Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From medusa-commerce
Creates custom Medusa v2 API routes using file-based routing, HTTP method exports, Zod validators, middleware, and auth scopes. Use when adding REST endpoints.
npx claudepluginhub orcaqubits/agentic-commerce-skills-plugins --plugin medusa-commerceHow this skill is triggered — by the user, by Claude, or both
Slash command
/medusa-commerce:medusa-api-routesThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Fetch live docs**:
Guides Medusa backend development for custom modules, API routes, workflows, data models, module links, and business logic with architecture patterns, best practices, and rules.
Builds Node.js backends for Medusa v2 using Express middleware chains, MikroORM entity patterns, PostgreSQL pooling, async patterns, error handling, and logging.
Designs RESTful API routes with Next.js App Router, Zod validation, auth guards, and typed responses. Activates when discussing API endpoints, route structure, or request/response schemas.
Share bugs, ideas, or general feedback.
Fetch live docs:
https://docs.medusajs.com/learn/fundamentals/api-routes for API route overviewsite:docs.medusajs.com custom API route file convention for file-based routingsite:docs.medusajs.com API route middleware for middleware configurationsite:docs.medusajs.com API route validation zod for request validationsite:docs.medusajs.com additional data API routes for the additional-data patternMedusa v2 uses a file-system router under src/api/:
| File Path | Resulting Endpoint |
|---|---|
src/api/store/custom/route.ts | GET/POST /store/custom |
src/api/admin/custom/route.ts | GET/POST /admin/custom |
src/api/store/custom/[id]/route.ts | GET/POST /store/custom/:id |
src/api/custom/route.ts | GET/POST /custom (no auth prefix) |
route.ts (not index.ts)[param] folder syntaxstore/ prefix applies storefront authentication scopeadmin/ prefix applies admin authentication scopeEach route.ts exports named functions matching HTTP methods:
| Export Name | HTTP Method |
|---|---|
GET | GET |
POST | POST |
PUT | PUT |
PATCH | PATCH |
DELETE | DELETE |
// src/api/store/custom/route.ts
// Fetch live docs for MedusaRequest/MedusaResponse types
import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
export const GET = async (req: MedusaRequest, res: MedusaResponse) => {
const service = req.scope.resolve("my-module")
res.json({ items: await service.listMyEntities() })
}
// src/api/store/custom/[id]/route.ts
// Fetch live docs for path parameter access
export const GET = async (req: MedusaRequest, res: MedusaResponse) => {
const item = await req.scope.resolve("my-module").retrieveMyEntity(req.params.id)
res.json({ item })
}
Medusa v2 uses Zod schemas for request body and query parameter validation:
| Validation Target | File |
|---|---|
| POST/PUT/PATCH body | validators.ts in same directory as route.ts |
| Query parameters | Same validators.ts file |
// src/api/store/custom/validators.ts
// Fetch live docs for Zod schema integration
import { z } from "zod"
export const PostStoreCustom = z.object({
name: z.string(),
description: z.string().optional(),
})
Validators are linked to routes via middleware configuration.
All middleware is configured in src/api/middlewares.ts:
// src/api/middlewares.ts — Fetch live docs for defineMiddlewares API
import { defineMiddlewares, validateAndTransformBody } from "@medusajs/framework/http"
import { PostStoreCustom } from "./store/custom/validators"
export default defineMiddlewares({
routes: [{ matcher: "/store/custom", method: "POST",
middlewares: [validateAndTransformBody(PostStoreCustom)] }],
})
| Utility | Purpose |
|---|---|
validateAndTransformBody(schema) | Validate request body with Zod |
validateAndTransformQuery(schema) | Validate query parameters |
authenticate("customer", ["session", "bearer"]) | Require customer auth |
authenticate("user", ["session", "bearer"]) | Require admin auth |
| Route Prefix | Default Auth | Custom Auth Override |
|---|---|---|
/admin/* | Admin user required | Can be loosened per route |
/store/* | Optional customer auth | Can require auth per route |
/custom/* | None | Must add explicitly |
// In middlewares.ts routes array
// Fetch live docs for authenticate() options
{
matcher: "/store/custom/me",
middlewares: [authenticate("customer", ["session", "bearer"])],
}
Medusa v2 supports passing extra data through built-in API routes to workflow hooks:
additional_dataadditionalDataValidator in middlewareadditional_dataThis allows extending core commerce flows (e.g., adding custom fields to product creation) without overriding API routes.
| Error Type | Recommended Approach |
|---|---|
| Validation error | Handled automatically by Zod middleware (400) |
| Not found | Throw MedusaError with NOT_FOUND type |
| Unauthorized | Handled by auth middleware (401) |
| Business logic | Throw MedusaError with appropriate type |
| Unexpected | Let Medusa error handler return 500 |
validateAndTransformBodyreq.scope -- never import services directlyadditional_data pattern to extend core routes instead of overriding themauthenticate() middleware explicitly for routes requiring auth outside default scopes{ item } for single, { items, count, offset, limit } for listsFetch the Medusa API route documentation for exact file conventions, middleware utilities, and Zod integration patterns before implementing.