* This is a required field for identifying which boost document to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this boost document configuration.
     * Used for audit trail purposes to track who made changes.
     */
    @Size(max = 1000)
    public String updatedBy;

    /**

     * This is a required field for identifying which file authentication entry to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this file authentication configuration.
     * Used for audit trail purposes to track who made changes.
     * Maximum length is 255 characters.
     */
    @Size(max = 255)
    public String updatedBy;

     * This is a required field for identifying which file config to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this file configuration.
     * Used for audit trail purposes to track who made changes.
     */
    @Size(max = 1000)
    public String updatedBy;

    /**

     * This is a required field for identifying which key match to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this key match configuration.
     * Used for audit trail purposes to track who made changes.
     * Maximum length is 255 characters.
     */
    @Size(max = 255)
    public String updatedBy;

    /**

     * This is a required field for identifying which web config to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this web configuration.
     * Used for audit trail purposes to track who made changes.
     */
    @Size(max = 1000)
    public String updatedBy;

    /**

    public String toString() {
        return "UserInfo [createdAt=" + createdAt + ", updatedAt=" + updatedAt + ", docMeta=" + docMeta + "]";
    }

    @Override
    public String getEventType() {
        return "user";
    }

     *            NT password hash
     */
    public NtlmNtHashAuthenticator(final String domain, final String username, final byte[] passwordHash) {
        super(domain, username, (String) null, AuthenticationType.USER);
        if (passwordHash == null || passwordHash.length != 16) {
            throw new IllegalArgumentException("Password hash must be provided, expected length 16 byte");
        }
        this.ntHash = passwordHash;
    }

    tokens = json.loads(id_token_response.text)
    id_token = tokens['id_token']

    response = sts_client.assume_role_with_web_identity(
        RoleArn='arn:aws:iam::123456789012:user/svc-internal-api',
        RoleSessionName='test',
        WebIdentityToken=id_token,
        DurationSeconds=3600
    )

    s3_resource = boto3.resource('s3',

It would also mean that if you get data from the `Request` object directly (for example, read the body) it won't be validated, converted or documented (with OpenAPI, for the automatic API user interface) by FastAPI.

Although any other parameter declared normally (for example, the body with a Pydantic model) would still be validated, converted, annotated, etc.

## About security, APIs, and docs { #about-security-apis-and-docs }

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.