api-security-best-practiceslisted

> ⚠️ **AUTHORIZED USE ONLY** — This skill is intended for authorized security professionals only. Use only against systems you own or have explicit written permission to test. Unauthorized use may violate applicable laws. # API Security Best Practices ## Overview Guide developers in building secure APIs by implementing authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities. This skill covers security patterns for REST, GraphQL, and WebSocket APIs. ## When to Use This Skill - Use when designing new API endpoints - Use when securing existing APIs - Use when implementing authentication and authorization - Use when protecting against API attacks (injection, DDoS, etc.) - Use when conducting API security reviews - Use when preparing for security audits - Use when implementing rate limiting and throttling - Use when handling sensitive data in APIs ## How It Works ### Step 1: Authentication & Authorization I'll help you implement secure authentication: - Choose authentication method (JWT, OAuth 2.0, API keys) - Implement token-based authentication - Set up role-based access control (RBAC) - Secure session management - Implement multi-factor authentication (MFA) ### Step 2: Input Validation & Sanitization Protect against injection attacks: - Validate all input data - Sanitize user inputs - Use parameterized queries - Implement request schema validation - Prevent SQL injection, XSS, and command injection ### Step 3: Ra