Does this skill handle infrastructure-level security?

No, this skill focuses specifically on application-level security, including authentication, authorization, and input validation, rather than network or physical infrastructure.

Does it prevent SQL injection?

Yes, it provides templates for parameterized queries and strict input validation using libraries like Zod and SqlString to mitigate injection attacks.

How does it help with compliance?

It includes patterns and checklists designed to help your API meet standards like GDPR, HIPAA, PCI DSS, and SOC2 through proper data handling and access control.

Which authentication methods are supported?

It provides implementation patterns for JWT, OAuth 2.0 with PKCE, API keys, and session-based authentication.

Can I use this for both REST and GraphQL?

Yes, the security patterns provided, such as RBAC, input sanitization, and rate limiting, are architectural principles applicable to any API protocol.

API Security Patterns

Name: API Security Patterns
Author: pluginagentmarketplace

bypluginagentmarketplace

•

Security & Testing

Implements robust API security architectures using OWASP-aligned patterns for authentication, authorization, and data protection.

This skill provides a comprehensive suite of security implementation patterns for modern API development, focusing on industry standards like OAuth 2.0, PKCE, and JWT authentication. It empowers developers to build secure-by-design systems with ready-to-use templates for RBAC/ABAC access control, input sanitization via Zod, and sophisticated rate-limiting strategies. By incorporating OWASP Top 10 mitigations and security header configurations, it ensures that backend services are resilient against common vulnerabilities while maintaining compliance with frameworks like GDPR, HIPAA, and SOC2.

Key Features

01Strict input validation and XSS/SQL injection prevention

02Automated security header configuration with Helmet

03Tiered rate limiting using Redis-backed stores

04Role-Based (RBAC) and Attribute-Based (ABAC) access control

051 GitHub stars

06JWT and OAuth 2.0 + PKCE authentication flows

Use Cases

01Implementing enterprise-grade authentication for a new REST or GraphQL API.

02Configuring granular permission systems for multi-tenant SaaS applications.

03Auditing and upgrading existing backend services to meet OWASP security standards.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pluginagentmarketplace/custom-plugin-api-design security-patterns

For use in Claude.ai and ChatGPT

Download Skill