Design RESTful APIs following Grey Haven standards - FastAPI routes, Pydantic schemas, HTTP status codes, pagination, filtering, error responses, OpenAPI docs, and multi-tenant patterns. Use when creating API endpoints, designing REST resources, implementing server functions, configuring FastAPI, writing Pydantic schemas, setting up error handling, implementing pagination, or when user mentions 'API', 'endpoint', 'REST', 'FastAPI', 'Pydantic', 'server function', 'OpenAPI', 'pagination', 'validation', 'error handling', 'rate limiting', 'CORS', or 'authentication'.
/plugin marketplace add greyhaven-ai/claude-code-config/plugin install developer-experience@grey-haven-pluginsThis skill is limited to using the following tools:
checklists/api-design-checklist.mdchecklists/security-review.mdexamples/INDEX.mdexamples/fastapi-crud.mdexamples/pagination.mdexamples/pydantic-schemas.mdexamples/tanstack-start.mdexamples/testing.mdreference/INDEX.mdreference/authentication.mdreference/cors-rate-limiting.mdreference/error-handlers.mdreference/fastapi-setup.mdreference/openapi.mdtemplates/error-handler.pytemplates/fastapi-crud-endpoint.pytemplates/pydantic-schemas.pytemplates/rate-limiter.pytemplates/repository-pattern.pytemplates/tanstack-server-function.tsRESTful API design for FastAPI backends and TanStack Start server functions.
Follow these standards when creating API endpoints, defining schemas, and handling errors in Grey Haven projects.
URL Patterns:
/api/v1/users (plural nouns, lowercase with hyphens)/api/v1/organizations/{org_id}/teams (hierarchical)/api/v1/getUsers (no verbs in URLs)/api/v1/user_profiles (no underscores)HTTP Verbs:
GET - Retrieve resourcesPOST - Create new resourcesPUT - Update entire resourcePATCH - Update partial resourceDELETE - Remove resourceSuccess:
200 OK - GET, PUT, PATCH requests201 Created - POST request (resource created)204 No Content - DELETE requestClient Errors:
400 Bad Request - Invalid request data401 Unauthorized - Missing/invalid authentication403 Forbidden - Insufficient permissions404 Not Found - Resource doesn't exist409 Conflict - Duplicate resource, concurrent update422 Unprocessable Entity - Validation errorsServer Errors:
500 Internal Server Error - Unhandled exception503 Service Unavailable - Database/service downAlways enforce tenant isolation:
# Extract tenant_id from JWT
repository = UserRepository(db, tenant_id=current_user.tenant_id)
# All queries automatically filtered by tenant_id
users = await repository.list() # Only returns users in this tenant
from fastapi import APIRouter, Depends, HTTPException, status
router = APIRouter(prefix="/api/v1/users", tags=["users"])
@router.post("", response_model=UserRead, status_code=status.HTTP_201_CREATED)
async def create_user(
user_data: UserCreate,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
) -> UserRead:
"""Create a new user in the current tenant."""
repository = UserRepository(db, tenant_id=current_user.tenant_id)
user = await repository.create(user_data)
return user
See examples/fastapi-crud.md for complete CRUD endpoints.
from pydantic import BaseModel, EmailStr, Field, ConfigDict
class UserCreate(BaseModel):
"""Schema for creating a new user."""
email: EmailStr
full_name: str = Field(..., min_length=1, max_length=255)
password: str = Field(..., min_length=8)
class UserRead(BaseModel):
"""Schema for reading user data (public fields only)."""
id: str
tenant_id: str
email: EmailStr
full_name: str
created_at: datetime
model_config = ConfigDict(from_attributes=True)
See examples/pydantic-schemas.md for validation patterns.
// app/routes/api/users.ts
import { createServerFn } from "@tanstack/start";
import { z } from "zod";
const createUserSchema = z.object({
email: z.string().email(),
fullName: z.string().min(1).max(255),
});
export const createUser = createServerFn({ method: "POST" })
.validator(createUserSchema)
.handler(async ({ data, context }) => {
const authUser = await getAuthUser(context);
// Create user with tenant isolation
});
See examples/tanstack-start.md for complete examples.
{
"error": "User with ID abc123 not found",
"status_code": 404
}
Validation errors:
{
"error": "Validation error",
"detail": [
{
"field": "email",
"message": "value is not a valid email address",
"code": "value_error.email"
}
],
"status_code": 422
}
See reference/error-handlers.md for exception handlers.
Offset-based (simple):
@router.get("", response_model=PaginatedResponse[UserRead])
async def list_users(skip: int = 0, limit: int = 100):
users = await repository.list(skip=skip, limit=limit)
total = await repository.count()
return PaginatedResponse(items=users, total=total, skip=skip, limit=limit)
Cursor-based (recommended for large datasets):
@router.get("")
async def list_users(cursor: Optional[str] = None, limit: int = 100):
users = await repository.list_cursor(cursor=cursor, limit=limit)
next_cursor = users[-1].id if len(users) == limit else None
return {"items": users, "next_cursor": next_cursor}
See examples/pagination.md for complete implementations.
Always use tenant-aware repositories:
tenant_id from JWT claimsDefine schemas for all requests/responses:
{Model}Create - Fields for creation{Model}Read - Public fields for responses{Model}Update - Optional fields for updatesFastAPI auto-generates docs:
summary, description, response_description/docs (Swagger UI) and /redoc (ReDoc)See reference/openapi.md for customization.
Protect public endpoints:
from app.core.rate_limit import rate_limit
@router.get("", dependencies=[Depends(rate_limit)])
async def list_users():
"""List users (rate limited to 100 req/min)."""
pass
See templates/rate-limiter.py for Upstash Redis implementation.
Use Doppler for allowed origins:
# NEVER hardcode origins in production!
allowed_origins = os.getenv("CORS_ALLOWED_ORIGINS", "").split(",")
app.add_middleware(
CORSMiddleware,
allow_origins=allowed_origins,
allow_credentials=True,
)
See reference/cors-rate-limiting.md for complete setup.
Use this skill when:
These API design patterns come from Grey Haven's actual templates:
cvi-backend-template (FastAPI + SQLModel + Repository Pattern)cvi-template (TanStack Start server functions)error, detail, and status_code fieldstenant_id from JWT claims for multi-tenant isolationdoppler run --config test -- pytestThis skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.