Overview

Comprehensive guide for implementing secure API endpoints covering authentication, authorization, input validation, rate limiting, and data protection.

When to Use This Skill

Implementing JWT or OAuth2 authentication
Adding input validation and sanitization
Setting up rate limiting and DDoS protection
Securing data in transit and at rest
Reviewing API security posture

How It Works

Step 1: Authentication & Authorization

Implement JWT/OAuth2 authentication
Use short-lived access tokens with refresh tokens
Implement role-based access control (RBAC)
Never store tokens in localStorage (use httpOnly cookies)

Step 2: Input Validation & Sanitization

Validate all input on the server side

Overview

Comprehensive guide for implementing secure API endpoints covering authentication, authorization, input validation, rate limiting, and data protection.

When to Use This Skill

Implementing JWT or OAuth2 authentication
Adding input validation and sanitization
Setting up rate limiting and DDoS protection
Securing data in transit and at rest
Reviewing API security posture

How It Works

Step 1: Authentication & Authorization

Implement JWT/OAuth2 authentication
Use short-lived access tokens with refresh tokens
Implement role-based access control (RBAC)
Never store tokens in localStorage (use httpOnly cookies)

Step 2: Input Validation & Sanitization

Validate all input on the server side

Api Security Best Practices

Overview

When to Use This Skill

How It Works

Step 1: Authentication & Authorization

Step 2: Input Validation & Sanitization

Api Security Best Practices

Overview

When to Use This Skill

How It Works

Step 1: Authentication & Authorization

Step 2: Input Validation & Sanitization

Step 3: Rate Limiting & Throttling

Step 4: Data Protection

Step 5: API Security Testing

Best Practices

✅ Do This

❌ Don't Do This

OWASP API Security Top 10

Security Checklist

Authentication & Authorization

Input Validation

Rate Limiting & DDoS Protection

Data Protection

Monitoring & Logging

1password

Springboot Security

Security Review

Laravel Security

Security Review

Django Security

Api Security Best Practices

Overview

When to Use This Skill

How It Works

Step 1: Authentication & Authorization

Step 2: Input Validation & Sanitization

Api Security Best Practices

Overview

When to Use This Skill

How It Works

Step 1: Authentication & Authorization

Step 2: Input Validation & Sanitization

Step 3: Rate Limiting & Throttling

Step 4: Data Protection

Step 5: API Security Testing

Best Practices

✅ Do This

❌ Don't Do This

OWASP API Security Top 10

Security Checklist

Authentication & Authorization

Input Validation

Rate Limiting & DDoS Protection

Data Protection

Monitoring & Logging

Related Skills

1password

Springboot Security

Security Review

Laravel Security

Security Review

Django Security