│   └── main.py
```

In the file `main.py` you have your **FastAPI** app:


```Python
{!../../docs_src/app_testing/main.py!}
```

### Testing file

Then you could have a file `test_main.py` with your tests. It could live on the same Python package (the same directory with a `__init__.py` file):

``` hl_lines="5"
.
├── app
│   ├── __init__.py
│   ├── main.py
│   └── test_main.py
```

So, you could add additional data to the automatically generated schema.

For example, you could decide to read and validate the request with your own code, without using the automatic features of FastAPI with Pydantic, but you could still want to define the request in the OpenAPI schema.

You could do that with `openapi_extra`:

```Python hl_lines="19-36  39-40"

     * @return The deserialized model, never {@code null}.
     * @throws IOException If the model could not be deserialized.
     * @throws ModelParseException If the input format could not be parsed.
     * @deprecated Use {@link #read(Path, Map)} instead.
     */
    @Deprecated
    Model read(File input, Map<String, ?> options) throws IOException, ModelParseException;

     *
     * @param originatingArtifact the artifact that was being resolved
     * @param resolvedArtifacts   artifacts that could be resolved
     * @param missingArtifacts    artifacts that could not be resolved
     * @param remoteRepositories  remote repositories where the missing artifacts were not found
     */
    public MultipleArtifactsNotFoundException(

            final InputStreamThread ist = jobProcess.getInputStreamThread();
            try {
                ist.interrupt();
            } catch (final Exception e) {
                logger.warn("Could not interrupt a thread of an input stream.", e);
            }

            final CountDownLatch latch = new CountDownLatch(3);
            final Process process = jobProcess.getProcess();
            new Thread(() -> {

Downloading and installing the package dependencies **could take minutes**, but using the **cache** would **take seconds** at most.

And as you would be building the container image again and again during development to check that your code changes are working, there's a lot of accumulated time this would save.

<img src="/img/tutorial/extending-openapi/image03.png">

## Change the Theme

The same way you could set the syntax highlighting theme with the key `"syntaxHighlight.theme"` (notice that it has a dot in the middle):

{* ../../docs_src/configure_swagger_ui/tutorial002.py hl[3] *}

That configuration would change the syntax highlighting color theme:

<img src="/img/tutorial/extending-openapi/image04.png">

Hiding the documentation just makes it more difficult to understand how to interact with your API, and could make it more difficult for you to debug it in production. It could be considered simply a form of <a href="https://en.wikipedia.org/wiki/Security_through_obscurity" class="external-link" target="_blank">Security through obscurity</a>.

If you want to secure your API, there are several better things you can do, for example:

     */
    @Nonnull
    SettingsBuilderResult build(@Nonnull SettingsBuilderRequest request);

    /**
     * Builds the effective settings of the specified settings sources.
     *
     * @return the result of the settings building, never {@code null}
     * @throws SettingsBuilderException if the effective settings could not be built
     */
    @Nonnull

And then, you could give that JWT token to a user (or bot), and they could use it to perform those actions (drive the car, or edit the blog post) without even needing to have an account, just with the JWT token your API generated for that.

Using these ideas, JWT can be used for way more sophisticated scenarios.

In those cases, several of those entities could have the same ID, let's say `foo` (a user `foo`, a car `foo`, and a blog post `foo`).