foo",
        "price": 50.5,
        "description": "Some Foo",
        "tax": None,
    }


def test_post_with_str_float_description_tax(client: TestClient):
    response = client.post(

This is the basic idea. But you will probably want to take care of some additional things, like:

* Security - HTTPS
* Running on startup
* Restarts
* Replication (the number of processes running)
* Memory
* Previous steps before starting

You can combine normal FastAPI *path operations* with GraphQL on the same application.

!!! tip
    **GraphQL** solves some very specific use cases.

    It has **advantages** and **disadvantages** when compared to common **web APIs**.

    Make sure you evaluate if the **benefits** for your use case compensate the **drawbacks**. 🤓

## GraphQL Libraries

    {!> ../../../docs_src/response_model/tutorial002.py!}
    ```

Now, whenever a browser is creating a user with a password, the API will return the same password in the response.

In this case, it might not be a problem, because it's the same user sending the password.

But if we use the same model for another *path operation*, we could be sending our user's passwords to every client.

!!! danger

* It can then do something to that **request** or run any needed code.
* Then it passes the **request** to be processed by the rest of the application (by some *path operation*).
* It then takes the **response** generated by the application (by some *path operation*).
* It can do something to that **response** or run any needed code.
* Then it returns the **response**.

!!! note "Technical Details"