Aber konzentrieren wir uns zunächst auf die spezifischen Details, die wir benötigen.

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip | Tipp

Gemäß der Spezifikation sollten Sie ein JSON mit einem `access_token` und einem `token_type` zurückgeben, genau wie in diesem Beispiel.

Pero por ahora, enfoquémonos en los detalles específicos que necesitamos.

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip | Consejo

De acuerdo con la especificación, deberías devolver un JSON con un `access_token` y un `token_type`, igual que en este ejemplo.

		path, prefix, suffix string
		expected             string
	}{
		{"config/iam/groups/foo.json", "config/iam/groups/", ".json", "foo"},
		{"config/iam/groups/./foo.json", "config/iam/groups/", ".json", "foo"},
		{"config/iam/groups/foo/config.json", "config/iam/groups/", "/config.json", "foo"},
		{"config/iam/groups/foo/config.json", "config/iam/groups/", "config.json", "foo"},
	}
	for i, test := range specs {

const (
	// Means no response type.
	mimeNone mimeType = ""
	// Means response type is JSON.
	mimeJSON mimeType = "application/json"
	// Means response type is XML.
	mimeXML mimeType = "application/xml"
)

// writeSuccessResponseJSON writes success headers and response if any,
// with content-type set to `application/json`.
func writeSuccessResponseJSON(w http.ResponseWriter, response []byte) {

    fess.setAttribute('fess-url', '//<Server Name>/json');
    var s = document.getElementsByTagName('script')[0];
    s.parentNode.insertBefore(fess, s);
  })();
</script>
<fess:search></fess:search>
```

An example of Fess Site Search in use is below:

![Fess Site Search](https://fess.codelibs.org/_images/fess-ss-1.png "Fess Site Search")


### More Reading

```
https://www.external.org/events/invoices/2expen51ve
```

mit einem JSON-Body, der etwa Folgendes enthält:

```JSON
{
    "description": "Payment celebration",
    "paid": true
}
```

und sie würde eine Response von dieser *externen API* mit einem JSON-Body wie dem folgenden erwarten:

```JSON
{
    "ok": true
}
```

/// tip | Tipp

/// tip

In the next chapter, you will see a real secure implementation, with password hashing and <abbr title="JSON Web Tokens">JWT</abbr> tokens.

But for now, let's focus on the specific details we need.

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip

By the spec, you should return a JSON with an `access_token` and a `token_type`, the same as in this example.

///

## Декілька параметрів тіла запиту

У попередньому прикладі *операція шляху* очікувала JSON з атрибутами `Item`, наприклад:

```JSON
{
    "name": "Foo",
    "description": "The pretender",
    "price": 42.0,
    "tax": 3.2
}
```
Але Ви також можете оголосити декілька параметрів тіла, наприклад `item` та `user`:

* Documentación automática de modelos de datos con <a href="https://json-schema.org/" class="external-link" target="_blank"><strong>JSON Schema</strong></a> (ya que OpenAPI en sí mismo está basado en JSON Schema).
* Diseñado alrededor de estos estándares, tras un estudio meticuloso. En lugar de ser una capa adicional.

Então, o frontend (que roda no navegador) tentaria acessar `/openapi.json` e não conseguiria obter o OpenAPI schema.

Como temos um proxy com um prefixo de caminho de `/api/v1` para nossa aplicação, o frontend precisa buscar o OpenAPI schema em `/api/v1/openapi.json`.

```mermaid
graph LR

browser("Browser")