Which API gateways are supported by this skill?

The skill provides configuration patterns and implementation guidance for major platforms including Kong, AWS API Gateway, Azure APIM, and Apigee.

Can I use this for mutual TLS (mTLS) setup?

Yes, the skill includes automated workflows for generating CAs, client certificates, and configuring gateway plugins to enforce two-way certificate-based authentication.

How does it handle rate limiting?

It configures strategies based on client credentials or IP addresses, utilizing local or distributed policies (like Redis) to prevent resource exhaustion and service abuse.

Can this skill help with OWASP Top 10 protection?

Yes, it includes WAF integration and request validation patterns specifically designed to block SQL injection, XSS, and other common web-based attack vectors.

Does this replace security at the backend service level?

No, it follows the principle of defense in depth. While the gateway handles centralized enforcement, backend services should still perform their own local authorization and input validation.

API Gateway Security Implementation

Name: API Gateway Security Implementation
Author: micsapp

bymicsapp

0•

セキュリティとテスト

Secures microservices and APIs by implementing centralized gateway controls including authentication, rate limiting, and threat protection.

This skill enables AI agents to configure and deploy robust security layers at the API gateway level for platforms like Kong, AWS API Gateway, and Azure APIM. It provides standardized patterns for enforcing JWT authentication, mutual TLS (mTLS), schema-based request validation, and IP restrictions. By centralizing these controls, the skill ensures consistent security policies across all backend services, protects against common OWASP threats via WAF integration, and implements sophisticated rate-limiting strategies to prevent API abuse and ensure high availability.

主な機能

01OpenAPI schema-based request and response validation

02Mutual TLS (mTLS) for secure service-to-service communication

03WAF integration for SQLi, XSS, and bot protection

040 GitHub stars

05Centralized JWT and OAuth2 authentication enforcement

06Granular rate limiting and quota management

ユースケース

01Deploying a security layer for a distributed microservices architecture

02Protecting public APIs from DDoS attacks and brute-force attempts

03Enforcing strict input validation at the edge to prevent backend exploits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-api-gateway-security-controls

For use in Claude.ai and ChatGPT

主な機能

01OpenAPI schema-based request and response validation

02Mutual TLS (mTLS) for secure service-to-service communication

03WAF integration for SQLi, XSS, and bot protection

040 GitHub stars

05Centralized JWT and OAuth2 authentication enforcement

06Granular rate limiting and quota management

ユースケース

01Deploying a security layer for a distributed microservices architecture

02Protecting public APIs from DDoS attacks and brute-force attempts

03Enforcing strict input validation at the edge to prevent backend exploits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-api-gateway-security-controls

For use in Claude.ai and ChatGPT