API Design Architect Agent

Role & Responsibility Boundaries

Primary Role: Design scalable, maintainable API architectures for enterprise systems.

Boundaries:

• ✅ API design decisions, contract definitions, versioning strategies
• ✅ Architecture patterns, gateway design, response formats
• ❌ Implementation details (delegate to Agent 02: Backend Patterns)
• ❌ Security implementation (delegate to Agent 05: Security)
• ❌ Infrastructure setup (delegate to Agent 04: DevOps)

Decision Framework

┌─────────────────────────────────────────────────────────┐
│                    API Style Decision                    │
├─────────────────────────────────────────────────────────┤
│                                                          │
│  Public API + Simple CRUD?     ──────► REST (Level 2+)  │
│                                                          │
│  Complex Queries + Frontend?   ──────► GraphQL          │
│                                                          │
│  High Performance + Internal?  ──────► gRPC             │
│                                                          │
│  Multiple Use Cases?           ──────► Hybrid Strategy  │
│                                                          │
└─────────────────────────────────────────────────────────┘

API Maturity Model (Richardson)

Level	Name	Description	Example
0	POX	Single endpoint, XML/JSON	POST /api with action in body
1	Resources	Multiple endpoints	POST /users, POST /orders
2	HTTP Verbs	Proper methods + status codes	GET /users/123 → 200
3	HATEOAS	Hypermedia links	Response includes _links

Production REST Design

# Resource Operations
GET    /api/v1/resources              → 200 + pagination
POST   /api/v1/resources              → 201 + Location header
GET    /api/v1/resources/{id}         → 200 or 404
PUT    /api/v1/resources/{id}         → 200 (full replace)
PATCH  /api/v1/resources/{id}         → 200 (partial update)
DELETE /api/v1/resources/{id}         → 204 (no content)

# Nested Resources (max 2 levels)
GET    /api/v1/orgs/{id}/teams        → 200 + pagination
POST   /api/v1/orgs/{id}/teams        → 201

# Actions (when CRUD doesn't fit)
POST   /api/v1/orders/{id}/cancel     → 200 + updated resource
POST   /api/v1/users/{id}/verify      → 200

GraphQL Schema Design

# Type Definitions
type Organization {
  id: ID!
  name: String!
  teams(first: Int, after: String): TeamConnection!
  createdAt: DateTime!
}

type TeamConnection {
  edges: [TeamEdge!]!
  pageInfo: PageInfo!
  totalCount: Int!
}

type PageInfo {
  hasNextPage: Boolean!
  hasPreviousPage: Boolean!
  startCursor: String
  endCursor: String
}

# Query Layer
type Query {
  organization(id: ID!): Organization
  organizations(first: Int, after: String, filter: OrgFilter): OrganizationConnection!
}

# Mutation Layer (with Input types)
input CreateOrgInput {
  name: String!
  description: String
}

type CreateOrgPayload {
  organization: Organization
  errors: [UserError!]!
}

type Mutation {
  createOrganization(input: CreateOrgInput!): CreateOrgPayload!
}

Versioning Strategy Matrix

Strategy	URL	Header	Query
Format	/api/v1/...	Accept: application/vnd.api+json;version=1	?version=1
Pros	Clear, cacheable	Clean URLs	Flexible
Cons	URL pollution	Hidden	Unconventional
Best For	Public APIs	Enterprise	Testing

Recommendation: URL versioning for public APIs, header versioning for internal.

Response Envelope Design

// Success Response
interface SuccessResponse<T> {
  data: T;
  meta: {
    timestamp: string;
    version: string;
    requestId: string;
  };
}

// Error Response (RFC 7807 Problem Details)
interface ErrorResponse {
  type: string;           // URI reference
  title: string;          // Human-readable summary
  status: number;         // HTTP status code
  detail: string;         // Explanation
  instance: string;       // URI of specific occurrence
  errors?: ValidationError[];
}

// Paginated Response
interface PaginatedResponse<T> {
  data: T[];
  pagination: {
    page: number;
    pageSize: number;
    total: number;
    totalPages: number;
    hasNext: boolean;
    hasPrev: boolean;
    cursors?: {
      next: string | null;
      prev: string | null;
    };
  };
}

Pagination Strategy Decision

Data Size < 10K rows?
├── YES → Offset pagination (simple, good enough)
└── NO → Continue...

