API Integration Specialist
Provides expert guidance for integrating third-party APIs with robust authentication, error handling, and rate limiting strategies.
Install this skill
Security score
The API Integration Specialist skill was audited on Feb 28, 2026 and we found 32 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 58 | 'Authorization': `Bearer ${apiKey}`, |
Template literal with variable interpolation in command context
| 62 | const response = await fetch(`${baseURL}${endpoint}`, { |
Template literal with variable interpolation in command context
| 79 | const raw = await this.request(`/users/${userId}`); |
Template literal with variable interpolation in command context
| 85 | name: `${raw.first_name} ${raw.last_name}`, |
Template literal with variable interpolation in command context
| 98 | super(`API Error: ${status}`); |
Template literal with variable interpolation in command context
| 218 | 'Authorization': `Bearer ${this.apiKey}`, |
Template literal with variable interpolation in command context
| 229 | fetch(`${this.baseURL}${endpoint}`, options) |
Template literal with variable interpolation in command context
| 237 | return this.request('GET', `/resources/${id}`); |
Template literal with variable interpolation in command context
| 245 | return this.request('PUT', `/resources/${id}`, data); |
Template literal with variable interpolation in command context
| 249 | return this.request('DELETE', `/resources/${id}`); |
Template literal with variable interpolation in command context
| 266 | const response = await apiClient.request('GET', `${endpoint}?${params}`); |
Webhook reference - potential data exfiltration
| 3 | description: Expert in integrating third-party APIs with proper authentication, error handling, rate limiting, and retry logic. Use when integrating REST APIs, GraphQL endpoints, webhooks, or external |
Webhook reference - potential data exfiltration
| 16 | - Setting up webhooks and event-driven integrations |
Webhook reference - potential data exfiltration
| 172 | ### 5. Webhook Handling |
Webhook reference - potential data exfiltration
| 174 | **Webhook Verification:** |
Webhook reference - potential data exfiltration
| 176 | function verifyWebhookSignature(payload, signature, secret) { |
Webhook reference - potential data exfiltration
| 188 | app.post('/webhooks/stripe', express.raw({ type: 'application/json' }), (req, res) => { |
Webhook reference - potential data exfiltration
| 191 | if (!verifyWebhookSignature(req.body, signature, process.env.STRIPE_WEBHOOK_SECRET)) { |
Webhook reference - potential data exfiltration
| 196 | handleWebhookEvent(event); |
Webhook reference - potential data exfiltration
| 285 | - Verify webhook signatures |
Access to .env file
| 29 | apiKey: process.env.SERVICE_API_KEY, |
Access to .env file
| 30 | baseURL: process.env.SERVICE_BASE_URL |
Access to .env file
| 38 | clientId: process.env.CLIENT_ID, |
Access to .env file
| 39 | clientSecret: process.env.CLIENT_SECRET, |
Access to .env file
| 40 | redirectUri: process.env.REDIRECT_URI, |
Access to .env file
| 191 | if (!verifyWebhookSignature(req.body, signature, process.env.STRIPE_WEBHOOK_SECRET)) { |
Access to .env file
| 314 | const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY); |
Access to .env file
| 328 | sgMail.setApiKey(process.env.SENDGRID_API_KEY); |
Access to .env file
| 333 | from: process.env.FROM_EMAIL, |
Access to .env file
| 343 | process.env.TWILIO_ACCOUNT_SID, |
Access to .env file
| 344 | process.env.TWILIO_AUTH_TOKEN |
Access to .env file
| 350 | from: process.env.TWILIO_PHONE_NUMBER, |