What is the recommended versioning approach?

URL path versioning (e.g., /v1, /v2) is recommended for breaking changes; you can combine with header versioning if needed.

Which status codes should I use for common operations?

Use 200 for success reads/updates, 201 for creation, 204 for deletes; 4xx for client errors, 5xx for server errors; 422 for validation errors.

Why use RFC 7807 for errors?

It provides structured, machine-readable error responses with type, title, status, detail, and instance fields, making clients easier to handle.

api-design

npx machina-cli add skill akaszubski/autonomous-dev/api-design --openclaw

Files (1)

SKILL.md

8.6 KB

API Design Skill

REST API design best practices, HTTP conventions, versioning, error handling, and documentation standards.

When This Skill Activates

Designing REST APIs
Creating HTTP endpoints
Writing API documentation
Handling API errors
Implementing pagination
API versioning strategies
Keywords: "api", "rest", "endpoint", "http", "json", "openapi"

Core Concepts

1. REST Principles

RESTful resource design using nouns (not verbs), proper HTTP methods, and hierarchical URL structure.

Key Principles:

Resources are nouns: /users, /posts (not /getUsers, /createPost)
Use HTTP methods correctly: GET (read), POST (create), PUT (replace), PATCH (update), DELETE (remove)
Hierarchical relationships: /users/123/posts for related resources
Keep URLs shallow (max 3 levels)

See: docs/rest-principles.md for detailed examples and patterns

2. HTTP Status Codes

Proper status code usage for success (2xx), client errors (4xx), and server errors (5xx).

Common Codes:

200 OK: Successful GET/PUT/PATCH
201 Created: Successful POST (includes Location header)
204 No Content: Successful DELETE
400 Bad Request: Invalid input
401 Unauthorized: Authentication required
403 Forbidden: Authenticated but not allowed
404 Not Found: Resource doesn't exist
422 Unprocessable: Validation error
429 Too Many Requests: Rate limit exceeded
500 Internal Server Error: Server failure

See: docs/http-status-codes.md for complete reference and examples

3. Error Handling

RFC 7807 Problem Details format for consistent, structured error responses.

Standard Format:

{
  "type": "https://example.com/errors/validation-error",
  "title": "Validation Error",
  "status": 422,
  "detail": "Email address is invalid",
  "instance": "/users",
  "errors": {
    "email": ["Must be a valid email address"]
  }
}

See: docs/error-handling.md for implementation patterns and best practices

4. Request/Response Format

JSON structure conventions for request bodies and response payloads.

Best Practices:

Use snake_case for JSON keys
Include metadata in responses (timestamps, IDs)
Consistent field naming across endpoints
Clear data types and structures

See: docs/request-response-format.md for detailed examples

5. Pagination

Offset-based and cursor-based pagination strategies for large datasets.

Offset-Based (simple, good for small datasets):

GET /users?page=2&limit=20

Cursor-Based (scalable, handles real-time updates):

GET /users?cursor=abc123&limit=20

See: docs/pagination.md for implementation details and trade-offs

6. API Versioning

URL path versioning (recommended) and header-based versioning strategies.

URL Path Versioning:

/v1/users
/v2/users

When to Version:

Breaking changes (removing fields, changing behavior)
New required fields
Changed data types

See: docs/versioning.md for migration strategies and deprecation policies

7. Authentication & Authorization

API key and JWT authentication patterns for securing endpoints.

API Key (simple, good for service-to-service):

Authorization: Bearer sk_live_abc123...

JWT (stateless, good for user authentication):

Authorization: Bearer eyJhbGc...

See: docs/authentication.md for implementation patterns

8. Rate Limiting

Rate limit headers and strategies to prevent abuse.

Standard Headers:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

See: docs/rate-limiting.md for implementation strategies

9. Advanced Features

CORS configuration, filtering, sorting, and search patterns.

Topics:

CORS headers for browser-based clients
Query parameter filtering
Multi-field sorting
Full-text search

See: docs/advanced-features.md for detailed patterns

10. Documentation

OpenAPI/Swagger documentation for API discoverability.

Auto-Generated (FastAPI):

@app.get("/users/{user_id}", response_model=User)
def get_user(user_id: int):
    """Get user by ID"""
    return db.get_user(user_id)

See: docs/documentation.md for OpenAPI specifications

11. Design Patterns

Idempotency, content negotiation, HATEOAS, bulk operations, and webhooks.

