Then your API will (let's imagine):

* Send the invoice to some customer of the external developer.
* Collect the money.
* Send a notification back to the API user (the external developer).
    * This will be done by sending a POST request (from *your API*) to some *external API* provided by that external developer (this is the "callback").

	// If x-amz-content-sha256 is set and the value is not
	// 'UNSIGNED-PAYLOAD' we should validate the content sha256.
	switch v[0] {
	case unsignedPayload, unsignedPayloadTrailer:
		return true
	case emptySHA256:
		// some broken clients set empty-sha256
		// with > 0 content-length in the body,
		// we should skip such clients and allow
		// blindly such insecure clients only if
		// S3 strict compatibility is disabled.

     * is given by {@link #getSource()}.
     *
     * @return the one-based index of the line containing the problem or a non-positive value if unknown
     */
    int getLineNumber();

    /**
     * Gets the one-based index of the column containing the problem. The column number should refer to some text file
     * that is given by {@link #getSource()}.
     *

     * <syntax>project.distributionManagementArtifactRepository</syntax>
     * <origin><![CDATA[
     * <distributionManagement>
     * <repository>
     * <id>some-repo</id>
     * <url>scp://host/path</url>
     * </repository>
     * <snapshotRepository>
     * <id>some-snap-repo</id>
     * <url>scp://host/snapshot-path</url>
     * </snapshotRepository>
     * </distributionManagement>
     * ]]></origin>
     * <usage><![CDATA[

        assertDoesNotThrow(() -> bufferManager.cleanup());

        // After cleanup, all regions should be released (but the count may not match exactly
        // if some regions were pooled rather than immediately released)
        assertTrue(bufferManager.getTotalReleased() > 0, "Some regions should be released during cleanup");
        assertEquals(allocatedBeforeCleanup, bufferManager.getTotalReleased(),

## Forbid Extra Query Parameters { #forbid-extra-query-parameters }

In some special use cases (probably not very common), you might want to **restrict** the query parameters that you want to receive.

You can use Pydantic's model configuration to `forbid` any `extra` fields:

{* ../../docs_src/query_param_models/tutorial002_an_py310.py hl[10] *}

#   Googlers should replace "nightly_upload" with "public_cache,disk_cache" or
#   "rbe", if you have set up your system to use RBE (see further below).
#
# Here is how to choose your TFCI value:
# 1. A Python version must come first, because other scripts reference it.
#      Ex. py39  -- Python 3.9
#      Ex. py310 -- Python 3.10
#      Ex. py311 -- Python 3.11
#      Ex. py312 -- Python 3.12

the `AssumeRoleWithCustomToken` STS API extension. A user or application can now present a token to the `AssumeRoleWithCustomToken` API, and MinIO verifies this token by sending it to the Identity Management Plugin webhook. This plugin responds with some information and MinIO is able to generate temporary STS credentials to interact with object storage.

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification....

        // 4 (dataCount) + 4 (dataOffset) + 1 (setupCount) + 2 (function)
        assertEquals(38, bytesWritten, "Number of bytes written should be 38 for primary transaction");

        // Verify some key values
        assertEquals(smbComNtTransaction.maxSetupCount, dst[0], "maxSetupCount should be written correctly");
        assertEquals(smbComNtTransaction.totalParameterCount, SmbComTransaction.readInt4(dst, 3),

# Custom Request and APIRoute class { #custom-request-and-apiroute-class }

In some cases, you may want to override the logic used by the `Request` and `APIRoute` classes.

In particular, this may be a good alternative to logic in a middleware.

For example, if you want to read or manipulate the request body before it is processed by your application.

/// danger

This is an "advanced" feature.