dmitryprg-ai/api-testing
.cursor/skills/api-testing/SKILL.md
Test API endpoints with proper authorization. Use when testing curl requests, checking API responses, or getting 401 Unauthorized. API requires two auth levels - Basic Auth (nginx) + Session Auth (login). Credentials in .cursor/.secrets/.
$ install --global
skillsauthnpx skillsauth add dmitryprg-ai/cursor-develop-autorules api-testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 2:10 AM5.9s3 files scanned
SKILL.md
- name:
- api-testing
- description:
- Test API endpoints with proper authorization. Use when testing curl requests, checking API responses, or getting 401 Unauthorized. API requires two auth levels - Basic Auth (nginx) + Session Auth (login). Credentials in .cursor/.secrets/.
API Testing
Test API endpoints that require authorization.
Configuration: .cursor/config/project.config.json (site URL, auth settings, test user)
Two Auth Levels
| Level | When needed | Source |
|-------|-------------|--------|
| Basic Auth | All requests (nginx) | Config → auth.basic_auth_file |
| Session Auth | API endpoints (except /health) | Login via /api/auth/login |
Quick Start
Get a session and test:
# Run the helper script
bash .cursor/skills/api-testing/scripts/get-session.sh
# Then use the session for any endpoint
bash .cursor/skills/api-testing/scripts/test-endpoint.sh /api/endpoint?param=value
Manual Process
All values (site URL, credentials paths, test user email) are in project.config.json:
# 1. Read config values
CONFIG=".cursor/config/project.config.json"
SITE_URL=$(jq -r .site_url "$CONFIG")
SECRETS_DIR=$(jq -r .auth.secrets_dir "$CONFIG")
TEST_EMAIL=$(jq -r .auth.test_user_email "$CONFIG")
# 2. Get Basic Auth
BASIC_AUTH=$(jq -r '.user + ":" + .pass' "$SECRETS_DIR/$(jq -r .auth.basic_auth_file "$CONFIG")")
# 3. Decode password and login
PASSWORD=$(jq -r .password "$SECRETS_DIR/$(jq -r .auth.test_user_file "$CONFIG")" | base64 -d)
curl -c /tmp/session.txt -u "$BASIC_AUTH" \
-H "Content-Type: application/json" \
-d '{"email":"'"$TEST_EMAIL"'","password":"'"$PASSWORD"'"}' \
"$SITE_URL/api/auth/login"
# 4. Use session for requests
curl -b /tmp/session.txt -u "$BASIC_AUTH" "$SITE_URL/api/endpoint"
Important
- NEVER hardcode passwords in scripts or output
- ALWAYS clean up:
rm /tmp/session.txtafter testing - Test user is admin with access to all endpoints
- Health endpoint does NOT require session auth (only Basic Auth)
Related Skills
dmitryprg-ai/techdebt-scan
development
VerifiedTrustedCommunity
Scan codebase for technical debt and fix safely with TDD. Use to find oversized files, duplicated code, code smells, and refactor safely. Workflow - SCAN, TEST CASES, REFACTOR, VERIFY. Keywords - techdebt, tech debt, duplicates, code quality audit.
8SKILL.mdUpdated Apr 17, 2026
dmitryprg-ai/tdd-workflow
development
VerifiedTrustedCommunity
Test-Driven Development workflow with strict Red-Green-Refactor cycle. Use when developing features with TDD, writing tests before code, or when test-driven approach is needed. MANDATORY order - test cases table BEFORE code, failing tests BEFORE implementation.
8SKILL.mdUpdated Apr 17, 2026
dmitryprg-ai/session-review
testing
VerifiedTrustedCommunity
Review work session quality and capture improvements. Use at end of session, after large tasks, after series of errors, or when user asks for session review, retrospective, lessons learned. Records improvements to backlog.
8SKILL.mdUpdated Apr 17, 2026
dmitryprg-ai/research
data-ai
VerifiedTrustedCommunity
Analyze data, investigate datasets, work with CSV/parquet/pandas/dataframes. Use when analyzing data, exploring datasets, running experiments, or when user mentions data, analysis, parquet, csv, pandas, dataframe, statistics, investigation.
8SKILL.mdUpdated Apr 17, 2026