Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

Reinasboo/api-design

Name: api-design
Author: Reinasboo

.agents/skills/api-design/SKILL.md

npx skillsauth add Reinasboo/Bountylab api-design

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

API Design

When to use this skill

Designing new REST APIs
Creating GraphQL schemas
Refactoring API endpoints
Documenting API specifications
API versioning strategies
Defining data models and relationships

Instructions

Step 1: Define API requirements

Identify resources and entities
Define relationships between entities
Specify operations (CRUD, custom actions)
Plan authentication/authorization
Consider pagination, filtering, sorting

Step 2: Design REST API

Resource naming:

Use nouns, not verbs: /users not /getUsers
Use plural names: /users/{id}
Nest resources logically: /users/{id}/posts
Keep URLs short and intuitive

HTTP methods:

GET: Retrieve resources (idempotent)
POST: Create new resources
PUT: Replace entire resource
PATCH: Partial update
DELETE: Remove resources (idempotent)

Response codes:

200 OK: Success with response body
201 Created: Resource created successfully
204 No Content: Success with no response body
400 Bad Request: Invalid input
401 Unauthorized: Authentication required
403 Forbidden: No permission
404 Not Found: Resource doesn't exist
409 Conflict: Resource conflict
422 Unprocessable Entity: Validation failed
500 Internal Server Error: Server error

Example REST endpoint:

GET    /api/v1/users           # List users
GET    /api/v1/users/{id}      # Get user
POST   /api/v1/users           # Create user
PUT    /api/v1/users/{id}      # Update user
PATCH  /api/v1/users/{id}      # Partial update
DELETE /api/v1/users/{id}      # Delete user

Step 3: Request/Response format

Request example:

POST /api/v1/users
Content-Type: application/json

{
  "name": "John Doe",
  "email": "[email protected]",
  "role": "admin"
}

Response example:

HTTP/1.1 201 Created
Content-Type: application/json
Location: /api/v1/users/123

{
  "id": 123,
  "name": "John Doe",
  "email": "[email protected]",
  "role": "admin",
  "created_at": "2024-01-15T10:30:00Z",
  "updated_at": "2024-01-15T10:30:00Z"
}

Step 4: Error handling

Error response format:

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid input provided",
    "details": [
      {
        "field": "email",
        "message": "Invalid email format"
      }
    ]
  }
}

Step 5: Pagination

Query parameters:

GET /api/v1/users?page=2&limit=20&sort=-created_at&filter=role:admin

Response with pagination:

{
  "data": [...],
  "pagination": {
    "page": 2,
    "limit": 20,
    "total": 100,
    "pages": 5
  },
  "links": {
    "self": "/api/v1/users?page=2&limit=20",
    "first": "/api/v1/users?page=1&limit=20",
    "prev": "/api/v1/users?page=1&limit=20",
    "next": "/api/v1/users?page=3&limit=20",
    "last": "/api/v1/users?page=5&limit=20"
  }
}

Step 6: Authentication

Options:

JWT (JSON Web Tokens)
OAuth 2.0
API Keys
Session-based

Example with JWT:

GET /api/v1/users
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Step 7: Versioning

URL versioning (recommended):

/api/v1/users
/api/v2/users

Header versioning:

GET /api/users
Accept: application/vnd.api+json; version=1

Step 8: Documentation

Create OpenAPI 3.0 specification:

openapi: 3.0.0
info:
  title: User Management API
  version: 1.0.0
  description: API for managing users
servers:
  - url: https://api.example.com/v1
paths:
  /users:
    get:
      summary: List users
      parameters:
        - name: page
          in: query
          schema:
            type: integer
            default: 1
        - name: limit
          in: query
          schema:
            type: integer
            default: 20
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/User'
    post:
      summary: Create user
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserCreate'
      responses:
        '201':
          description: User created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
components:
  schemas:
    User:
      type: object
      properties:
        id:
          type: integer
        name:
          type: string
        email:
          type: string
          format: email
        created_at:
          type: string
          format: date-time
    UserCreate:
      type: object
      required:
        - name
        - email
      properties:
        name:
          type: string
        email:
          type: string
          format: email

Best practices

Consistency: Use consistent naming, structure, and patterns
Versioning: Always version your APIs from the start
Security: Implement authentication and authorization
Validation: Validate all inputs on the server side
Rate limiting: Protect against abuse
Caching: Use ETags and Cache-Control headers
CORS: Configure properly for web clients
Documentation: Keep docs up-to-date with code
Testing: Test all endpoints thoroughly
Monitoring: Log requests and track performance

Common patterns

Filtering:

GET /api/v1/users?role=admin&status=active

Sorting:

GET /api/v1/users?sort=-created_at,name

Field selection:

GET /api/v1/users?fields=id,name,email

Batch operations:

POST /api/v1/users/batch
{
  "operations": [
    {"action": "create", "data": {...}},
    {"action": "update", "id": 123, "data": {...}}
  ]
}

GraphQL alternative

If REST doesn't fit, consider GraphQL:

type User {
  id: ID!
  name: String!
  email: String!
  posts: [Post!]!
  createdAt: DateTime!
}

type Query {
  users(page: Int, limit: Int): [User!]!
  user(id: ID!): User
}

type Mutation {
  createUser(input: CreateUserInput!): User!
  updateUser(id: ID!, input: UpdateUserInput!): User!
  deleteUser(id: ID!): Boolean!
}

