From aj-geddes-useful-ai-prompts-4
Secure REST APIs with authentication, rate limiting, CORS, input validation, and security middleware. Use when building or hardening API endpoints against common attacks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aj-geddes-useful-ai-prompts-4:api-security-hardeningThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- [Overview](#overview)
Implement comprehensive API security measures including authentication, authorization, rate limiting, input validation, and attack prevention to protect against common vulnerabilities.
Minimal working example:
// secure-api.js - Comprehensive API security
const express = require("express");
const helmet = require("helmet");
const rateLimit = require("express-rate-limit");
const mongoSanitize = require("express-mongo-sanitize");
const xss = require("xss-clean");
const hpp = require("hpp");
const cors = require("cors");
const jwt = require("jsonwebtoken");
const validator = require("validator");
class SecureAPIServer {
constructor() {
this.app = express();
this.setupSecurityMiddleware();
this.setupRoutes();
}
setupSecurityMiddleware() {
// 1. Helmet - Set security headers
this.app.use(
helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
// ... (see reference guides for full implementation)
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| Node.js/Express API Security | Node.js/Express API Security |
| Python FastAPI Security | Python FastAPI Security |
| API Gateway Security Configuration | API Gateway Security Configuration |
npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4Hardens REST APIs with Express middleware for authentication, rate limiting, input validation, security headers. Includes FastAPI/Nginx examples, checklists for production APIs, audits, vulnerabilities.
Guides implementing authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities for REST, GraphQL, and WebSocket APIs.
Guides implementation of secure API patterns: authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities for REST, GraphQL, and WebSocket APIs.