API Security Best Practices

Comprehensive guide and practical snippets to design and harden APIs: authentication, input validation, rate limiting, data protection, and testing patterns to

triggers:api securityjwtrate limitingvalidate inputowasppenetration testingtoken refresh

GitHub SKILL.md

What it does

This skill equips agents with prescriptive API security guidance and ready-to-use code patterns for building and auditing secure APIs. It covers authentication (JWT/OAuth), input validation, rate limiting, secure error handling, and DDoS mitigation, with code examples for Node/Express and recommendations for production-grade deployments.

When to use it

Use during API design, security reviews, audits, or when applying fixes for vulnerabilities (injection, broken auth, improper error handling). Also useful for adding rate limits, token refresh flows, and safe logging practices.

What's included

Scripts: none embedded, but the skill contains many copyable code examples and checklists
References: linked OWASP resources and JWT best-practice pointers within the document
Instructions: step-by-step patterns for auth flows, parameterized queries, validation middleware, rate limiting with Redis, and response header guidance

Compatible agents

Best for code-aware assistants and developers working in Node/Express, Prisma, or other JS backends; applicable to auditors using static analysis tools and security-focused agents (Codex/Claude Code/Copilot).

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: marketplace
Stars: 343
Installs: 0

More from marketplace

Minimal Run & Audit (repro reporting)

Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r

Humanize AI Text

Rewrite AI-generated text into more natural, human-like prose using the HumanizerAI API, with before/after scores and credit tracking.

WP-Migrate — WordPress Migration Skill

Guides WordPress site migration and deployment using wp-migrate.sh: push/archive migrations, rollback, dry-runs, and automation-friendly flows for CI/CD.

SOP: Code Review Workflow

Structured 4-hour SOP for comprehensive code review: automated checks, specialized parallel reviews (quality, security, perf, architecture, docs), integration a

Obsidian CLI

Control and automate an Obsidian vault from the command line: read, create, search, update notes and developer workflows (reload plugins, run JS, screenshot, DO

MatchMS — Mass Spectrometry Utilities

Import, process and compare mass spectrometry spectra (mzML/MGF/MSP) with filters, similarity metrics and reproducible pipelines for metabolomics workflows.

Raindrop.io Bookmark Management

Save, organize, search, and manage Raindrop.io bookmarks and reading lists via natural language and MCP tools.

Configuring tmux — status bars, plugins & widgets

Guides setup and troubleshooting of tmux status bars, frameworks (oh-my-tmux/Catppuccin/tmux-powerline), plugin installation, and widget scripts (weather, finan

Seedance 2.0 Motion Graphics Prompt Generator

Generate 15s motion-graphics prompts for Seedance 2.0 (4 aesthetic styles), with reference-image placeholders and optional Dreamina CLI integration.

Colorize

Add strategic, accessible color to monochromatic interfaces to improve hierarchy, meaning, and visual engagement without sacrificing accessibility.

Related Skills

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Java 25 & Spring Boot 4 Code Reviewer

Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an

ArcKit — French Public Procurement (fr-marche-public)

Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d

Speak Security Basics

Security best practices for integrating Speak: API key management, audio data privacy, student data protection, and COPPA/FERPA compliance for production deploy

RemoFirst — Core Workflow A

Onboarding workflow for RemoFirst: create employee records, upload compliance documents, and track country-specific onboarding status.

Juicebox Common Errors

Identify and remediate common Juicebox API errors (authentication, quotas, rate limits, invalid queries) with quick diagnostics and fixes.

Juicebox Performance Tuning

Guidance and code patterns to reduce Juicebox AI analysis latency: caching, batching, upload chunking, and pagination to improve throughput and responsiveness.

API Security Best Practices

What it does

When to use it

What's included

Compatible agents