* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.
* It returns an object of type `HTTPBasicCredentials`:
    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:

    val response = call.execute()
    assertThat(response.body.string()).isEqualTo("ABC")
    assertThat(response.protocol).isEqualTo(protocol)

    // Confirm a single ping was sent and received, and its reply was sent and received.
    val logs = testLogHandler.takeAll()
    assertThat(countFrames(logs, "FINE: >> 0x00000000     8 PING          "))
      .isEqualTo(1)

        }

        if (tlsVersions.contains(TLS_1_3)) {
          println("TLSv1.3 requires an external command run before first traffic is sent")
          println("Follow instructions at https://github.com/neykov/extract-tls-secrets for TLSv1.3")
          println("Pid: ${ProcessHandle.current().pid()}")

          Thread.sleep(10000)
        }
      }

         * the 'received' member of the response object will not
         * be set to true indicating the send and sendTransaction
         * methods that the next part should be sent. This is a
         * very indirect and simple batching control mechanism.
         */

        if( andx == null || USE_BATCHING == false ||
                                batchLevel >= getBatchLimit( andx.command )) {

- `aws:PrincipalType` - This value indicates whether the principal is an account (Root credential), user (MinIO user), or assumed role (STS)
- `aws:SecureTransport` - This is a Boolean value that represents whether the request was sent over TLS.
- `aws:SourceIp` - This is the requester's IP address, for use with IP address conditions. If running behind Nginx like proxies, MinIO preserve's the source IP.

```
{
  "Version": "2012-10-17",

# Request Body

When you need to send data from a client (let's say, a browser) to your API, you send it as a **request body**.

A **request** body is data sent by the client to your API. A **response** body is the data your API sends to the client.

Your API almost always has to send a **response** body. But clients don't necessarily need to send **request bodies** all the time, sometimes they only request a path, maybe with some query parameters, but don't send a body.

	SubnetAPIKey = "x-subnet-api-key"
)

// Common http query params S3 API
const (
	VersionID = "versionId"

	PartNumber = "partNumber"

	UploadID = "uploadId"
)

// http headers sent to webhook targets
const (
	// Reports the version of MinIO server
	MinIOVersion             = "x-minio-version"
	WebhookEventPayloadCount = "x-minio-webhook-payload-count"

      connectionSpecIndex = -1,
      isTlsFallback = false,
    )
  }

  /**
   * Returns a request that creates a TLS tunnel via an HTTP proxy. Everything in the tunnel request
   * is sent unencrypted to the proxy server, so tunnels include only the minimum set of headers.
   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *

          "interval": "1m",
          "intervalFactor": 2,
          "legendFormat": "Data Sent [{{bucket}}]",
          "refId": "A"
        }
      ],
      "title": "Total Data Sent Rate",
      "type": "timeseries"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "${DS_PROMETHEUS}"
      },

var ErrDone = errors.New("done for now")

var ErrRemoteRestart = errors.New("remote restarted")


// Stateless connects to the remote handler and return all packets sent back.
// If the remote is restarted will return ErrRemoteRestart.
// If nil will be returned remote call sent EOF or ErrDone is returned by the callback.
// If ErrDone is returned on cb nil will be returned.