From api-design
Design production-grade APIs across REST, GraphQL, gRPC, and Python library architectures. Use when working with API endpoints, REST resources, GraphQL schemas, gRPC services, OpenAPI/Swagger specs, FastAPI, Pydantic models, OAuth/JWT authentication, pagination, or rate limiting. NOT for building MCP servers (use mcp-server).
npx claudepluginhub viktorbezdek/skillstack --plugin api-designThis skill uses the workspace's default tool permissions.
Comprehensive API design skill combining REST, GraphQL, gRPC, and Python library architecture expertise. This merged skill provides patterns, templates, and tools for building production-grade APIs.
assets/CONTRIBUTING.md.templateassets/README.md.templateassets/example-config.pyassets/example-exceptions.pyassets/project-structure.txtassets/pyproject.toml.templateassets/test-structure.txtchecklists/api-design-checklist.mdchecklists/security-review.mdexamples/INDEX.mdexamples/fastapi-crud.mdexamples/graphql_schema.graphqlexamples/openapi_spec.yamlexamples/pagination.mdexamples/pydantic-schemas.mdexamples/tanstack-start.mdexamples/testing.mdreferences/api-security.yamlreferences/architectural-principles.mdreferences/authentication.mdCompares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Designs, implements, and audits WCAG 2.2 AA accessible UIs for Web (ARIA/HTML5), iOS (SwiftUI traits), and Android (Compose semantics). Audits code for compliance gaps.
Comprehensive API design skill combining REST, GraphQL, gRPC, and Python library architecture expertise. This merged skill provides patterns, templates, and tools for building production-grade APIs.
This skill combines expertise from multiple specialized domains:
Time Savings: 50%+ reduction in API development time through templates, code generation, and best practices.
URL Patterns:
/api/v1/users (plural nouns, lowercase with hyphens)/api/v1/organizations/{org_id}/teams (hierarchical, max 2 levels)/getUsers or underscores: /user_profilesHTTP Methods:
GET - Retrieve resources (safe, idempotent, cacheable)POST - Create new resources (returns 201 with Location header)PUT - Replace entire resource (idempotent)PATCH - Partial update (only changed fields)DELETE - Remove resource (idempotent, returns 204)Success:
200 OK - GET, PUT, PATCH success201 Created - POST success (include Location header)204 No Content - DELETE successClient Errors:
400 Bad Request - Malformed request401 Unauthorized - Missing/invalid authentication403 Forbidden - Insufficient permissions404 Not Found - Resource doesn't exist409 Conflict - Duplicate resource422 Unprocessable Entity - Validation errors429 Too Many Requests - Rate limit exceededServer Errors:
500 Internal Server Error - Unhandled exception503 Service Unavailable - Database/service down{
"error": {
"code": "VALIDATION_ERROR",
"message": "Request validation failed",
"details": [
{ "field": "email", "message": "Invalid email format" }
],
"requestId": "req_abc123",
"timestamp": "2025-10-25T10:30:00Z"
}
}
type User {
id: ID!
email: String!
profile: Profile
posts(first: Int, after: String): PostConnection!
createdAt: DateTime!
}
type PostConnection {
edges: [PostEdge!]!
pageInfo: PageInfo!
totalCount: Int!
}
type Query {
user(id: ID!): User
users(first: Int, after: String): UserConnection!
me: User
}
type Mutation {
createUser(input: CreateUserInput!): CreateUserPayload!
updateUser(id: ID!, input: UpdateUserInput!): UpdateUserPayload!
}
from fastapi import APIRouter, Depends, HTTPException, status
router = APIRouter(prefix="/api/v1/users", tags=["users"])
@router.post("", response_model=UserRead, status_code=status.HTTP_201_CREATED)
async def create_user(
user_data: UserCreate,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
) -> UserRead:
"""Create a new user in the current tenant."""
repository = UserRepository(db, tenant_id=current_user.tenant_id)
user = await repository.create(user_data)
return user
from pydantic import BaseModel, EmailStr, Field, ConfigDict
class UserCreate(BaseModel):
"""Schema for creating a new user."""
email: EmailStr
full_name: str = Field(..., min_length=1, max_length=255)
password: str = Field(..., min_length=8)
class UserRead(BaseModel):
"""Schema for reading user data (public fields only)."""
