playbooks

home / skills / cloudai-x / claude-workflow-v2 / designing-apis

designing-apis skill

/skills/designing-apis

This skill helps you design robust REST and GraphQL APIs by outlining resources, endpoints, error handling, versioning, and documentation.

npx playbooks add skill cloudai-x/claude-workflow-v2 --skill designing-apis

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
4.4 KB
---
name: designing-apis
description: Designs REST and GraphQL APIs including endpoints, error handling, versioning, and documentation. Use when creating new APIs, designing endpoints, reviewing API contracts, or when asked about REST, GraphQL, or API patterns.
---

# Designing APIs

## API Design Workflow

Copy this checklist and track progress:

```
API Design Progress:
- [ ] Step 1: Define resources and relationships
- [ ] Step 2: Design endpoint structure
- [ ] Step 3: Define request/response formats
- [ ] Step 4: Plan error handling
- [ ] Step 5: Add authentication/authorization
- [ ] Step 6: Document with OpenAPI spec
- [ ] Step 7: Validate design against checklist
```

## REST API Design

### URL Structure
```
# Resource-based URLs (nouns, not verbs)
GET    /users              # List users
GET    /users/:id          # Get user
POST   /users              # Create user
PUT    /users/:id          # Replace user
PATCH  /users/:id          # Update user
DELETE /users/:id          # Delete user

# Nested resources
GET    /users/:id/orders   # User's orders
POST   /users/:id/orders   # Create order for user

# Query parameters for filtering/pagination
GET    /users?role=admin&status=active
GET    /users?page=2&limit=20&sort=-createdAt
```

### HTTP Status Codes
| Code | Meaning | Use Case |
|------|---------|----------|
| 200 | OK | Successful GET, PUT, PATCH |
| 201 | Created | Successful POST |
| 204 | No Content | Successful DELETE |
| 400 | Bad Request | Invalid input |
| 401 | Unauthorized | Missing/invalid auth |
| 403 | Forbidden | Valid auth, no permission |
| 404 | Not Found | Resource doesn't exist |
| 409 | Conflict | Duplicate, state conflict |
| 422 | Unprocessable | Validation failed |
| 429 | Too Many Requests | Rate limited |
| 500 | Internal Error | Server error |

### Response Formats

**Success Response:**
```json
{
  "data": {
    "id": "123",
    "type": "user",
    "attributes": {
      "name": "John Doe",
      "email": "[email protected]"
    }
  },
  "meta": {
    "requestId": "abc-123"
  }
}
```

**List Response with Pagination:**
```json
{
  "data": [...],
  "meta": {
    "total": 100,
    "page": 1,
    "limit": 20,
    "totalPages": 5
  },
  "links": {
    "self": "/users?page=1",
    "next": "/users?page=2",
    "last": "/users?page=5"
  }
}
```

**Error Response:**
```json
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid input data",
    "details": [
      {
        "field": "email",
        "message": "Must be a valid email address"
      }
    ]
  },
  "meta": {
    "requestId": "abc-123"
  }
}
```

## API Versioning

**URL Versioning (Recommended):**
```
/api/v1/users
/api/v2/users
```

**Header Versioning:**
```
Accept: application/vnd.api+json; version=1
```

## Authentication Patterns

**JWT Bearer Token:**
```
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
```

**API Key:**
```
X-API-Key: your-api-key
```

## Rate Limiting Headers
```
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1609459200
Retry-After: 60
```

## GraphQL Patterns

**Schema Design:**
```graphql
type Query {
  user(id: ID!): User
  users(filter: UserFilter, pagination: Pagination): UserConnection!
}

type Mutation {
  createUser(input: CreateUserInput!): UserPayload!
  updateUser(id: ID!, input: UpdateUserInput!): UserPayload!
}

type User {
  id: ID!
  name: String!
  email: String!
  orders(first: Int, after: String): OrderConnection!
}

input CreateUserInput {
  name: String!
  email: String!
}

type UserPayload {
  user: User
  errors: [Error!]
}
```

## OpenAPI Specification Template

See [OPENAPI-TEMPLATE.md](OPENAPI-TEMPLATE.md) for the full OpenAPI 3.0 specification template.

## API Design Validation

After completing the design, validate against this checklist:

```
Validation Checklist:
- [ ] All endpoints use nouns, not verbs
- [ ] HTTP methods match operations correctly
- [ ] Consistent response format across endpoints
- [ ] Error responses include actionable details
- [ ] Pagination implemented for list endpoints
- [ ] Authentication defined for protected endpoints
- [ ] Rate limiting headers documented
- [ ] OpenAPI spec is complete and valid
```

If validation fails, return to the relevant design step and address the issues.

## Security Checklist
- [ ] HTTPS only
- [ ] Authentication on all endpoints
- [ ] Authorization checks
- [ ] Input validation
- [ ] Rate limiting
- [ ] Request size limits
- [ ] CORS properly configured
- [ ] No sensitive data in URLs
- [ ] Audit logging

Overview

This skill designs REST and GraphQL APIs with clear endpoint structures, error handling, versioning, authentication, and documentation. It provides practical patterns, response schemas, and validation checklists to produce consistent, secure, and maintainable API contracts.

How this skill works

I inspect resource models and relationships, then produce RESTful URLs or GraphQL schemas and recommended request/response formats. I specify HTTP status codes, standard error payloads, versioning strategy, authentication patterns, rate limit headers, and an OpenAPI-ready spec template. I also run the design through a validation checklist and a security checklist to catch common issues.

When to use it

  • Creating a new REST or GraphQL API from domain models
  • Designing or reviewing endpoint structure and naming
  • Defining consistent request/response and pagination formats
  • Specifying error handling, status codes, and rate limiting
  • Preparing an OpenAPI spec or GraphQL schema for documentation

Best practices

  • Use resource-based (noun) URLs for REST and operations mapped to proper HTTP methods
  • Return consistent response envelopes with data, meta, and links for lists
  • Provide structured error objects with codes, messages, and field-level details
  • Version APIs explicitly (URL versioning recommended) and document changes
  • Apply authentication, authorization, input validation, HTTPS, and rate limiting
  • Document everything with OpenAPI for REST or a clear schema and payload types for GraphQL

Example use cases

  • Designing /users and nested /users/:id/orders endpoints with pagination and filtering
  • Drafting an OpenAPI 3.0 spec including success, list, and error response examples
  • Converting CRUD endpoints to support PATCH/PUT semantics and proper status codes
  • Creating a GraphQL schema with Query and Mutation types and payload error handling
  • Defining JWT or API key authentication and rate limit headers in responses

FAQ

Should I use URL versioning or header versioning?

URL versioning is recommended for clarity and caching; use header versioning when you need silent version negotiation or fewer URL changes.

How should errors be returned?

Return structured error objects with a machine-friendly code, human message, and optional field-level details and include a requestId in meta for tracing.

When is GraphQL a better fit than REST?

Use GraphQL when clients need flexible queries with nested relationships and reduced over-fetching; use REST for simpler resource-centric operations and predictable caching.