frontend-api-client-with-jwt
Build JWT API Clients for Next.js
Frontend teams need one reliable way to attach JWTs, refresh expired tokens, and parse API errors. This skill helps Claude, Codex, and Claude Code design a centralized Next.js client pattern.
Download the skill ZIP
Upload in Claude
Go to Settings → Capabilities → Skills → Upload skill
Toggle on and start using
Agent-readable resources
Use these links when an AI agent, crawler, or script needs clean context instead of reading the full page.
Test it
Using "frontend-api-client-with-jwt". Design a JWT API client for a Next.js dashboard.
Expected outcome:
A structured implementation plan covering client responsibilities, authorization headers, refresh flow decisions, error categories, and integration points.
Using "frontend-api-client-with-jwt". Review whether my frontend should store JWTs in localStorage.
Expected outcome:
A security-focused recommendation that weighs XSS exposure, cookie options, refresh token handling, and application constraints.
Using "frontend-api-client-with-jwt". Define tests for token refresh behavior.
Expected outcome:
A concise test plan for valid tokens, expired tokens, refresh failures, concurrent requests, redirects, and cleanup.
Security Audit
Medium RiskThe static findings are documentation terms in SKILL.md, not executable code, command execution, scanning, or exfiltration behavior. One semantic concern remains: the skill lists localStorage as a JWT storage option without enough warning about XSS exposure, so publication should include a security warning.
Medium Risk Issues (1)
Low Risk Issues (2)
Quality Score
What You Can Build
Standardize API Calls
Create a shared client pattern for headers, request options, and response parsing in a Next.js application.
Plan Auth Refresh Behavior
Define how expired JWTs should refresh, fail, and redirect users when sessions cannot continue.
Review Frontend Auth Design
Check whether an existing API layer handles token storage, errors, and concurrent refresh scenarios consistently.
Try These Prompts
Use this skill to outline a centralized Next.js API client for JWT authentication. Include request headers, error handling, and basic integration steps.
Use this skill to design token expiration checks and refresh behavior for my Next.js API client. Include concurrent request handling and refresh failure behavior.
Use this skill to review my JWT token storage and API error handling plan. Flag XSS exposure, sensitive error leaks, and weak redirect behavior.
Use this skill to evaluate my existing Next.js API client design. Compare it against token attachment, refresh coordination, error parsing, cleanup, and testing expectations.
Best Practices
- Prefer secure, HttpOnly cookie-based storage when the application architecture supports it.
- Centralize authorization headers, refresh behavior, and error parsing in one client layer.
- Test concurrent refresh requests so only one refresh attempt updates shared auth state.
Avoid
- Do not scatter JWT attachment logic across individual components.
- Do not expose raw backend error details directly to users.
- Do not treat localStorage as safe token storage without an XSS threat review.