Can I use this to implement Multi-Factor Authentication (MFA)?

Absolutely. The skill includes guidance on implementing MFA alongside standard JWT and OAuth 2.0 authentication flows.

What vulnerabilities does this skill help prevent?

The skill helps protect against common vulnerabilities including SQL injection, Cross-Site Scripting (XSS), Broken Object Level Authorization (BOLA), and credential stuffing.

Does it support modern API formats like GraphQL?

Yes, it provides security patterns specifically designed for REST, GraphQL, and WebSocket APIs.

How does it handle rate limiting?

It provides implementation patterns for setting up rate limiting per user or IP, configuring request quotas, and handling throttling errors gracefully.

API Security Best Practices

Name: API Security Best Practices
Author: claudiodearaujo

byclaudiodearaujo

0•

API Development

Implements robust API security patterns including authentication, authorization, and protection against common web vulnerabilities.

This skill provides specialized guidance for developers to architect and implement high-security APIs by providing domain-specific patterns for authentication protocols like JWT and OAuth 2.0, role-based access control (RBAC), and rigorous input validation. It covers essential defense mechanisms such as rate limiting to prevent DDoS attacks, data encryption for both transit and storage, and systematic protection against the OWASP API Top 10 vulnerabilities. Whether you are building a new RESTful service or auditing an existing GraphQL endpoint, this skill ensures your backend infrastructure meets modern security standards and production-grade requirements.

Key Features

01Configurable rate limiting and throttling to mitigate API abuse

02Implementation of secure JWT and OAuth 2.0 authentication flows

03Role-based access control (RBAC) and granular session management

040 GitHub stars

05Automated input validation and sanitization strategies to prevent injection

06Security auditing tools aligned with OWASP API Top 10 standards

Use Cases

01Refactoring legacy code to prevent SQL injection, XSS, and command injection

02Architecting and securing new REST, GraphQL, or WebSocket API endpoints

03Preparing backend infrastructure for security audits and compliance reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter api-security-best-practices

For use in Claude.ai and ChatGPT

Download Skill