api-authentication

Implement secure API authentication with JWT, OAuth 2.0, API keys, and session management. Use when securing APIs, managing tokens, or implementing user authentication flows.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "api-authentication" with this command: npx skills add aj-geddes/useful-ai-prompts/aj-geddes-useful-ai-prompts-api-authentication

API Authentication

Table of Contents

Overview

Implement comprehensive authentication strategies for APIs including JWT tokens, OAuth 2.0, API keys, and session management with proper security practices.

When to Use

  • Securing API endpoints
  • Implementing user login/logout flows
  • Managing access tokens and refresh tokens
  • Integrating OAuth 2.0 providers
  • Protecting sensitive data
  • Implementing API key authentication

Quick Start

Minimal working example:

// Node.js JWT Implementation
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');

const app = express();
const SECRET_KEY = process.env.JWT_SECRET || 'your-secret-key';
const REFRESH_SECRET = process.env.REFRESH_SECRET || 'your-refresh-secret';

// User login endpoint
app.post('/api/auth/login', async (req, res) => {
  try {
    const { email, password } = req.body;

    // Find user in database
    const user = await User.findOne({ email });
    if (!user) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    // Verify password
    const isValid = await bcrypt.compare(password, user.password);
    if (!isValid) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

GuideContents
JWT AuthenticationJWT Authentication
OAuth 2.0 ImplementationOAuth 2.0 Implementation
API Key AuthenticationAPI Key Authentication
Python Authentication ImplementationPython Authentication Implementation

Best Practices

✅ DO

  • Use HTTPS for all authentication
  • Store tokens securely (HttpOnly cookies)
  • Implement token refresh mechanism
  • Set appropriate token expiration times
  • Hash and salt passwords
  • Use strong secret keys
  • Validate tokens on every request
  • Implement rate limiting on auth endpoints
  • Log authentication attempts
  • Rotate secrets regularly

❌ DON'T

  • Store passwords in plain text
  • Send tokens in URL parameters
  • Use weak secret keys
  • Store sensitive data in JWT payload
  • Ignore token expiration
  • Disable HTTPS in production
  • Log sensitive tokens
  • Reuse API keys across services
  • Store credentials in code

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

nodejs-express-server

No summary provided by upstream source.

Repository SourceNeeds Review
507-aj-geddes
General

markdown-documentation

No summary provided by upstream source.

Repository SourceNeeds Review
454-aj-geddes
General

rest-api-design

No summary provided by upstream source.

Repository SourceNeeds Review
416-aj-geddes
General

architecture-diagrams

No summary provided by upstream source.

Repository SourceNeeds Review
372-aj-geddes