hectoday
DocsCoursesChangelog GitHub
DocsCoursesChangelog GitHub

Access Required

Enter your access code to view courses.

Invalid code

← All courses

Securing Your API with @hectoday/http

Harden the auth system you built. Rate limiting, CSRF protection, refresh token rotation, password reset, account lockout, security headers, and logging — all built with plain functions on Hectoday HTTP.

Beginner-Intermediate ~7 hours

The Threat Landscape

  1. What Could Go Wrong
  2. Project Setup

Brute-Force Protection

  1. Rate Limiting Login Attempts
  2. Account Lockout
  3. Timing Attack Prevention

CSRF Protection

  1. What Is CSRF?
  2. CSRF Tokens
  3. CSRF for API Consumers

Token Hardening

  1. Refresh Token Rotation
  2. Token Revocation
  3. Secure Token Storage

Password Reset

  1. The Password Reset Flow
  2. Building the Reset Routes
  3. Reset Security

Putting It All Together

  1. Security Headers
  2. Logging and Monitoring
  3. Security Checklist
  4. Capstone: Hardened Auth API

© 2026 hectoday. All rights reserved.