Secure Next.js API Routes

A comprehensive security middleware system for Next.js 13+ App Router API routes that provides authentication, rate limiting, CSRF protection, audit logging, and security headers in a composable, production-ready pattern.

When to use this skill

• Creating new Next.js API routes that need security
• Adding authentication requirements to endpoints
• Implementing rate limiting for API endpoints
• Protecting against CSRF attacks on state-changing operations
• Adding audit logging for security events
• Enforcing request size limits and method restrictions
• Setting security headers automatically

Core Components

This skill consists of 4 integrated modules: