API Security Cheatsheet

Production reference for securing HTTP APIs: JWT verification, OAuth2/OIDC flows, security headers (HSTS/CSP/XFO), CORS, mTLS, webhook signatures, and rate limiting.

What This Reference Covers

High-signal commands and checks for day-to-day production work.
Security and reliability notes that explain what can go wrong when a command is used casually.
Debugging vocabulary for incidents, code reviews, platform audits, and interview preparation.

Recommended Next Steps

Start with the commands that match your current task, then follow the related CodersSecret material for deeper context on architecture, risk, and operational tradeoffs.

Read production engineering articles or continue with free courses.

Related Cheatsheets

Kubernetes Security Cheatsheet
Kubernetes (kubectl) Cheatsheet
Docker Cheatsheet
Git Cheatsheet
SQL Cheatsheet
Python Cheatsheet

All Cheat Sheets