jbvc/api-patterns
API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
67
Quality
67%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Passed
No known issues
auth.md
Authentication Patterns
Choose auth pattern based on use case.
Selection Guide
| Pattern | Best For |
|---|---|
| JWT | Stateless, microservices |
| Session | Traditional web, simple |
| OAuth 2.0 | Third-party integration |
| API Keys | Server-to-server, public APIs |
| Passkey | Modern passwordless (2025+) |
JWT Principles
Important:
├── Always verify signature
├── Check expiration
├── Include minimal claims
├── Use short expiry + refresh tokens
└── Never store sensitive data in JWT