Security skill

API hardening

Defense-in-depth patterns for protecting APIs from abuse, injection attacks, and data leakage.

When to use

What's included

Rate limiting

Express.js middleware patterns, sliding window implementation, per-user limits with API key tiers (free/pro/enterprise).

Input validation

Zod schema validation, sanitization helpers for HTML/strings/filenames, parameterized queries for SQL injection prevention.

CORS configuration

Allowlist patterns for development and production, common mistakes to avoid, credential handling best practices.

API key management

Secure generation with prefixes, SHA-256 hashing for storage, verification middleware, and revocation patterns.

Response security

Error handling that doesn't leak info, security headers with Helmet, preventing stack trace exposure in production.

Timeout protection

Request timeout middleware, external API call timeouts with AbortController, database query timeout patterns.

Security checklist

  • Rate limiting on all endpoints
  • Stricter limits on auth endpoints
  • Input validation with schema library
  • Parameterized database queries
  • CORS configured for specific origins
  • API keys hashed before storage
  • Request size limits configured
  • Timeouts on all external calls
  • Security headers via Helmet
  • Error messages don't leak system info
  • All auth via HTTPS only

Rate limit tiers

Tier Window Max requests
Free 1 minute 10
Pro 1 minute 100
Enterprise 1 minute 1,000
Auth endpoints 15 minutes 5
Password reset 1 hour 3

Installation

# Clone the repository

git clone https://github.com/jamditis/claude-skills-journalism.git

# Copy the skill to your Claude config

cp -r claude-skills-journalism/api-hardening ~/.claude/skills/

Or download just this skill from the GitHub repository.

Related skills

Security checklist Secure auth Python pipeline

Protect your APIs from abuse

Rate limiting, input validation, CORS, and API key management patterns for Express.js and FastAPI.

View on GitHub