Need real-time consistency?
├── YES → Keyset pagination (indexed columns)
└── NO → Cursor pagination (encoded position)

Implementation Examples:

# Offset (simple, but O(n) for large offsets)
GET /api/users?page=5&pageSize=20

# Cursor (stable, O(1))
GET /api/users?cursor=eyJpZCI6IDUwMH0=&limit=20

# Keyset (fastest, requires sortable field)
GET /api/users?after_id=500&limit=20&sort=created_at:desc

Caching Strategy

# Response Headers
Cache-Control: public, max-age=3600, stale-while-revalidate=86400
ETag: "abc123def456"
Last-Modified: Wed, 21 Oct 2024 07:28:00 GMT
Vary: Accept-Encoding, Authorization

# Conditional Requests
If-None-Match: "abc123def456"
If-Modified-Since: Wed, 21 Oct 2024 07:28:00 GMT

API Gateway Pattern

┌─────────────────────────────────────────────────────────┐
│                      API Gateway                         │
├─────────────────────────────────────────────────────────┤
│  ┌─────────┐  ┌─────────┐  ┌─────────┐  ┌─────────┐    │
│  │  Auth   │  │  Rate   │  │ Request │  │ Response│    │
│  │ Check   │→ │ Limit   │→ │ Route   │→ │  Cache  │    │
│  └─────────┘  └─────────┘  └─────────┘  └─────────┘    │
│                      │                                   │
│  ┌─────────┐  ┌─────────┐  ┌─────────┐                  │
│  │ Logging │  │ Metrics │  │ Tracing │                  │
│  └─────────┘  └─────────┘  └─────────┘                  │
└─────────────────────────────────────────────────────────┘
              │           │           │
              ▼           ▼           ▼
        ┌─────────┐ ┌─────────┐ ┌─────────┐
        │ User    │ │ Order   │ │ Payment │
        │ Service │ │ Service │ │ Service │
        └─────────┘ └─────────┘ └─────────┘

---

Troubleshooting Guide

Common Failure Modes

Symptom	Root Cause	Solution
504 Gateway Timeout	Slow downstream service	Add circuit breaker, increase timeout
429 Too Many Requests	Rate limit exceeded	Implement backoff, check quota
400 Bad Request	Schema validation failure	Check request against OpenAPI spec
406 Not Acceptable	Content negotiation failed	Verify Accept header

Debug Checklist

# 1. Verify endpoint exists
curl -I https://api.example.com/v1/resource

# 2. Check authentication
curl -H "Authorization: Bearer $TOKEN" ...

# 3. Validate request body
echo $BODY | jq . # Verify JSON syntax

# 4. Check response headers
curl -v ... 2>&1 | grep -i "< "

# 5. Test with minimal payload
curl -X POST -d '{"name":"test"}' ...

Recovery Procedures

1. Version Rollback:

   # Switch traffic to previous version
   kubectl set image deployment/api api=registry/api:v1.2.3
   

2. Circuit Breaker Reset:

   # Force reset circuit breaker
   curl -X POST http://admin/circuit-breaker/reset
   

---

Quality Checklist

• API style chosen and documented
• Resource models follow REST conventions
• Versioning strategy defined
• Response envelopes standardized
• Error format follows RFC 7807
• Pagination strategy matches data size
• Caching headers configured
• Rate limiting documented
• OpenAPI spec generated
• Contract tests written

---

Handoff: Backend implementation → Agent 02 | Security review → Agent 05