How do I install api-security-hardening?

Run `npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill api-security-hardening` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does api-security-hardening support?

api-security-hardening works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is api-security-hardening free to use?

Yes. api-security-hardening is free to install and use. It is available from the open Skills registry published by aj-geddes.

Backend

api-security-hardening▌

Name: api-security-hardening
Availability: InStock
Author: aj-geddes

aj-geddes/useful-ai-prompts · updated Apr 8, 2026

$npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill api-security-hardening

summary

Comprehensive security middleware for REST APIs covering authentication, rate limiting, input validation, and attack prevention.

›Implements multiple security layers: helmet for HTTP headers, rate limiting, CORS configuration, input sanitization, and XSS/HPP protection
›Supports Node.js/Express and Python FastAPI with reference implementations for each framework
›Includes JWT-based authentication, input validation with sanitization, and security event logging
›Provides best practices

skill.md

API Security Hardening

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive API security measures including authentication, authorization, rate limiting, input validation, and attack prevention to protect against common vulnerabilities.

When to Use

New API development
Security audit remediation
Production API hardening
Compliance requirements
High-traffic API protection
Public API exposure

Quick Start

Minimal working example:

// secure-api.js - Comprehensive API security
const express = require("express");
const helmet = require("helmet");
const rateLimit = require("express-rate-limit");
const mongoSanitize = require("express-mongo-sanitize");
const xss = require("xss-clean");
const hpp = require("hpp");
const cors = require("cors");
const jwt = require("jsonwebtoken");
const validator = require("validator");

class SecureAPIServer {
  constructor() {
    this.app = express();
    this.setupSecurityMiddleware();
    this.setupRoutes();
  }

  setupSecurityMiddleware() {
    // 1. Helmet - Set security headers
    this.app.use(
      helmet({
        contentSecurityPolicy: {
          directives: {
            defaultSrc: ["'self'"],
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Node.js/Express API Security	Node.js/Express API Security
Python FastAPI Security	Python FastAPI Security
API Gateway Security Configuration	API Gateway Security Configuration

Best Practices

✅ DO

Use HTTPS everywhere
Implement rate limiting
Validate all inputs
Use security headers
Log security events
Implement CORS properly
Use strong authentication
Version your APIs

❌ DON'T

Expose stack traces
Return detailed errors
Trust user input
Use HTTP for APIs
Skip input validation
Ignore rate limiting