Can I use this for GraphQL and WebSockets?

Yes, the skill covers security patterns applicable to REST, GraphQL, and WebSocket protocols, including specific transport-level security and validation strategies.

How does this skill help prevent SQL injection?

It guides you through implementing parameterized queries, using ORMs with proper escaping, and setting up rigorous input validation schemas using tools like Zod.

Does it support modern authentication methods?

Absolutely. It provides detailed implementation guides for JWT, OAuth 2.0, API keys, and multi-factor authentication (MFA) for various backend frameworks.

How does it handle rate limiting?

The skill helps you configure per-user or per-IP throttling, set request quotas, and handle rate-limit errors gracefully to protect your services from abuse.

Does it help with OWASP compliance?

Yes, it specifically includes patterns and testing steps designed to address the OWASP API Security Top 10 vulnerabilities.

API Security Best Practices

Name: API Security Best Practices
Author: claudiodearaujo

byclaudiodearaujo

0•

セキュリティとテスト

Implements robust API security patterns including authentication, authorization, and protection against common vulnerabilities like SQL injection and DDoS.

This Claude Code skill provides developers with a comprehensive framework for building and auditing secure APIs across REST, GraphQL, and WebSocket architectures. It guides the implementation of modern security standards such as JWT authentication, Role-Based Access Control (RBAC), and Zod-based input validation, while offering specific strategies to mitigate OWASP API Top 10 threats. Whether you are designing a new system or hardening an existing one, this skill ensures data integrity and user protection through standardized security headers, encryption, and rate-limiting protocols.

主な機能

01Implementation of JWT, OAuth 2.0, and Multi-Factor Authentication (MFA)

02Secure data handling with HTTPS/TLS encryption and sanitized error messages

03Automated security testing against OWASP API Top 10 vulnerabilities

040 GitHub stars

05Rate limiting and throttling configurations to mitigate DDoS and abuse

06Advanced input validation and sanitization to prevent SQLi and XSS

ユースケース

01Securing existing REST or GraphQL endpoints before production deployment

02Implementing Role-Based Access Control (RBAC) and session management

03Conducting internal security reviews and preparing for formal compliance audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter api-security-best-practices

For use in Claude.ai and ChatGPT

Download Skill