webflow-security-basics

Solid

Apply Webflow API security best practices — token management, scope least privilege, OAuth 2.0 secret rotation, webhook signature verification, and audit logging. Use when securing API tokens, implementing least privilege access, or auditing Webflow security configuration. Trigger with phrases like "webflow security", "webflow secrets", "secure webflow", "webflow API key security", "webflow token rotation".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Webflow Security Basics ## Overview Security best practices for Webflow Data API v2 tokens, OAuth secrets, webhook verification, and access control. Covers the full lifecycle from token creation to rotation and revocation. ## Prerequisites - Webflow developer account at `developers.webflow.com` - Understanding of environment variables - Secret management solution (vault, cloud secret manager, etc.) ## Instructions ### Step 1: Token Types and Selection | Token Type | Scope | Best For | |------------|-------|----------| | **Workspace Token** | All sites in workspace | Internal tools, scripts | | **Site Token** | Single site only | Single-site integrations | | **OAuth Access Token** | User-authorized scopes | Public apps, marketplace apps | **Rule: Never use a workspace token where a site token would suffice.** ### Step 2: Least Privilege Scopes Only request scopes your integration actually needs: | Operation | Minimum Scope | |-----------|--------------| | Read site info | `sites:read` | | Publish site | `sites:write` | | Read CMS content | `cms:read` | | Create/update CMS items | `cms:write` | | Read pages | `pages:read` | | Read form submissions | `forms:read` | | Read products/orders | `ecommerce:read` | | Create products, fulfill orders | `ecommerce:write` | ```typescript // Example: Read-only integration needs only these scopes const READ_ONLY_SCOPES = "sites:read cms:read pages:read forms:read"; // CMS sync integration const CMS_SYNC_SCOPES = "sites:read cm...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

webflow-install-auth

Install the Webflow JS SDK (webflow-api) and configure OAuth 2.0 or API token authentication. Use when setting up a new Webflow integration, configuring access tokens, or initializing the WebflowClient in your project. Trigger with phrases like "install webflow", "setup webflow", "webflow auth", "configure webflow API token", "webflow OAuth".

2,266 Updated today
jeremylongshore
AI & Automation Featured

hubspot-security-basics

Apply HubSpot security best practices for tokens, scopes, and webhook verification. Use when securing private app tokens, implementing least privilege scopes, or validating HubSpot webhook signatures. Trigger with phrases like "hubspot security", "hubspot token rotation", "secure hubspot", "hubspot scopes", "hubspot webhook verify".

2,266 Updated today
jeremylongshore
AI & Automation Solid

webflow-enterprise-rbac

Configure Webflow enterprise access control — OAuth 2.0 app authorization, scope-based RBAC, per-site token isolation, workspace member management, and audit logging for compliance. Trigger with phrases like "webflow RBAC", "webflow enterprise", "webflow roles", "webflow permissions", "webflow OAuth scopes", "webflow access control", "webflow workspace members".

2,266 Updated today
jeremylongshore
AI & Automation Featured

figma-security-basics

Secure Figma API tokens, configure scopes, and validate webhook signatures. Use when securing API keys, implementing least-privilege scopes, or auditing Figma security configuration. Trigger with phrases like "figma security", "figma secrets", "secure figma token", "figma scopes", "figma webhook verify".

2,266 Updated today
jeremylongshore
AI & Automation Featured

adobe-security-basics

Apply Adobe security best practices for OAuth credentials, secret rotation, I/O Events webhook signature verification, and least-privilege scoping. Use when securing API credentials, implementing webhook validation, or auditing Adobe security configuration. Trigger with phrases like "adobe security", "adobe secrets", "secure adobe", "adobe credential rotation", "adobe webhook signature".

2,266 Updated today
jeremylongshore