API Security Prompt Pack - A Developer Guide for Enforcing the OWASP API Top 10 in Agentic Workflows (2026)

What this guide is

This guide defines a prompt pack that developers can use to enforce API security intent when working with coding agents, IDE assistants, and automated test generators.

As APIs are increasingly designed, refactored, and tested by agentic systems, security controls must be expressed in a way that machines can consistently apply. Prompts serve as executable security intent. They shape how agents generate code, review changes, and produce tests.

This prompt pack maps directly to the OWASP API Security Top 10 (2023) and is designed to prevent the most common and most exploitable API failures in an automated development environment.

How to use this prompt pack

These prompts can be used in several ways:

• As a system prompt for an IDE coding agent
• As a repository-level security prompt (for example SECURITY_PROMPT.md)
• As input to CI-based code review agents
• As guidance for test-generation agents
• As guardrails for refactoring and migration tasks

Each prompt is intentionally explicit. Do not paraphrase unless you understand the security implications.

Prompt pack structure

Each section includes:

• Security intent
• Recommended usage
• Copy-paste agent prompt

API1: Broken Object Level Authorization (BOLA)

Security intent

Prevent unauthorized access to objects by enforcing authorization at the data access layer.

Recommended usage

Apply this prompt when generating:

• CRUD endpoints
• Repository or ORM access logic
• Authorization refactors
• Multi-tenant APIs

Agent prompt

Always enforce object-level authorization before accessing or modifying any resource.
Authorization checks must occur at the data access layer and must verify ownership or access rights using authenticated user or tenant context.
Do not rely on request paths, client-supplied identifiers, or post-query filtering for authorization decisions.

API2: Broken Authentication

Security intent

Ensure authentication logic is centralized and token validation is complete and consistent.

Recommended usage

Apply when:

• Implementing authentication middleware
• Integrating OAuth or JWT
• Refactoring auth logic across services

Agent prompt

Use centralized authentication and token validation logic.
Validate issuer, audience, expiration, signature, and required claims for every token.
Reject tokens that are expired, malformed, missing claims, or intended for a different audience.
Do not duplicate authentication logic across services.

API3: Broken Object Property Level Authorization (BOPLA)

Security intent

Prevent exposure or modification of unauthorized object properties.

Recommended usage

Apply when:

• Defining request and response schemas
• Implementing serializers
• Handling partial updates or PATCH requests

Agent prompt

Do not expose all object properties by default.
Use role-specific response models and explicit allowlists for writable fields.
Never bind request bodies directly to domain or persistence models.
Separate read and write schemas to enforce property-level authorization.

API4: Unrestricted Resource Consumption

Security intent

Prevent denial of service and cost abuse caused by automated callers.

Recommended usage

Apply when:

• Designing endpoints with heavy computation
• Implementing pagination or batch operations
• Integrating external services

Agent prompt

Assume all APIs will be called by automated systems.
Add rate limits, quotas, payload size limits, pagination constraints, and timeouts to all endpoints.
Guard expensive operations with stricter limits and defensive defaults.

API5: Broken Function Level Authorization (BFLA)

Security intent

Ensure privileged functionality is not accessible without explicit permission checks.

Recommended usage

Apply when:

• Creating admin or internal endpoints
• Adding operational or support APIs
• Refactoring routing logic

Agent prompt

Treat every endpoint as inaccessible by default.
Apply explicit role and permission checks to all functions.
Do not assume access based on route naming, folder structure, or documentation.
Include tests that invoke privileged endpoints as non-privileged users.

API6: Unrestricted Access to Sensitive Business Flows

Security intent

Protect business logic from automation, abuse, and replay.

Recommended usage

Apply when:

• Implementing onboarding, payments, promotions, or reset flows
• Designing multi-step workflows
• Adding new business-critical endpoints

Agent prompt

Identify sensitive business flows and protect them against automation and abuse.
Add flow-specific rate limits, velocity controls, checkpoints, and step-up authentication where appropriate.
Design for abuse scenarios, not just functional correctness.

API7: Server-Side Request Forgery (SSRF)

Security intent

Prevent APIs from making unsafe outbound requests.

Recommended usage

Apply when:

• Fetching URLs
• Integrating webhooks
• Building proxy or connector services

Agent prompt

Never fetch user-supplied URLs without strict validation.
Enforce allowlists for outbound destinations.
Block internal IP ranges and metadata endpoints.
Disable redirect following unless explicitly required and validated.

API8: Security Misconfiguration

Security intent

Eliminate insecure defaults and prevent debug features from leaking into production.

Recommended usage

Apply when:

• Managing environment configuration
• Building deployment pipelines
• Adding feature flags or debug modes

Agent prompt

Use secure configuration defaults.
Do not expose debug, test, or admin features in production.
Treat configuration as code and flag permissive settings during generation and review.

API9: Improper Inventory Management

Security intent

Prevent forgotten or deprecated APIs from remaining exposed.

Recommended usage

Apply when:

• Introducing new APIs
• Versioning endpoints
• Decommissioning features

Agent prompt

Do not introduce new APIs without ownership, documentation, and lifecycle controls.
Track API versions and environments explicitly.
Flag deprecated or unused endpoints for removal and do not leave legacy versions exposed.

API10: Unsafe Consumption of APIs

Security intent

Prevent cascading failures caused by trusting third-party APIs.

Recommended usage

Apply when:

• Integrating SaaS APIs
• Consuming partner services
• Handling external data ingestion

Agent prompt

Treat all external API responses as untrusted input.
Validate response schemas, enforce timeouts, retries, and throttling.
Monitor for abnormal response patterns and handle unexpected data safely.

Recommended baseline system prompt (optional)

You can prepend this to any coding agent session:

You are generating and reviewing API code in an environment where APIs are consumed by automated and agentic systems.
Prioritize security correctness over convenience.
Follow the API Security Prompt Pack and enforce OWASP API Top 10 controls by default.
If a design choice creates ambiguity in authorization, validation, or exposure, choose the safer option and explain the tradeoff.

Final note for developers

Agentic workflows do not remove responsibility from developers. They compress time and amplify impact. Prompts are how developers encode judgment, constraints, and security intent so automation works with them rather than against them.

This prompt pack is not about trusting agents more.
It is about making sure they cannot accidentally do the wrong thing faster.

‍