dmitryprg-ai/api-testing
.claude/skills/api-testing/SKILL.md
Test API endpoints with proper authorization including Basic Auth and session cookies. Use when testing curl requests, checking API responses, getting 401 Unauthorized, session expired errors, or verifying endpoint behavior after changes.
$ install --global
skillsauthnpx skillsauth add dmitryprg-ai/cursor-develop-autorules api-testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 2:10 AM7.9s4 files scanned
SKILL.md
- name:
- api-testing
- description:
- Test API endpoints with proper authorization including Basic Auth and session cookies. Use when testing curl requests, checking API responses, getting 401 Unauthorized, session expired errors, or verifying endpoint behavior after changes.
- allowed-tools:
- Bash, Read
- model:
- sonnet
- user-invocable:
- true
API Testing
Test API endpoints that require authorization.
Configuration: .cursor/config/project.config.json
Why Two Auth Levels
The API uses layered security: nginx handles Basic Auth for all requests (keeping the site private), while the application handles Session Auth for user-specific data. Health endpoint is exempt from session auth so monitoring tools can check availability without logging in.
| Level | Scope | Source |
|-------|-------|--------|
| Basic Auth | All requests (nginx layer) | Config: auth.basic_auth_file |
| Session Auth | API endpoints except /health | Login via /api/auth/login |
Quick Start
# Get a session
bash ${CLAUDE_SKILL_DIR}/scripts/get-session.sh
# Test any endpoint
bash ${CLAUDE_SKILL_DIR}/scripts/test-endpoint.sh /api/endpoint?param=value
Manual Process
# 1. Read config
CONFIG=".cursor/config/project.config.json"
SITE_URL=$(jq -r .site_url "$CONFIG")
SECRETS_DIR=$(jq -r .auth.secrets_dir "$CONFIG")
TEST_EMAIL=$(jq -r .auth.test_user_email "$CONFIG")
# 2. Get Basic Auth
BASIC_AUTH=$(jq -r '.user + ":" + .pass' "$SECRETS_DIR/$(jq -r .auth.basic_auth_file "$CONFIG")")
# 3. Login to get session
PASSWORD=$(jq -r .password "$SECRETS_DIR/$(jq -r .auth.test_user_file "$CONFIG")" | base64 -d)
curl -c /tmp/session.txt -u "$BASIC_AUTH" \
-H "Content-Type: application/json" \
-d '{"email":"'"$TEST_EMAIL"'","password":"'"$PASSWORD"'"}' \
"$SITE_URL/api/auth/login"
# 4. Use session for requests
curl -b /tmp/session.txt -u "$BASIC_AUTH" "$SITE_URL/api/endpoint"
Important
- Never hardcode passwords in scripts or output — they change and leak
- Clean up after testing:
rm /tmp/session.txt - Test user has admin access to all endpoints
- Health endpoint only needs Basic Auth (no session required)
Related Skills
dmitryprg-ai/techdebt-scan
development
VerifiedTrustedCommunity
Scan codebase for technical debt and fix safely with TDD. Use to find oversized files, duplicated code, code smells, and refactor safely. Workflow - SCAN, TEST CASES, REFACTOR, VERIFY. Keywords - techdebt, tech debt, duplicates, code quality audit.
8SKILL.mdUpdated Apr 17, 2026
dmitryprg-ai/tdd-workflow
development
VerifiedTrustedCommunity
Test-Driven Development workflow with strict Red-Green-Refactor cycle. Use when developing features with TDD, writing tests before code, or when test-driven approach is needed. MANDATORY order - test cases table BEFORE code, failing tests BEFORE implementation.
8SKILL.mdUpdated Apr 17, 2026
dmitryprg-ai/session-review
testing
VerifiedTrustedCommunity
Review work session quality and capture improvements. Use at end of session, after large tasks, after series of errors, or when user asks for session review, retrospective, lessons learned. Records improvements to backlog.
8SKILL.mdUpdated Apr 17, 2026
dmitryprg-ai/research
data-ai
VerifiedTrustedCommunity
Analyze data, investigate datasets, work with CSV/parquet/pandas/dataframes. Use when analyzing data, exploring datasets, running experiments, or when user mentions data, analysis, parquet, csv, pandas, dataframe, statistics, investigation.
8SKILL.mdUpdated Apr 17, 2026