Gerekirse, ayarlar ve environment variable'ları kullanarak OpenAPI'yi ortama göre koşullu şekilde yapılandırabilir, hatta tamamen devre dışı bırakabilirsiniz.

## Güvenlik, API'ler ve dokümantasyon hakkında { #about-security-apis-and-docs }

Production ortamında dokümantasyon arayüzlerini gizlemek, API'nizi korumanın yolu olmamalıdır.

Bu, API'nize ekstra bir güvenlik katmanı eklemez; path operation'lar bulundukları yerde yine erişilebilir olacaktır.

### 認証 { #authenticate }

「Authorize」ボタンをクリックします。

次の認証情報を使います:

User: `johndoe`

Password: `secret`

<img src="/img/tutorial/security/image04.png">

システムで認証されると、次のように表示されます:

<img src="/img/tutorial/security/image05.png">

### 自分のユーザーデータを取得 { #get-your-own-user-data }

`GET` の path `/users/me` を使います。

次のようなユーザーデータが取得できます:

```JSON
{

                        // Group changelogs for each type by their team area
                        groupingBy(
                            // `security` and `known-issue` areas don't need to supply an area
                            entry -> entry.getType().equals("known-issue") || entry.getType().equals("security")
                                ? "_all_"
                                : entry.getArea(),
                            TreeMap::new,

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.tls

import java.security.GeneralSecurityException
import java.security.cert.Certificate
import java.security.cert.X509Certificate
import java.util.ArrayDeque
import java.util.Deque
import javax.net.ssl.SSLPeerUnverifiedException

/**

        response.connection
          .socket()
          .javaClass.name,
      ).isEqualTo(
        "sun.security.ssl.SSLSocketImpl",
      )
    }
  }

  @Test
  fun testSupportedProtocols() {
    val factory = SSLSocketFactory.getDefault()
    assertThat(factory.javaClass.name).isEqualTo("sun.security.ssl.SSLSocketFactoryImpl")
    val s = factory.createSocket() as SSLSocket

    when {

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.mockwebserver.Dispatcher;

    int NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 0x00002000;

    /**
    * Sent by the server to indicate that the server and client are
    * on the same machine.  This implies that the server will include
    * a local security context handle in the Type 2 message, for
    * use in local authentication.
    */
    int NTLMSSP_NEGOTIATE_LOCAL_CALL = 0x00004000;

    /**
    * Indicates that authenticated communication between the client

import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.security.MessageDigest;
import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.junit.jupiter.api.DisplayName;

import static org.mockito.Mockito.reset;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;

import java.util.HashMap;
import java.util.Map;

import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;

import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

- `HTTPBasic` を使って「`security` スキーム」を作成します。
- その `security` を依存関係として path operation に使用します。
- `HTTPBasicCredentials` 型のオブジェクトが返ります:
    - 送信された `username` と `password` を含みます。

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

URL を最初に開こうとしたとき（またはドキュメントで「Execute」ボタンをクリックしたとき）、ブラウザはユーザー名とパスワードの入力を求めます:

<img src="/img/tutorial/security/image12.png">

## ユーザー名の確認 { #check-the-username }