* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.
* It returns an object of type `HTTPBasicCredentials`:
    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:

## Request and Response

MinIO will make a `POST` request with a JSON body to the given plugin URL. If the auth token parameter is set, it will be sent as an authorization header.

The JSON body structure can be seen from this sample:

<details><summary>Request Body Sample</summary>

```json
{
  "input": {
    "account": "minio",

            self.add_route(self.redoc_url, redoc_html, include_in_schema=False)

    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
        if self.root_path:
            scope["root_path"] = self.root_path
        await super().__call__(scope, receive, send)

    def add_api_route(
        self,
        path: str,
        endpoint: Callable[..., Any],
        *,

     */
    public void reset() {
        rdmaReads.set(0);
        rdmaWrites.set(0);
        rdmaSends.set(0);
        rdmaReceives.set(0);
        bytesTransferred.set(0);
        operationErrors.set(0);
        connectionsCreated.set(0);
        connectionsActive.set(0);
        memoryRegionsAllocated.set(0);
        memoryRegionsActive.set(0);
        totalReadTime.set(0);
        totalWriteTime.set(0);

					done()
					if ok {
						root := cache.find(bucket)
						if root == nil {
							// We dont have usage information for this bucket in this
							// set, go to the next set
							continue
						}

						for id, usageInfo := range cache.flattenChildrens(*root) {
							prefix := decodeDirObject(strings.TrimPrefix(id, bucket+slashSeparator))

        return creditsGranted;
    }

    /**
     * Set the number of send credits granted
     *
     * @param creditsGranted credits to grant
     */
    public void setCreditsGranted(int creditsGranted) {
        this.creditsGranted = creditsGranted;
    }

    /**
     * Get the number of send credits requested
     *
     * @return credits requested
     */

			// parameter for a streaming signature which is set
			// to a custom value for example: "aws-chunked,gzip".
			metadata[strings.ToLower(xhttp.ContentEncoding)] = contentEncoding
		} else {
			// Trimmed content encoding is empty when the header
			// value is set to "aws-chunked" only.

			// Make sure to delete the content-encoding parameter
			// for a streaming signature which is set to value
			// for example: "aws-chunked"

	// Verify if region is valid.
	sRegion := cred.scope.region
	// Region is set to be empty, we use whatever was sent by the
	// request and proceed further. This is a work-around to address
	// an important problem for ListBuckets() getting signed with
	// different regions.
	if region == "" {
		region = sRegion
	}
	// Should validate region, only if region is set.
	if !isValidRegion(sRegion, region) {

	Op         Op        // Operation. Other fields change based on this value.
	Flags      Flags     // Optional flags.
	Payload    []byte    // Optional payload.
}

// Flags is a set of flags set on a message.
type Flags uint8

func (m message) String() string {
	var res []string
	if m.MuxID != 0 {
		res = append(res, fmt.Sprintf("MuxID: %v", m.MuxID))
	}
	if m.Seq != 0 {

# Request Body { #request-body }

When you need to send data from a client (let's say, a browser) to your API, you send it as a **request body**.

A **request** body is data sent by the client to your API. A **response** body is the data your API sends to the client.