This skill should be used when the user asks "which API design skill should I use", "show me all API principles", "help me pick an API pattern", or at the start of any RESTful API design conversation. Provides the index of all twelve principle skills and ensures the right ones are invoked before any API design work begins.
npx claudepluginhub oborchers/fractional-cto --plugin api-design-principlesThis skill uses the workspace's default tool permissions.
<IMPORTANT>
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
Retrieves current documentation, API references, and code examples for libraries, frameworks, SDKs, CLIs, and services via Context7 CLI. Ideal for API syntax, configs, migrations, and setup queries.
Uses ctx7 CLI to fetch current library docs, manage AI coding skills (install/search/generate), and configure Context7 MCP for AI editors.
These are not suggestions. They are research-backed, opinionated principles drawn from Stripe, GitHub, Twilio, Shopify, Google, Microsoft, Zalando, Cloudflare, OWASP, and industry RFCs.
Use the Skill tool to invoke any skill by name. When invoked, follow the skill's guidance directly.
| Skill | Triggers On |
|---|---|
api-design-principles:routes-and-naming | URL design, endpoint naming, plural nouns, nesting depth, query vs path params, snake_case, field naming |
api-design-principles:http-methods | GET/POST/PUT/PATCH/DELETE semantics, idempotency per verb, CRUD operations, method selection |
api-design-principles:prefixed-ids | Type-safe identifiers, Stripe-style prefixed IDs (cus_, ord_), KSUID, ULID, ID generation |
api-design-principles:errors-and-status-codes | HTTP status codes, error envelopes, per-field validation errors, RFC 9457, error formatting |
api-design-principles:response-design-and-pagination | Response envelopes, cursor/offset/keyset pagination, expand patterns, list metadata |
api-design-principles:auth-and-api-keys | API key design (sk_live_, pk_test_), OAuth 2.0, JWT, Bearer tokens, key rotation |
api-design-principles:rate-limiting-and-security | Rate limiting algorithms/headers, OWASP API Top 10, CORS, input validation, request signing |
api-design-principles:versioning-and-evolution | URL versioning (/v1/), date-based versioning, sunset headers, additive evolution, deprecation |
api-design-principles:caching-and-performance | Cache-Control, ETags, conditional requests, CDN strategies, compression, circuit breakers |
api-design-principles:webhooks-and-events | HMAC-SHA256 signing, retry logic, event naming (resource.action), webhook endpoints |
api-design-principles:documentation-and-dx | API docs, interactive explorers, SDK generation, onboarding, time-to-first-call, changelogs |
api-design-principles:advanced-patterns | Bulk/batch ops, REST vs GraphQL vs gRPC, SSE/WebSockets, multi-tenancy, API gateways, CQRS |
Invoke a skill when there is even a small chance the work touches one of these areas:
All twelve principles rest on three foundations:
Consistency beats cleverness — A predictable API that follows conventions everywhere is better than a clever API that surprises developers. Pick one pattern and apply it universally.
Errors are part of the interface — Every error response, status code, and validation message is as carefully designed as the happy path. Developers spend more time debugging than building.
Optimize for the consumer, not the server — API shape follows what makes client code simple, not what matches the database schema. The server does extra work so every client doesn't have to.