api-security-best-practices
Comprehensive guide to securing APIs through authentication, authorization, input validation, rate limiting, and vulnerability protection.
- Covers five core security areas: JWT/OAuth authentication, role-based access control, input validation with parameterized queries, rate limiting with Redis, and DDoS protection via security headers
- Includes practical code examples for token generation, refresh flows, SQL injection prevention, XSS sanitization, and tiered rate limiting by user tier
- Addresses OWASP API Top 10 vulnerabilities with specific mitigation strategies and common pitfalls like exposed secrets, weak passwords, and missing authorization checks
- Provides security checklists for authentication, data protection, monitoring, and testing across REST, GraphQL, and WebSocket APIs
API Security Best Practices
Overview
Guide developers in building secure APIs by implementing authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities. This skill covers security patterns for REST, GraphQL, and WebSocket APIs.
When to Use This Skill
- Use when designing new API endpoints
- Use when securing existing APIs
- Use when implementing authentication and authorization
- Use when protecting against API attacks (injection, DDoS, etc.)
- Use when conducting API security reviews
- Use when preparing for security audits
- Use when implementing rate limiting and throttling
- Use when handling sensitive data in APIs
How It Works
More from sickn33/antigravity-awesome-skills
docker-expert
You are an advanced Docker containerization expert with comprehensive, practical knowledge of container optimization, security hardening, multi-stage builds, orchestration patterns, and production deployment strategies based on current industry best practices.
15.0Knodejs-best-practices
Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.
11.2Ktypescript-expert
TypeScript and JavaScript expert with deep knowledge of type-level programming, performance optimization, monorepo management, migration strategies, and modern tooling.
8.3Kclean-code
This skill embodies the principles of \"Clean Code\" by Robert C. Martin (Uncle Bob). Use it to transform \"code that works\" into \"code that is clean.\"
6.6Knextjs-best-practices
Next.js App Router principles. Server Components, data fetching, routing patterns.
5.2Knextjs-supabase-auth
Expert integration of Supabase Auth with Next.js App Router
4.8K