designing-apis
Scannednpx machina-cli add skill CloudAI-X/claude-workflow-v2/designing-apis --openclawFiles (1)
SKILL.md
4.8 KB
Designing APIs
When to Load
- Trigger: Designing REST or GraphQL endpoints, API contracts, versioning, request/response formats
- Skip: Internal-only code with no API surface
API Design Workflow
Copy this checklist and track progress:
API Design Progress:
- [ ] Step 1: Define resources and relationships
- [ ] Step 2: Design endpoint structure
- [ ] Step 3: Define request/response formats
- [ ] Step 4: Plan error handling
- [ ] Step 5: Add authentication/authorization
- [ ] Step 6: Document with OpenAPI spec
- [ ] Step 7: Validate design against checklist
REST API Design
URL Structure
# Resource-based URLs (nouns, not verbs)
GET /users # List users
GET /users/:id # Get user
POST /users # Create user
PUT /users/:id # Replace user
PATCH /users/:id # Update user
DELETE /users/:id # Delete user
# Nested resources
GET /users/:id/orders # User's orders
POST /users/:id/orders # Create order for user
# Query parameters for filtering/pagination
GET /users?role=admin&status=active
GET /users?page=2&limit=20&sort=-createdAt
HTTP Status Codes
| Code | Meaning | Use Case |
|---|---|---|
| 200 | OK | Successful GET, PUT, PATCH |
| 201 | Created | Successful POST |
| 204 | No Content | Successful DELETE |
| 400 | Bad Request | Invalid input |
| 401 | Unauthorized | Missing/invalid auth |
| 403 | Forbidden | Valid auth, no permission |
| 404 | Not Found | Resource doesn't exist |
| 409 | Conflict | Duplicate, state conflict |
| 422 | Unprocessable | Validation failed |
| 429 | Too Many Requests | Rate limited |
| 500 | Internal Error | Server error |
Response Formats
Success Response:
{
"data": {
"id": "123",
"type": "user",
"attributes": {
"name": "John Doe",
"email": "john@example.com"
}
},
"meta": {
"requestId": "abc-123"
}
}
List Response with Pagination:
{
"data": [...],
"meta": {
"total": 100,
"page": 1,
"limit": 20,
"totalPages": 5
},
"links": {
"self": "/users?page=1",
"next": "/users?page=2",
"last": "/users?page=5"
}
}
Error Response:
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid input data",
"details": [
{
"field": "email",
"message": "Must be a valid email address"
}
]
},
"meta": {
"requestId": "abc-123"
}
}
API Versioning
URL Versioning (Recommended):
/api/v1/users
/api/v2/users
Header Versioning:
Accept: application/vnd.api+json; version=1
Authentication Patterns
JWT Bearer Token:
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
API Key:
X-API-Key: your-api-key
Rate Limiting Headers
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1609459200
Retry-After: 60
GraphQL Patterns
Schema Design:
type Query {
user(id: ID!): User
users(filter: UserFilter, pagination: Pagination): UserConnection!
}
type Mutation {
createUser(input: CreateUserInput!): UserPayload!
updateUser(id: ID!, input: UpdateUserInput!): UserPayload!
}
type User {
id: ID!
name: String!
email: String!
orders(first: Int, after: String): OrderConnection!
}
input CreateUserInput {
name: String!
email: String!
}
type UserPayload {
user: User
errors: [Error!]
}
OpenAPI Specification Template
See OPENAPI-TEMPLATE.md for the full OpenAPI 3.0 specification template.
API Design Validation
After completing the design, validate against this checklist:
Validation Checklist:
- [ ] All endpoints use nouns, not verbs
- [ ] HTTP methods match operations correctly
- [ ] Consistent response format across endpoints
- [ ] Error responses include actionable details
- [ ] Pagination implemented for list endpoints
- [ ] Authentication defined for protected endpoints
- [ ] Rate limiting headers documented
- [ ] OpenAPI spec is complete and valid
If validation fails, return to the relevant design step and address the issues.
Security Checklist
- HTTPS only
- Authentication on all endpoints
- Authorization checks
- Input validation
- Rate limiting
- Request size limits
- CORS properly configured
- No sensitive data in URLs
- Audit logging
Source
git clone https://github.com/CloudAI-X/claude-workflow-v2/blob/main/skills/designing-apis/SKILL.mdView on GitHub Overview
This skill guides you through designing REST and GraphQL APIs, covering endpoints, error handling, versioning, and documentation. It helps you define resources, plan request/response formats, and validate designs against API contracts. Emphasizing clear URL structures, consistent status codes, and OpenAPI documentation ensures robust, learnable APIs.
How This Skill Works
Follow a structured API Design Workflow to define resources and relationships, design endpoint structures, specify request/response formats, plan error handling, and add authentication. It combines REST URL conventions, HTTP status code usage, GraphQL schema patterns, and OpenAPI-based documentation to produce a contract-first API design that can be implemented reliably.
When to Use It
- Designing REST or GraphQL endpoints for a new API
- Drafting API contracts including request/response formats
- Planning versioning and upgrade paths for an API
- Documenting APIs with OpenAPI specifications
- Reviewing designs against a checklist and validating patterns
Quick Start
- Step 1: Define resources and relationships
- Step 2: Design endpoint structure with HTTP methods and paths
- Step 3: Document the API using OpenAPI and validate against the design
Best Practices
- Define resources and relationships before designing endpoints
- Use resource-based URLs (nouns) and avoid verbs in paths
- Explicitly specify request/response formats and error handling
- Plan authentication/authorization early in the design
- Document with OpenAPI and validate the design against a checklist
Example Use Cases
- Design a users service with endpoints like /users, /users/:id, and nested /users/:id/orders
- Create a GraphQL schema with Query and Mutation types to manage users and orders
- Version an API using /api/v1/... and /api/v2/... paths
- Implement a consistent error response schema across endpoints
- Generate and maintain an OpenAPI spec derived from the design
Frequently Asked Questions
Add this skill to your agents