Topics:

Idempotency keys for safe retries
Content negotiation (JSON, XML, etc.)
HATEOAS for discoverable APIs
Bulk operations for batch processing
Webhooks for event notifications

See: docs/idempotency-content-negotiation.md and docs/patterns-checklist.md

Quick Reference

Pattern	Use Case	Details
REST Principles	Resource-based URLs	`docs/rest-principles.md`
Status Codes	HTTP response codes	`docs/http-status-codes.md`
Error Handling	RFC 7807 errors	`docs/error-handling.md`
Pagination	Large datasets	`docs/pagination.md`
Versioning	Breaking changes	`docs/versioning.md`
Authentication	API security	`docs/authentication.md`
Rate Limiting	Abuse prevention	`docs/rate-limiting.md`
Documentation	OpenAPI/Swagger	`docs/documentation.md`

API Design Checklist

Before Launch:

See: docs/patterns-checklist.md for complete checklist

Progressive Disclosure

This skill uses progressive disclosure to prevent context bloat:

Index (this file): High-level concepts and quick reference (<500 lines)
Detailed docs: docs/*.md files with implementation details (loaded on-demand)

Available Documentation:

docs/rest-principles.md - RESTful design patterns
docs/http-status-codes.md - Complete status code reference
docs/error-handling.md - Error response patterns
docs/request-response-format.md - JSON structure conventions
docs/pagination.md - Pagination strategies
docs/versioning.md - API versioning patterns
docs/authentication.md - Authentication methods
docs/rate-limiting.md - Rate limiting implementation
docs/advanced-features.md - CORS, filtering, sorting
docs/documentation.md - OpenAPI/Swagger
docs/idempotency-content-negotiation.md - Advanced patterns
docs/patterns-checklist.md - Design checklist and common patterns

Cross-References

Related Skills:

error-handling-patterns - Error handling best practices
security-patterns - API security hardening
python-standards - Python API implementation and documentation standards

Related Libraries:

FastAPI - Python API framework with auto-documentation
Pydantic - Data validation and serialization
JWT libraries - Token-based authentication

Key Takeaways

Resources are nouns: /users, not /getUsers
Use HTTP methods correctly: GET (read), POST (create), PUT (replace), DELETE (remove)
Return proper status codes: 200 (success), 201 (created), 404 (not found), 422 (validation error)
Structured errors: Use RFC 7807 format
Paginate collections: Offset or cursor-based
Version your API: URL path versioning (e.g., /v1/users)
Secure endpoints: API keys or JWT
Rate limit: Prevent abuse
Document thoroughly: OpenAPI/Swagger
Test idempotency: Safe retries for POST/PUT/DELETE

Hard Rules

FORBIDDEN:

Exposing internal IDs or database schema in API responses
Returning 200 for error conditions (use proper HTTP status codes)
APIs without versioning (MUST use URL path versioning like /v1/)
Endpoints that accept unbounded input without pagination or limits

REQUIRED:

All endpoints MUST have consistent error response format ({error, message, code})
All collection endpoints MUST support pagination
All mutations MUST be idempotent or explicitly documented as non-idempotent
Rate limiting MUST be documented in API specification

Source

git clone https://github.com/akaszubski/autonomous-dev/blob/master/plugins/autonomous-dev/skills/api-design/SKILL.mdView on GitHub

Overview

This skill covers RESTful API design using noun-based resources, proper HTTP methods, and hierarchical URLs. It also covers error handling with RFC 7807, pagination strategies, versioning, and OpenAPI documentation to keep APIs consistent and easy to consume.

How This Skill Works

Apply REST principles to define resources and endpoints, annotate them with an OpenAPI spec, implement standard HTTP status codes and RFC 7807 error payloads, and choose an appropriate pagination strategy to support large datasets.

When to Use It

Designing REST APIs
Creating HTTP endpoints
Writing API documentation
Handling API errors
Implementing pagination and versioning

Quick Start

Step 1: Define resources and map nouns to endpoints using standard HTTP methods.
Step 2: Implement pagination, error handling (RFC 7807), and versioning in the path.
Step 3: Generate and publish an OpenAPI spec for your API and keep it up to date.

Best Practices

Design resources as nouns and use proper HTTP methods (GET/POST/PUT/PATCH/DELETE).
Keep URLs shallow and hierarchical (e.g., /users/123/posts).
Use correct status codes and RFC 7807 Problem Details for errors.
Follow snake_case in JSON and include metadata like timestamps and IDs for responses.
Document APIs with an OpenAPI spec and version endpoints clearly (e.g., /v1).

Example Use Cases

GET /users with 200 OK and pagination headers
GET /v2/users and /v2/users/{id} to show versioned APIs
RFC 7807 error example with type, title, status, detail
GET /users?page=2&limit=20 pagination example
OpenAPI documentation for endpoints and schemas

Frequently Asked Questions

Add this skill to your agents