backend-core

Name: backend-core
Rating: 8.8 (40 reviews)
Author: timequity

by timequity60GitHub

Provides language-agnostic backend patterns covering API design, authentication, security, and databases. Includes decision trees for choosing API types and auth methods, security best practices, and database schema patterns. Focuses on practical implementation guidance rather than theoretical concepts.

Unlock Deep Analysis

Use AI to visualize the workflow and generate a realistic output preview for this skill.

Target Audience

Backend developers designing new systems or reviewing existing implementations, particularly those working across multiple languages or frameworks

10/10Security

Low security risk, safe to use

Clarity

Practicality

Quality

Maintainability

Innovation

Backend

api-designauthenticationdatabasesecuritybackend-patterns

Compatible Agents

Claude Code

~/.claude/skills/

Codex CLI

~/.codex/skills/

Gemini CLI

~/.gemini/skills/

OpenCode

~/.opencode/skills/

OpenClaw

~/.openclaw/skills/

GitHub Copilot

~/.copilot/skills/

Cursor

~/.cursor/skills/

Windsurf

~/.codeium/windsurf/skills/

Cline

~/.cline/skills/

Roo Code

~/.roo/skills/

Kiro

~/.kiro/skills/

Junie

~/.junie/skills/

Augment Code

~/.augment/skills/

Warp

~/.warp/skills/

Goose

~/.config/goose/skills/

SKILL.md

Backend Core Patterns

Quick Reference

Topic	When to Use	Reference
API Design	REST/GraphQL/gRPC endpoints	api-design.md
Authentication	JWT, OAuth, sessions, magic links	authentication.md
Security	Input validation, OWASP, rate limiting	security.md
Databases	Schema design, migrations, queries	databases.md

API Design Decision Tree

What type of API?
├─ Public API → REST + OpenAPI spec
├─ Internal microservices → gRPC (performance) or REST (simplicity)
├─ Real-time → WebSocket or SSE
└─ Complex queries → GraphQL

Auth Decision Tree

Auth method?
├─ SPA/Mobile → JWT (access + refresh tokens)
├─ Server-rendered → Session cookies
├─ Third-party login → OAuth 2.0 / OIDC
├─ Passwordless → Magic link (email) or WebAuthn
└─ API-to-API → API keys or mTLS

Security Essentials

Always:

Validate all inputs at boundaries
Use parameterized queries (never string concat SQL)
Hash passwords with bcrypt/argon2 (cost ≥ 10)
HTTPS everywhere, HSTS headers
Rate limit auth endpoints

Never:

Store secrets in code or git
Trust client-side validation alone
Log sensitive data (passwords, tokens, PII)
Use MD5/SHA1 for passwords

Database Patterns

Schema design:
├─ Start normalized (3NF)
├─ Denormalize only for proven bottlenecks
├─ Always have created_at, updated_at
├─ Use UUIDs for public IDs, integers for internal FKs
└─ Soft delete (deleted_at) for important data

Anti-patterns

Don't	Do Instead
N+1 queries	Eager load / batch queries
SELECT *	Select only needed columns
No indexes on WHERE/JOIN columns	Add indexes
Storing files in DB	Use object storage (S3, R2)
God objects	Bounded contexts, single responsibility

Source: https://github.com/timequity/plugins#vibe-coder~skills~backend-core

Content curated from original sources, copyright belongs to authors

Grade A

8.8AI Score

Best Practices

Checking...

Try this Skill

User Rating

USER RATING

0UP

0DOWN

Loading files...

WORKS WITH

Claude

Codex

Gemini