Does this skill handle infrastructure-level security?

No, this skill focuses specifically on application-level security, including authentication, authorization, and input validation, rather than network or physical infrastructure.

Does it prevent SQL injection?

Yes, it provides templates for parameterized queries and strict input validation using libraries like Zod and SqlString to mitigate injection attacks.

How does it help with compliance?

It includes patterns and checklists designed to help your API meet standards like GDPR, HIPAA, PCI DSS, and SOC2 through proper data handling and access control.

Which authentication methods are supported?

It provides implementation patterns for JWT, OAuth 2.0 with PKCE, API keys, and session-based authentication.

Can I use this for both REST and GraphQL?

Yes, the security patterns provided, such as RBAC, input sanitization, and rate limiting, are architectural principles applicable to any API protocol.

API Security Patterns

Name: API Security Patterns
Author: pluginagentmarketplace

bypluginagentmarketplace

•

Security & Testing

Implements robust API security architectures using OWASP-aligned patterns for authentication, authorization, and data protection.

About

This skill provides a comprehensive suite of security implementation patterns for modern API development, focusing on industry standards like OAuth 2.0, PKCE, and JWT authentication. It empowers developers to build secure-by-design systems with ready-to-use templates for RBAC/ABAC access control, input sanitization via Zod, and sophisticated rate-limiting strategies. By incorporating OWASP Top 10 mitigations and security header configurations, it ensures that backend services are resilient against common vulnerabilities while maintaining compliance with frameworks like GDPR, HIPAA, and SOC2.

Key Features

Strict input validation and XSS/SQL injection prevention
Automated security header configuration with Helmet
Tiered rate limiting using Redis-backed stores
Role-Based (RBAC) and Attribute-Based (ABAC) access control
1 GitHub stars
JWT and OAuth 2.0 + PKCE authentication flows

Use Cases

Implementing enterprise-grade authentication for a new REST or GraphQL API.
Configuring granular permission systems for multi-tenant SaaS applications.
Auditing and upgrading existing backend services to meet OWASP security standards.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pluginagentmarketplace/custom-plugin-api-design security-patterns

For use in Claude.ai and ChatGPT

Download Skill

GitHub