There are 2 main differences from a normal *path operation*:

* It doesn't need to have any actual code, because your app will never call this code. It's only used to document the *external API*. So, the function could just have `pass`.

### Include the custom docs { #include-the-custom-docs }

Now you can create the *path operations* for the custom docs.

You can reuse FastAPI's internal functions to create the HTML pages for the docs, and pass them the needed arguments:

* `openapi_url`: the URL where the HTML page for the docs can get the OpenAPI schema for your API. You can use here the attribute `app.openapi_url`.
* `title`: the title of your API.

            verify(mockRenewableCredentials, never()).renew(); // Ensure renewable path was not taken
        }
    }

    @Test
    @DisplayName("Should pass SmbAuthException to NtlmAuthenticator.requestNtlmPasswordAuthentication")
    void testRenewCredentials_WithSmbAuthException() {
        SmbAuthException mockSmbAuthException = mock(SmbAuthException.class);

For that you need to access the request directly.

{* ../../docs_src/using_request_directly/tutorial001.py hl[1,7:8] *}

By declaring a *path operation function* parameter with the type being the `Request` **FastAPI** will know to pass the `Request` in that parameter.

/// tip

Note that in this case, we are declaring a path parameter beside the request parameter.

///

## Recap { #recap }

You can use Pydantic's `Field` to declare extra validations and metadata for model attributes.

            tarExtractor.setMaxContentSize(100);
            tarExtractor.getText(in, null);
            fail();
        } catch (MaxLengthExceededException e) {
            // pass
        }
        tarExtractor.setMaxContentSize(-1);
    }

    public void test_getText_null() {
        try {
            tarExtractor.getText(null, null);
            fail();

#### Password hashing { #password-hashing }

"Hashing" means: converting some content (a password in this case) into a sequence of bytes (just a string) that looks like gibberish.

Whenever you pass exactly the same content (exactly the same password) you get exactly the same gibberish.

But you cannot convert from the gibberish back to the password.

##### Why use password hashing { #why-use-password-hashing }

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-NginX-Proxy true;

            # This is necessary to pass the correct IP to be hashed
            real_ip_header X-Real-IP;

            proxy_connect_timeout 300;
            
            # To support websocket
            proxy_http_version 1.1;

But if you are certain that the content that you are returning is **serializable with JSON**, you can pass it directly to the response class and avoid the extra overhead that FastAPI would have by passing your return content through the `jsonable_encoder` before passing it to the response class.

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-NginX-Proxy true;

            # This is necessary to pass the correct IP to be hashed
            real_ip_header X-Real-IP;

            proxy_connect_timeout 300;
            
            # To support websocket
            proxy_http_version 1.1;