"summary": "Login",
                    "operationId": "login_login__post",
                    "requestBody": {
                        "content": {
                            "application/x-www-form-urlencoded": {
                                "schema": {"$ref": "#/components/schemas/FormData"}
                            }
                        },
                        "required": True,
                    },

        def fetch_credentials():
            # HTTP headers are case insensitive filter out
            # all duplicate headers and pick one.
            headers = {}
            headers['content-type'] = 'application/x-www-form-urlencoded'
            headers['authorization'] = urllib3.make_headers(
                basic_auth='%s:%s' % (self.cid, self.csec))['authorization']

            response = self._http.urlopen('POST', self.idp_ep,

   * between pads, hoping that the JVM doesn't reorder them.
   *
   * <p>JVM intrinsics note: It would be possible to use a release-only form of CAS here, if it were
   * provided.
   */
  static final class Cell {
    volatile long p0, p1, p2, p3, p4, p5, p6;
    volatile long value;
    volatile long q0, q1, q2, q3, q4, q5, q6;

        <codeSegment>
          <version>1.0.0+</version>
          <code>
            <![CDATA[
    /**
     * Gets the identifier of the extension.
     *
     * @return The extension id in the form {@code <groupId>:<artifactId>:<version>}, never {@code null}.
     */
    public String getId() {
        return (getGroupId() == null ? "[unknown-group-id]" : getGroupId())

  For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it.  However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on

	data.Set("grant_type", "client_credentials")
	req, err := http.NewRequest(http.MethodPost, idpEndpoint, strings.NewReader(data.Encode()))
	if err != nil {
		return nil, err
	}
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.SetBasicAuth(clientID, clientSecret)
	t := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,
		},
	}
	hclient := http.Client{
		Transport: t,
	}

                    "summary": "Login",
                    "operationId": "login_login__post",
                    "requestBody": {
                        "content": {
                            "application/x-www-form-urlencoded": {
                                "schema": {"$ref": "#/components/schemas/FormData"}
                            }
                        },
                        "required": True,
                    },

/** File generated by Grunt -- do not modify
 *  JQUERY-FORM-VALIDATOR
 *
 *  @version 2.3.77
 *  @website http://formvalidator.net/
 *  @author Victor Jonsson, http://victorjonsson.se
 *  @license MIT
 */

Hiding the documentation just makes it more difficult to understand how to interact with your API, and could make it more difficult for you to debug it in production. It could be considered simply a form of <a href="https://en.wikipedia.org/wiki/Security_through_obscurity" class="external-link" target="_blank">Security through obscurity</a>.

If you want to secure your API, there are several better things you can do, for example:

                    "summary": "Login",
                    "operationId": "login_token_post",
                    "requestBody": {
                        "content": {
                            "application/x-www-form-urlencoded": {
                                "schema": {
                                    "$ref": "#/components/schemas/Body_login_token_post"
                                }
                            }