api-security-best-practices
This skill provides a collection of security patterns and code examples for building secure REST, GraphQL, and WebSocket APIs. It covers authentication, authorization, input validation, rate limiting, and data protection strategies.
Is api-security-best-practices safe to install?
Safe to install: our audit of api-security-best-practices's source files found 0 shell commands, 0 external URLs, no file writes (none risk). Every command and URL listed appears verbatim in the skill's source. The skill provides documentation and code snippets for educational purposes. It does not execute code or perform network requests.
How we audit skills: our security review methodology.
Who is this skill for?
Developers and security engineers designing, auditing, or securing API endpoints.
What can you do with it?
- Designing new API endpoints
- Securing existing APIs
- Implementing authentication and authorization
- Protecting against API attacks like injection and DDoS
- Conducting API security reviews
- Preparing for security audits
- Implementing rate limiting and throttling
- Handling sensitive data in APIs
How good is this skill?
Quality score: 5/10. The skill provides clear, well-structured code examples and actionable security checklists. It covers essential topics like OWASP API Top 10 vulnerabilities.
What does the skill file contain?
# API Security Best Practices ## Overview Guide developers in building secure APIs by implementing authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities. This skill covers security patterns for REST, GraphQL, and WebSocket APIs. ## When to Use This Skill - Use when designing new API endpoints - Use when securing existing APIs - Use when implementing authentication and authorization - Use when protecting against API attacks (injection, DDoS, etc.) - Use when conducting API security reviews - Use when preparing for security audits - Use...
Frequently asked questions
Does this skill automatically secure my API?
No. The skill provides patterns and code examples that developers must implement manually within their own codebase.
Which authentication methods does this skill cover?
The skill covers JWT, OAuth 2.0, and API keys.
Does the skill provide tools for input validation?
Yes. It demonstrates the use of Zod for schema validation and DOMPurify for sanitizing HTML content to prevent XSS.
Related skills
lark-shared
344.2KAI agents assisting users with lark-cli configuration, authentication, and resource management
The lark-shared skill provides instructions and protocols for managing lark-cli authentication, identity switching between user and bot, and handling permissions or high-risk operations.
openclaw-secure-linux-cloud
270.1KUsers deploying OpenClaw on remote Linux cloud servers or VMs who require secure, hardened configurations
This skill provides a secure deployment and hardening framework for self-hosting OpenClaw on Linux cloud servers. It prioritizes private control planes, loopback binding, and SSH tunneling over public exposure.
find-skills
225.2KUsers and AI agents seeking to discover, evaluate, and install third-party agent skills from public registries
The find-skills skill searches multiple agent skill registries (skills.sh, clawhub.ai, and GitHub) in parallel to help users discover, vet, and install relevant agent capabilities. It provides a comparative report based on native popularity metrics, performs a heuristic security scan on top candidates, and flags skills already present on the user's system.
supabase
153.8KDevelopers building applications with Supabase who require assistance with database schema design, security policy implementation, CLI operations, and integration troubleshooting
The Supabase skill provides guidance for developing with the Supabase platform, including database management, authentication, RLS policies, CLI usage, and MCP server integration. It emphasizes verifying implementation against current documentation, following security checklists, and using specific CLI commands for schema migrations.