Skill

api-security-hardening

Secures REST APIs with authentication, rate limiting, CORS, input validation, and security middleware. Use when building new APIs, hardening endpoints, or remediating audits against common attacks.

Express

Fastapi

Install

npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- [Overview](#overview)

Supporting Assets

references/api-gateway-security-configuration.mdreferences/nodejsexpress-api-security.mdreferences/python-fastapi-security.mdscripts/security-checklist.sh

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars180

Forks28

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

API Security Hardening

Table of Contents

Overview

Implement comprehensive API security measures including authentication, authorization, rate limiting, input validation, and attack prevention to protect against common vulnerabilities.

When to Use

New API development

Security audit remediation

Production API hardening

Compliance requirements

High-traffic API protection

Public API exposure

Quick Start

Minimal working example:

// secure-api.js - Comprehensive API security const express = require("express"); const helmet = require("helmet"); const rateLimit = require("express-rate-limit"); const mongoSanitize = require("express-mongo-sanitize"); const xss = require("xss-clean"); const hpp = require("hpp"); const cors = require("cors"); const jwt = require("jsonwebtoken"); const validator = require("validator"); class SecureAPIServer { constructor() { this.app = express(); this.setupSecurityMiddleware(); this.setupRoutes(); } setupSecurityMiddleware() { // 1. Helmet - Set security headers this.app.use( helmet({ contentSecurityPolicy: { directives: { defaultSrc: ["'self'"], // ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide

Contents

Node.js/Express API Security

Python FastAPI Security

API Gateway Security Configuration

Best Practices

✅ DO

Use HTTPS everywhere

Implement rate limiting

Validate all inputs

Use security headers

Log security events

Implement CORS properly

Use strong authentication

Version your APIs

❌ DON'T

Expose stack traces

Return detailed errors

Trust user input

Use HTTP for APIs

Skip input validation

Ignore rate limiting