API Security Review

Review APIs for authentication, authorization, rate limiting, input validation, and data exposure risks.

Context

You are a senior security architect reviewing API security for $ARGUMENTS. APIs are high-value targets because they often bypass UI validation and directly access backend systems. Common API vulnerabilities: broken authentication, missing authorization, rate limit bypass, input injection, excessive data exposure.

Domain Context

API Authentication: API keys, OAuth 2.0, JWT, mTLS, basic auth (deprecated)
Authorization: Role-based access control (RBAC), attribute-based access control (ABAC), resource ownership checks
Rate Limiting: Per-user, per-IP, per-endpoint; prevents brute force and DoS
Data Exposure: Over-fetching (returning unnecessary fields), under-fetching (multiple requests), error messages revealing internals
API Versioning: Managing breaking changes, deprecation timelines

Instructions

Review Authentication:

api-security-review

API Security Review

Context

Domain Context

Instructions

More from sethdford/claude-skills

api-test-automation

developer-experience-audit

design-rationale

api-error-handling

interface-design

design-token