Apply Apollo.io API security best practices. Use when securing Apollo integrations, managing API keys, or implementing secure data handling. Trigger with phrases like "apollo security", "secure apollo api", "apollo api key security", "apollo data protection".
/plugin marketplace add jeremylongshore/claude-code-plugins-plus-skills/plugin install apollo-pack@claude-code-plugins-plusThis skill is limited to using the following tools:
Implement security best practices for Apollo.io API integrations including key management, data protection, and access controls.
// BAD - Never do this
const apiKey = 'sk_live_abc123...';
// GOOD - Use environment variables
const apiKey = process.env.APOLLO_API_KEY;
// BETTER - Validate on startup
if (!process.env.APOLLO_API_KEY) {
throw new Error('APOLLO_API_KEY environment variable is required');
}
# .env file (never commit!)
APOLLO_API_KEY=your-api-key-here
# .gitignore (always include!)
.env
.env.local
.env.*.local
*.key
// src/lib/apollo/key-rotation.ts
interface KeyConfig {
primary: string;
secondary?: string;
rotateAt?: Date;
}
class ApiKeyManager {
private config: KeyConfig;
constructor() {
this.config = {
primary: process.env.APOLLO_API_KEY!,
secondary: process.env.APOLLO_API_KEY_SECONDARY,
rotateAt: process.env.APOLLO_KEY_ROTATE_AT
? new Date(process.env.APOLLO_KEY_ROTATE_AT)
: undefined,
};
}
getActiveKey(): string {
if (this.config.rotateAt && new Date() > this.config.rotateAt) {
if (this.config.secondary) {
return this.config.secondary;
}
console.warn('Key rotation date passed but no secondary key available');
}
return this.config.primary;
}
async testKey(key: string): Promise<boolean> {
try {
const response = await axios.get('https://api.apollo.io/v1/auth/health', {
params: { api_key: key },
});
return response.status === 200;
} catch {
return false;
}
}
async rotateKeys(): Promise<void> {
if (!this.config.secondary) {
throw new Error('No secondary key configured for rotation');
}
// Verify secondary key works
const isValid = await this.testKey(this.config.secondary);
if (!isValid) {
throw new Error('Secondary key is invalid');
}
// Swap keys
console.log('Rotating API keys...');
this.config.primary = this.config.secondary;
this.config.secondary = undefined;
// TODO: Persist to secure storage
}
}
// Force HTTPS
const apolloClient = axios.create({
baseURL: 'https://api.apollo.io/v1', // Always HTTPS
timeout: 30000,
});
// Validate SSL certificates (default in production)
// For development ONLY, you might need:
// httpsAgent: new https.Agent({ rejectUnauthorized: false })
// If using Apollo Enterprise with IP restrictions
// Configure your server's outbound IP in Apollo settings
// For cloud deployments, use static IPs:
// - Google Cloud: Configure Cloud NAT with static IPs
// - AWS: Use NAT Gateway with Elastic IP
// - Azure: Configure NAT Gateway with public IP
// src/lib/apollo/pii-handler.ts
const PII_FIELDS = ['email', 'phone', 'personal_email', 'mobile_phone'];
function redactPII(data: any, fields: string[] = PII_FIELDS): any {
if (!data) return data;
if (Array.isArray(data)) {
return data.map((item) => redactPII(item, fields));
}
if (typeof data === 'object') {
const result: any = {};
for (const [key, value] of Object.entries(data)) {
if (fields.includes(key) && typeof value === 'string') {
result[key] = redactForLogging(value);
} else {
result[key] = redactPII(value, fields);
}
}
return result;
}
return data;
}
function redactForLogging(value: string): string {
if (value.includes('@')) {
// Email: show first 2 chars and domain
const [local, domain] = value.split('@');
return `${local.substring(0, 2)}***@${domain}`;
}
// Phone: show last 4 digits
return `***-***-${value.slice(-4)}`;
}
// Usage in logging
console.log('Contact data:', redactPII(contactData));
// src/lib/apollo/secure-logger.ts
import pino from 'pino';
const logger = pino({
redact: {
paths: [
'api_key',
'apiKey',
'*.api_key',
'*.email',
'*.phone',
'headers.authorization',
],
censor: '[REDACTED]',
},
});
// Apollo request interceptor with secure logging
apolloClient.interceptors.request.use((config) => {
logger.info({
type: 'apollo_request',
method: config.method,
url: config.url,
// Don't log full request body
bodyKeys: config.data ? Object.keys(config.data) : [],
});
return config;
});
// src/lib/apollo/data-retention.ts
interface CacheConfig {
ttlMinutes: number;
maxEntries: number;
}
class SecureCache {
private cache = new Map<string, { data: any; expiresAt: number }>();
private config: CacheConfig;
constructor(config: CacheConfig) {
this.config = config;
// Cleanup expired entries every minute
setInterval(() => this.cleanup(), 60000);
}
set(key: string, data: any): void {
// Enforce max entries
if (this.cache.size >= this.config.maxEntries) {
const oldest = [...this.cache.entries()].sort(
(a, b) => a[1].expiresAt - b[1].expiresAt
)[0];
if (oldest) this.cache.delete(oldest[0]);
}
this.cache.set(key, {
data,
expiresAt: Date.now() + this.config.ttlMinutes * 60 * 1000,
});
}
get(key: string): any | null {
const entry = this.cache.get(key);
if (!entry) return null;
if (Date.now() > entry.expiresAt) {
this.cache.delete(key);
return null;
}
return entry.data;
}
private cleanup(): void {
const now = Date.now();
for (const [key, entry] of this.cache.entries()) {
if (now > entry.expiresAt) {
this.cache.delete(key);
}
}
}
clear(): void {
this.cache.clear();
}
}
// Short TTL for sensitive data
export const apolloCache = new SecureCache({
ttlMinutes: 15,
maxEntries: 1000,
});
// Different keys for different access levels
const API_KEYS = {
readonly: process.env.APOLLO_API_KEY_READONLY,
standard: process.env.APOLLO_API_KEY_STANDARD,
admin: process.env.APOLLO_API_KEY_ADMIN,
};
function getApiKeyForOperation(operation: string): string {
const readOnlyOps = ['search', 'enrich', 'get'];
const adminOps = ['delete', 'bulk_update'];
if (adminOps.some((op) => operation.includes(op))) {
return API_KEYS.admin!;
}
if (readOnlyOps.some((op) => operation.includes(op))) {
return API_KEYS.readonly!;
}
return API_KEYS.standard!;
}
| Issue | Mitigation |
|---|---|
| Key exposure | Immediate rotation |
| PII in logs | Implement redaction |
| Unauthorized access | Audit and revoke |
| Data breach | Follow incident response |
Proceed to apollo-prod-checklist for production deployment.
This skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.
Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.