id: str
tenant_id: str
email: EmailStr
full_name: str
created_at: datetime
model_config = ConfigDict(from_attributes=True)
Cursor-Based (recommended):
GET /posts?limit=20&cursor=eyJpZCI6MTIzfQ
Response:
{
"data": [...],
"pagination": {
"nextCursor": "eyJpZCI6MTQzfQ",
"hasMore": true
}
}
Offset-Based (simpler):
GET /posts?limit=20&offset=40
Response:
{
"data": [...],
"pagination": {
"total": 500,
"limit": 20,
"offset": 40
}
}
JWT Token Usage:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
API Key Usage:
X-API-Key: sk_live_abc123def456
OAuth 2.0 Flows:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 75
X-RateLimit-Reset: 1698340800
Retry-After: 60
| File | Description |
|---|---|
references/rest-best-practices.md | Comprehensive REST API patterns and status codes |
references/authentication.md | OAuth 2.0, JWT, API keys, MFA patterns |
references/versioning-strategies.md | API versioning and deprecation |
references/common-patterns.md | Health checks, webhooks, batch operations |
references/schema-patterns.md | GraphQL schema design patterns |
references/federation-guide.md | Apollo Federation architecture |
references/performance-optimization.md | GraphQL performance, DataLoader, caching |
references/architectural-principles.md | Python library SOLID principles |
references/pep-standards.md | Python PEP quick reference |
references/fastapi-setup.md | FastAPI main app configuration |
references/openapi.md | OpenAPI customization |
references/error-handlers.md | FastAPI exception handlers |
references/cors-rate-limiting.md | CORS and rate limiting setup |
references/openapi-spec.yaml | Complete OpenAPI 3.1 example |
references/graphql-schema.graphql | GraphQL with Relay connections |
references/grpc-service.proto | Protocol Buffer definitions |
references/rate-limiting.yaml | Tier-based rate limit config |
references/api-security.yaml | Auth, CORS, security headers |
| File | Description |
|---|---|
templates/fastapi-crud-endpoint.py | Complete CRUD router template |
templates/pydantic-schemas.py | Request/response schema template |
templates/repository-pattern.py | Repository with tenant isolation |
templates/rate-limiter.py | Upstash Redis rate limiter |
templates/error-handler.py | FastAPI exception handlers |
templates/tanstack-server-function.ts | TanStack Start server functions |
| File | Description |
|---|---|
examples/fastapi-crud.md | CRUD endpoints with repository |
examples/pydantic-schemas.md | Validation schema examples |
examples/pagination.md | Pagination implementation |
examples/testing.md | API testing patterns |
examples/tanstack-start.md | TanStack Start examples |
examples/openapi-spec.yaml | Blog API OpenAPI specification |
examples/graphql-schema.graphql | Full GraphQL schema with subscriptions |
| File | Description |
|---|---|
scripts/schema_analyzer.py | Analyze GraphQL schemas for quality |
scripts/resolver_generator.py | Generate TypeScript resolvers |
scripts/federation_scaffolder.py | Scaffold Apollo Federation subgraphs |
scripts/api_helper.py | OpenAPI validation and docs generation |
scripts/validate-api-spec.sh | Validate API specifications |
| File | Description |
|---|---|
assets/pyproject.toml.template | Production-ready pyproject.toml |
assets/README.md.template | Library README template |
assets/CONTRIBUTING.md.template | Contribution guide |
assets/project-structure.txt | Recommended package layout |
assets/test-structure.txt | Test organization |
assets/example-exceptions.py | Exception hierarchy pattern |
assets/example-config.py | Configuration pattern |
| File | Description |
|---|---|
checklists/api-design-checklist.md | API design review checklist |
checklists/security-review.md | Security review checklist |
# Scaffold subgraphs
python scripts/federation_scaffolder.py users-service --entities User,Profile
python scripts/federation_scaffolder.py posts-service --entities Post --references User
# Configure gateway
python scripts/federation_scaffolder.py gateway --subgraphs users:4001,posts:4002
# Validate OpenAPI spec
python scripts/api_helper.py validate --spec openapi.yaml
# Analyze GraphQL schema
python scripts/schema_analyzer.py schema.graphql --validate
# Generate documentation
python scripts/api_helper.py docs --spec openapi.yaml --output docs/
/users not /getUsersIdempotency-Key header for mutations[ ] All endpoints use nouns, not verbs
[ ] Consistent response envelope structure
[ ] Error responses include codes and actionable messages
[ ] Pagination on all list endpoints
[ ] Authentication/authorization documented
[ ] Rate limit headers defined
[ ] Versioning strategy documented
[ ] CORS configured for known origins
[ ] Idempotency keys for mutating operations
[ ] OpenAPI spec validates without errors
[ ] SDK generation tested
[ ] Examples for all request/response types
This merged skill combines content from the following legacy skills (now part of api-design):
Version: 1.0.0 Last Updated: 2025-01-18