* <a href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@5.9.0/swagger-ui.css" class="external-link" target="_blank">`swagger-ui.css`</a>

Und **ReDoc** verwendet diese Datei:

* <a href="https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js" class="external-link" target="_blank">`redoc.standalone.js`</a>

Danach könnte Ihre Dateistruktur wie folgt aussehen:

```
.
├── app
│   ├── __init__.py
│   ├── main.py

The main [Tutorial - User Guide](../tutorial/index.md){.internal-link target=_blank} should be enough to give you a tour through all the main features of **FastAPI**.

In the next sections you will see other options, configurations, and additional features.

!!! tip
    The next sections are **not necessarily "advanced"**.

    And it's possible that for your use case, the solution is in one of them.

## Read the Tutorial first

* <a href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@3/swagger-ui.css" class="external-link" target="_blank">`swagger-ui.css`</a>

**ReDoc** 使用如下文件：

* <a href="https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js" class="external-link" target="_blank">`redoc.standalone.js`</a>

保存好后，文件架构所示如下：

```
.
├── app
│   ├── __init__.py
│   ├── main.py
└── static

    assert "window.opener.swaggerUIRedirectOauth2" in response.text


def test_redoc_html(client: TestClient):
    response = client.get("/redoc")
    assert response.status_code == 200, response.text
    assert "https://unpkg.com/redoc@next/bundles/redoc.standalone.js" in response.text


def test_api(client: TestClient):
    response = client.get("/users/john")

        "openapi": "3.1.0",
        "info": {"title": "FastAPI", "version": "0.1.0"},
        "paths": {
            "/items/next": {
                "get": {
                    "summary": "Read Next Item",
                    "operationId": "read_next_item_items_next_get",
                    "responses": {
                        "200": {
                            "description": "Successful Response",

!!! info
    In this example we use invented custom headers `X-Key` and `X-Token`.

    But in real cases, when implementing security, you would get more benefits from using the integrated [Security utilities (the next chapter)](../security/index.md){.internal-link target=_blank}.

## Dependencies errors and return values

You can use the same dependency *functions* you use normally.

### Dependency requirements

!!! note
    Some response codes (see the next section) indicate that the response does not have a body.

    FastAPI knows this, and will produce OpenAPI docs that state there is no response body.

## About HTTP status codes

!!! note
    If you already know what HTTP status codes are, skip to the next section.

In HTTP, you send a numeric status code of 3 digits as part of the response.

The only new thing is the `callbacks=invoices_callback_router.routes` as an argument to the *path operation decorator*. We'll see what that is next.

## Documenting the callback

The actual callback code will depend heavily on your own API app.

And it will probably vary a lot from one app to the next.

It could be just one or two lines of code, like:

```Python
callback_url = "https://example.com/api/v1/invoices/events/"

    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)


def fake_decode_token(token):
    # This doesn't provide any security at all
    # Check the next version
    user = get_user(fake_users_db, token)
    return user


async def get_current_user(token: str = Depends(oauth2_scheme)):
    user = fake_decode_token(token)
    if not user:
        raise HTTPException(

But first, let's check some small concepts.

## In a hurry?

If you don't care about any of these terms and you just need to add security with authentication based on username and password *right now*, skip to the next chapters.

## OAuth2

OAuth2 is a specification that defines several ways to handle authentication and authorization.

It is quite an extensive specification and covers several complex use cases.