Security (Recommended)

Rate limiting, protected API routes, hardened auth, input validation, and a Bug Hunt & Security Prompt to uncover and fix issues fast.

Even with auth and best practices in place, security needs continuous attention. Here we add edge rate limiting for API routes to reduce abuse and protect resources.

Setup

Get your API Key:
- Sign up at upstash.com
- Create a new Redis database
- Copy your REST URL and REST TOKEN

Add environment variables to .env:

UPSTASH_REDIS_REST_URL="https://..."
UPSTASH_REDIS_REST_TOKEN="..."

Install packages:

npm install @upstash/redis @upstash/ratelimit

Middleware file:
Go middleware.ts in your project root (same level as the /app folder). Uncomment the rate limiting code. Add your API endpoints to protect them at the edge. Example: /api/one and /api/two.

How it works

Redis connects to Upstash using REST credentials from your .env
Ratelimit.slidingWindow(5, '60 s') allows 5 requests per IP per minute
getIpKey extracts the best available client IP from standard headers
config.matcher selects which routes the middleware applies to. Add your API endpoints to protect them at the edge.

Bug hunt & Security Prompt (PRO ONLY)

Your core security setup is in place. The Bug Hunt & Security Prompt guides an automated, thorough audit across your codebase and returns precise, production-safe fixes (after complete your development use this prompt).

What you get (extra protection)

Middleware hardening: Checks and guidance to prevent edge auth/rate-limit bypasses (incl. header spoofing).
Auth review: NextAuth configuration sanity checks (cookies, callbacks, session strategy, error paths).
Input validation: Patterns and utilities to defend against XSS, SQL/NoSQL injection, and unsafe headers.
RSC & Server Actions: Verifies authentication and data boundaries in React Server Components/Actions.
API route policy: Ensures protected routes enforce auth, rate limits, and schema validation.
Secrets hygiene: Detects accidental client exposure of process.env values and hardcoded tokens.
Observability: Structured logging recommendations with sensitive data redaction and error correlation.
Perf guardrails: Flags heavy client bundles, missing dynamic imports, and image optimization gaps.
And much more...

Go to Prompt Library → Bug Hunt, copy the prompt and paste it into your AI code editor.

Security (Recommended)

Rate limiting, protected API routes, hardened auth, input validation, and a Bug Hunt & Security Prompt to uncover and fix issues fast.

Even with auth and best practices in place, security needs continuous attention. Here we add edge rate limiting for API routes to reduce abuse and protect resources.

Setup

Get your API Key:
- Sign up at upstash.com
- Create a new Redis database
- Copy your REST URL and REST TOKEN

Add environment variables to .env:

UPSTASH_REDIS_REST_URL="https://..."
UPSTASH_REDIS_REST_TOKEN="..."

Install packages:

npm install @upstash/redis @upstash/ratelimit

Middleware file:
Go middleware.ts in your project root (same level as the /app folder). Uncomment the rate limiting code. Add your API endpoints to protect them at the edge. Example: /api/one and /api/two.

How it works

Redis connects to Upstash using REST credentials from your .env
Ratelimit.slidingWindow(5, '60 s') allows 5 requests per IP per minute
getIpKey extracts the best available client IP from standard headers
config.matcher selects which routes the middleware applies to. Add your API endpoints to protect them at the edge.

Bug hunt & Security Prompt (PRO ONLY)

What you get (extra protection)

Middleware hardening: Checks and guidance to prevent edge auth/rate-limit bypasses (incl. header spoofing).
Auth review: NextAuth configuration sanity checks (cookies, callbacks, session strategy, error paths).
Input validation: Patterns and utilities to defend against XSS, SQL/NoSQL injection, and unsafe headers.
RSC & Server Actions: Verifies authentication and data boundaries in React Server Components/Actions.
API route policy: Ensures protected routes enforce auth, rate limits, and schema validation.
Secrets hygiene: Detects accidental client exposure of process.env values and hardcoded tokens.
Observability: Structured logging recommendations with sensitive data redaction and error correlation.
Perf guardrails: Flags heavy client bundles, missing dynamic imports, and image optimization gaps.
And much more...

Go to Prompt Library → Bug Hunt, copy the prompt and paste it into your AI code editor.

StartKit Pro

Security (Recommended)

Setup

How it works

Bug hunt & Security Prompt (PRO ONLY)

What you get (extra protection)

StartKit Pro

Security (Recommended)

Setup

How it works

Bug hunt & Security Prompt (PRO ONLY)

What you get (extra protection)