Hardens REST APIs with Express middleware for authentication, rate limiting, input validation, security headers. Includes FastAPI/Nginx examples, checklists for production APIs, audits, vulnerabilities.
How this skill is triggered — by the user, by Claude, or both
Slash command
/api-security-hardening:api-security-hardeningThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Protect REST APIs against common vulnerabilities with multiple security layers.
Protect REST APIs against common vulnerabilities with multiple security layers.
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');
app.use(helmet());
app.use(mongoSanitize());
app.use(xss());
app.use('/api/', rateLimit({
windowMs: 15 * 60 * 1000,
max: 100
}));
app.use('/api/auth/', rateLimit({
windowMs: 15 * 60 * 1000,
max: 5
}));
const { body, validationResult } = require('express-validator');
app.post('/users',
body('email').isEmail().normalizeEmail(),
body('password').isLength({ min: 8 }).matches(/[A-Z]/).matches(/[0-9]/),
body('name').trim().escape().isLength({ max: 100 }),
(req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
// Process request
}
);
app.use((req, res, next) => {
res.setHeader('Content-Security-Policy', "default-src 'self'");
res.setHeader('X-Frame-Options', 'DENY');
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
res.setHeader('X-XSS-Protection', '1; mode=block');
next();
});
See references/python-nginx.md for:
npx claudepluginhub midego1/claude-skills --plugin api-security-hardeningHardens REST APIs with Express middleware for authentication, rate limiting, input validation, security headers. Includes FastAPI/Nginx examples, checklists for production APIs, audits, vulnerabilities.
Secure REST APIs with authentication, rate limiting, CORS, input validation, and security middleware. Use when building or hardening API endpoints against common attacks.
Guides implementing authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities for REST, GraphQL, and WebSocket APIs.