api-security-auth-pattern
Installation
SKILL.md
API Security & Auth Skill
Design complete authentication and security layers for any API.
Auth Pattern Selection Guide
| Use Case | Recommended Pattern |
|---|---|
| User-facing web/mobile app | OAuth 2.0 + JWT (Authorization Code + PKCE) |
| Server-to-server (M2M) | OAuth 2.0 Client Credentials + JWT |
| Simple 3rd party access | API Key (header) |
| High-security enterprise | mTLS + short-lived JWT |
| Microservices internal | JWT propagation or service mesh (mTLS) |
| Webhook verification | HMAC-SHA256 signature header |