## Verifique os Documentos { #check-the-docs }

Você pode ver os parâmetros de consulta nos documentos de IU em `/docs`:

<div class="screenshot">
<img src="/img/tutorial/query-param-models/image01.png">
</div>

## Restrinja Parâmetros de Consulta Extras { #forbid-extra-query-parameters }

`TestClient` 是基于 <a href="https://www.python-httpx.org" class="external-link" target="_blank">HTTPX</a> 的。幸运的是，我们可以直接使用它来测试API。

## 示例

举个简单的例子，让我们来看一个[更大的应用](../tutorial/bigger-applications.md){.internal-link target=_blank}和[测试](../tutorial/testing.md){.internal-link target=_blank}中描述的类似文件结构：

```
.
├── app
│   ├── __init__.py
│   ├── main.py
│   └── test_main.py
```

文件 `main.py` 将包含:

///

<img src="/img/tutorial/security/image08.png">

Rufen Sie den Endpunkt `/users/me/` auf, Sie erhalten die Response:

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">

<img src="/img/tutorial/security/image07.png">

Autoriza la aplicación de la misma manera que antes.

Usando las credenciales:

Usuario: `johndoe`
Contraseña: `secret`

/// check | Revisa

Observa que en ninguna parte del código está la contraseña en texto claro "`secret`", solo tenemos la versión con hash.

///

<img src="/img/tutorial/security/image08.png">

    page.get_by_role("button", name="Item", exact=True).click()
    page.set_viewport_size({"width": 960, "height": 700})
    # Manually add the screenshot
    page.screenshot(
        path="docs/en/docs/img/tutorial/separate-openapi-schemas/image05.png"
    )

    # ---------------------
    context.close()
    browser.close()


process = subprocess.Popen(

## Exemplo { #example }

Para um exemplos simples, vamos considerar uma estrutura de arquivos semelhante ao descrito em [Bigger Applications](../tutorial/bigger-applications.md){.internal-link target=_blank} e [Testing](../tutorial/testing.md){.internal-link target=_blank}:

```
.
├── app
│   ├── __init__.py
│   ├── main.py
│   └── test_main.py
```

O arquivo `main.py` teria:

///

It will:

* Return that status code in the response.
* Document it as such in the OpenAPI schema (and so, in the user interfaces):

<img src="/img/tutorial/response-status-code/image01.png">

/// note

Some response codes (see the next section) indicate that the response does not have a body.

Alle in OpenAPI definierten Sicherheitsschemas, inklusive:

* HTTP Basic.
* **OAuth2** (auch mit **JWT Tokens**). Siehe dazu das Tutorial zu [OAuth2 mit JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}.
* API Schlüssel in:
    * Headern.
    * Query-Parametern.
    * Cookies, usw.

All the security schemes defined in OpenAPI, including:

* HTTP Basic.
* **OAuth2** (also with **JWT tokens**). Check the tutorial on [OAuth2 with JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}.
* API keys in:
    * Headers.
    * Query parameters.
    * Cookies, etc.

Et quand vous vous rendez sur <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>, vous verrez la
documentation générée automatiquement et interactive :

<img src="/img/tutorial/path-params/image01.png">

/// info

À nouveau, en utilisant uniquement les déclarations de type Python, **FastAPI** vous fournit automatiquement une documentation interactive (via Swagger UI).