This walks you through hardening your API endpoints against the usual suspects: injection attacks, auth bypasses, rate limit abuse, and data leaks. You get concrete implementations for JWT authentication with refresh tokens, middleware for token verification, parameterized queries to prevent SQL injection, and rate limiting strategies. The examples are production-ready Node.js code, not just theory. It covers the OWASP API Security Top 10 systematically, which is exactly what you need before a security audit or when reviewing legacy endpoints that were built fast and loose. The input validation section alone could save you from a lot of pain, especially the part about sanitizing error messages so you don't leak database structure to attackers.
npx skills add https://github.com/davila7/claude-code-templates --skill api-security-best-practices