Can I use this to implement Multi-Factor Authentication (MFA)?

Absolutely. The skill includes guidance on implementing MFA alongside standard JWT and OAuth 2.0 authentication flows.

What vulnerabilities does this skill help prevent?

The skill helps protect against common vulnerabilities including SQL injection, Cross-Site Scripting (XSS), Broken Object Level Authorization (BOLA), and credential stuffing.

Does it support modern API formats like GraphQL?

Yes, it provides security patterns specifically designed for REST, GraphQL, and WebSocket APIs.

How does it handle rate limiting?

It provides implementation patterns for setting up rate limiting per user or IP, configuring request quotas, and handling throttling errors gracefully.

API Security Best Practices

Name: API Security Best Practices
Author: claudiodearaujo

byclaudiodearaujo

Desarrollo de API

Implements robust API security patterns including authentication, authorization, and protection against common web vulnerabilities.

Acerca de

This skill provides specialized guidance for developers to architect and implement high-security APIs by providing domain-specific patterns for authentication protocols like JWT and OAuth 2.0, role-based access control (RBAC), and rigorous input validation. It covers essential defense mechanisms such as rate limiting to prevent DDoS attacks, data encryption for both transit and storage, and systematic protection against the OWASP API Top 10 vulnerabilities. Whether you are building a new RESTful service or auditing an existing GraphQL endpoint, this skill ensures your backend infrastructure meets modern security standards and production-grade requirements.

Características Principales

Configurable rate limiting and throttling to mitigate API abuse
Implementation of secure JWT and OAuth 2.0 authentication flows
Role-based access control (RBAC) and granular session management
0 GitHub stars
Automated input validation and sanitization strategies to prevent injection
Security auditing tools aligned with OWASP API Top 10 standards

Casos de Uso

Refactoring legacy code to prevent SQL injection, XSS, and command injection
Architecting and securing new REST, GraphQL, or WebSocket API endpoints
Preparing backend infrastructure for security audits and compliance reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter api-security-best-practices

For use in Claude.ai and ChatGPT

Download Skill

GitHub