RESTful API design following best practices with endpoint mapping, schema definition, and error handling. Use when mapping endpoints, defining schemas, or when you see "API", "endpoint", "REST", "OpenAPI", "schema", "contract", or "HTTP".
Designs RESTful API contracts with endpoint mapping, schema definitions, and error handling.
/plugin marketplace add deepeshBodh/human-in-loop/plugin install deepeshbodh-humaninloop-plugins-humaninloop@deepeshBodh/human-in-loopThis skill inherits all available tools. When active, it can use any tool Claude has access to.
ERROR-PATTERNS.mdOPENAPI-TEMPLATE.yamlPAGINATION-PATTERNS.mdscripts/validate-openapi.pyDesign RESTful API contracts that map user actions to endpoints with complete schema definitions and comprehensive error handling. This skill covers endpoint design, request/response schemas, and OpenAPI specification.
| User Action | HTTP Method | Endpoint Pattern |
|---|---|---|
| Create resource | POST | /resources |
| List resources | GET | /resources |
| Get single resource | GET | /resources/{id} |
| Update resource | PUT/PATCH | /resources/{id} |
| Delete resource | DELETE | /resources/{id} |
| Perform action | POST | /resources/{id}/{action} |
| Get nested resource | GET | /resources/{id}/children |
| Scenario | Method | Idempotent? |
|---|---|---|
| Create new resource | POST | No |
| Full replacement | PUT | Yes |
| Partial update | PATCH | No |
| Read resource | GET | Yes |
| Remove resource | DELETE | Yes |
| Trigger action | POST | Usually No |
/users, not /user/user-profiles/users/{userId}/users?role=admin/users/{userId}/tasksDocument each endpoint with description, source requirements, request/response schemas, and error cases:
## POST /api/auth/login
**Description**: Authenticate user with email and password
**Source Requirements**: FR-001, US#1
### Request
{JSON request body example}
### Response (200 OK)
{JSON response body example}
### Error Responses
| Status | Code | Description |
|--------|------|-------------|
| 400 | INVALID_INPUT | Missing or malformed fields |
| 401 | INVALID_CREDENTIALS | Wrong email or password |
LoginRequest:
type: object
required:
- email
- password
properties:
email:
type: string
format: email
description: User's email address
password:
type: string
minLength: 8
description: User's password
| Data Model Type | OpenAPI Type | Format |
|---|---|---|
| UUID | string | uuid |
| Text | string | - |
| string | ||
| URL | string | uri |
| Integer | integer | int32/int64 |
| Decimal | number | float/double |
| Boolean | boolean | - |
| Timestamp | string | date-time |
| Date | string | date |
| Enum[a,b,c] | string | enum: [a,b,c] |
Use standard error format with machine-readable codes and human-readable messages.
See ERROR-PATTERNS.md for complete HTTP status codes, error code conventions, and response formats.
| Status | When to Use |
|---|---|
| 400 | Invalid input format |
| 401 | Missing/invalid auth |
| 403 | No permission |
| 404 | Resource missing |
| 409 | State conflict |
| 422 | Business rule violation |
| 429 | Rate limit exceeded |
| 500 | Server error |
For endpoints returning collections, implement pagination, filtering, and sorting.
See PAGINATION-PATTERNS.md for offset vs cursor pagination, filtering operators, and sorting patterns.
GET /api/users?page=1&limit=20&role=admin&sort=-createdAt
When existing API patterns are detected, align new endpoints:
| Aspect | Check For |
|---|---|
| Base path | /api/v1, /api, etc. |
| Auth pattern | Bearer, API key, session |
| Error format | Existing error structure |
| Pagination | page/limit, cursor, offset |
Handle endpoint collisions:
See OPENAPI-TEMPLATE.yaml for a complete, copy-ready template with all sections.
openapi: 3.0.3
info:
title: {Feature Name} API
version: 1.0.0
servers:
- url: /api
paths:
/resource:
get: ...
post: ...
components:
schemas: ...
securitySchemes:
bearerAuth:
type: http
scheme: bearer
security:
- bearerAuth: []
Track endpoint to requirement mapping:
| Endpoint | Method | FR | US | Description |
|---|---|---|---|---|
| /auth/login | POST | FR-001 | US#1 | User login |
| /users/me | GET | FR-004 | US#4 | Get current user |
Validate OpenAPI specifications using the validation script:
python scripts/validate-openapi.py path/to/openapi.yaml
Checks: OpenAPI syntax, REST conventions, error responses, request bodies, operation IDs, security schemes, examples, and descriptions.
Before finalizing API contracts:
| Avoid | Instead |
|---|---|
Verb in URL (/getUsers) | Noun resource (/users) |
| GET for actions | POST for actions (POST /users/{id}/archive) |
| Missing error responses | Define all error cases |
| Inconsistent naming | Pick one style (kebab-case recommended) |
| Generic errors (just 400/500) | Specific error codes |
| No examples | Include realistic examples |
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.