Skills

api-security

Installation
SKILL.md

API Security Development Guide

Structured approach to building secure APIs, covering OWASP API Security Top 10 (2023), secure design patterns, and verification checklists. Apply these guidelines throughout the API development lifecycle — from threat modeling to deployment monitoring.

Secure API Development Lifecycle

Phase 1: API Threat Modeling and Design

  • Identify API attack surfaces: public endpoints, authenticated endpoints, admin endpoints, webhooks, third-party integrations
  • Map data flows: what sensitive data crosses each API boundary
  • Define authorization model: which users/roles access which resources and properties
  • Design security controls:
    • Centralized authentication (OAuth2/OIDC at API gateway)
    • Object-level authorization at data access layer
    • Schema-based input validation at every endpoint
    • Rate limiting per endpoint sensitivity
    • API versioning with deprecation strategy

Phase 2: Secure Implementation

Installs
4
Repository
jim60105/copilot-prompt
GitHub Stars
19
First Seen
Mar 29, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
api-security — jim60105/copilot-prompt