Stats
Actions
Tags
Hardens REST APIs with Express middleware for authentication, rate limiting, input validation, security headers. Includes FastAPI/Nginx examples, checklists for production APIs, audits, vulnerabilities.
How this skill is triggered — by the user, by Claude, or both
Slash command
/api-security-hardening:api-security-hardeningThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Protect REST APIs against common vulnerabilities with multiple security layers.
Protect REST APIs against common vulnerabilities with multiple security layers.
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');
app.use(helmet());
app.use(mongoSanitize());
app.use(xss());
app.use('/api/', rateLimit({
windowMs: 15 * 60 * 1000,
max: 100
}));
app.use('/api/auth/', rateLimit({
windowMs: 15 * 60 * 1000,
max: 5
}));
const { body, validationResult } = require('express-validator');
app.post('/users',
body('email').isEmail().normalizeEmail(),
body('password').isLength({ min: 8 }).matches(/[A-Z]/).matches(/[0-9]/),
body('name').trim().escape().isLength({ max: 100 }),
(req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
// Process request
}
);
app.use((req, res, next) => {
res.setHeader('Content-Security-Policy', "default-src 'self'");
res.setHeader('X-Frame-Options', 'DENY');
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
res.setHeader('X-XSS-Protection', '1; mode=block');
next();
});
See references/python-nginx.md for:
npx claudepluginhub secondsky/claude-skills --plugin api-security-hardeningGuides implementing authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities for REST, GraphQL, and WebSocket APIs.
Implements secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities for REST, GraphQL, and WebSocket APIs. Use when designing, securing, or reviewing APIs.
Produces prioritized security hardening specs and implements them: auth patterns, headers, rate limiting, input validation, secrets management, dependency hygiene. Use for 'harden this', 'secure service', or pre-launch checks.