References

OpenAPI Specification
REST API Tutorial
GraphQL Best Practices
HTTP Status Codes

Examples

Example 1: Basic usage

Example 2: Advanced usage

Reinasboo/api-design

.agents/skills/api-design/SKILL.md

Design RESTful and GraphQL APIs following best practices. Use when creating new APIs, refactoring existing endpoints, or documenting API specifications. Handles OpenAPI, REST, GraphQL, versioning.

development

Updated Apr 15, 2026

$ install --global

skillsauth

npx skillsauth add Reinasboo/Bountylab api-design

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 15, 2026, 11:22 PM8.9s1 file scanned

SKILL.md

name:: api-design
description:: Design RESTful and GraphQL APIs following best practices. Use when creating new APIs, refactoring existing endpoints, or documenting API specifications. Handles OpenAPI, REST, GraphQL, versioning.
license:: Apache-2.0
version:: 1.0.0
author:: Agent Skills Team
tags:: api-design, REST, GraphQL, OpenAPI, versioning, backend
platforms:: Claude, ChatGPT, Gemini

API Design

When to use this skill

Designing new REST APIs
Creating GraphQL schemas
Refactoring API endpoints
Documenting API specifications
API versioning strategies
Defining data models and relationships

Instructions

Step 1: Define API requirements

Identify resources and entities
Define relationships between entities
Specify operations (CRUD, custom actions)
Plan authentication/authorization
Consider pagination, filtering, sorting

Step 2: Design REST API

Resource naming:

Use nouns, not verbs: /users not /getUsers
Use plural names: /users/{id}
Nest resources logically: /users/{id}/posts
Keep URLs short and intuitive

HTTP methods:

GET: Retrieve resources (idempotent)
POST: Create new resources
PUT: Replace entire resource
PATCH: Partial update
DELETE: Remove resources (idempotent)

Response codes:

200 OK: Success with response body
201 Created: Resource created successfully
204 No Content: Success with no response body
400 Bad Request: Invalid input
401 Unauthorized: Authentication required
403 Forbidden: No permission
404 Not Found: Resource doesn't exist
409 Conflict: Resource conflict
422 Unprocessable Entity: Validation failed
500 Internal Server Error: Server error

Example REST endpoint:

GET    /api/v1/users           # List users
GET    /api/v1/users/{id}      # Get user
POST   /api/v1/users           # Create user
PUT    /api/v1/users/{id}      # Update user
PATCH  /api/v1/users/{id}      # Partial update
DELETE /api/v1/users/{id}      # Delete user

Step 3: Request/Response format

Request example:

POST /api/v1/users
Content-Type: application/json

{
  "name": "John Doe",
  "email": "[email protected]",
  "role": "admin"
}

Response example:

HTTP/1.1 201 Created
Content-Type: application/json
Location: /api/v1/users/123

{
  "id": 123,
  "name": "John Doe",
  "email": "[email protected]",
  "role": "admin",
  "created_at": "2024-01-15T10:30:00Z",
  "updated_at": "2024-01-15T10:30:00Z"
}

Step 4: Error handling

Error response format:

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid input provided",
    "details": [
      {
        "field": "email",
        "message": "Invalid email format"
      }
    ]
  }
}

Step 5: Pagination

Query parameters:

GET /api/v1/users?page=2&limit=20&sort=-created_at&filter=role:admin

Response with pagination:

{
  "data": [...],
  "pagination": {
    "page": 2,
    "limit": 20,
    "total": 100,
    "pages": 5
  },
  "links": {
    "self": "/api/v1/users?page=2&limit=20",
    "first": "/api/v1/users?page=1&limit=20",
    "prev": "/api/v1/users?page=1&limit=20",
    "next": "/api/v1/users?page=3&limit=20",
    "last": "/api/v1/users?page=5&limit=20"
  }
}

Step 6: Authentication

Options:

JWT (JSON Web Tokens)
OAuth 2.0
API Keys
Session-based

Example with JWT:

GET /api/v1/users
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Step 7: Versioning

URL versioning (recommended):

/api/v1/users
/api/v2/users

Header versioning:

GET /api/users
Accept: application/vnd.api+json; version=1

Step 8: Documentation

Create OpenAPI 3.0 specification:

openapi: 3.0.0
info:
  title: User Management API
  version: 1.0.0
  description: API for managing users
servers:
  - url: https://api.example.com/v1
paths:
  /users:
    get:
      summary: List users
      parameters:
        - name: page
          in: query
          schema:
            type: integer
            default: 1
        - name: limit
          in: query
          schema:
            type: integer
            default: 20
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/User'
    post:
      summary: Create user
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserCreate'
      responses:
        '201':
          description: User created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
components:
  schemas:
    User:
      type: object
      properties:
        id:
          type: integer
        name:
          type: string
        email:
          type: string
          format: email
        created_at:
          type: string
          format: date-time
    UserCreate:
      type: object
      required:
        - name
        - email
      properties:
        name:
          type: string
        email:
          type: string
          format: email

Best practices

Consistency: Use consistent naming, structure, and patterns
Versioning: Always version your APIs from the start
Security: Implement authentication and authorization
Validation: Validate all inputs on the server side
Rate limiting: Protect against abuse
Caching: Use ETags and Cache-Control headers
CORS: Configure properly for web clients
Documentation: Keep docs up-to-date with code
Testing: Test all endpoints thoroughly
Monitoring: Log requests and track performance

Common patterns

Filtering:

GET /api/v1/users?role=admin&status=active

Sorting:

GET /api/v1/users?sort=-created_at,name

Field selection:

GET /api/v1/users?fields=id,name,email

Batch operations:

POST /api/v1/users/batch
{
  "operations": [
    {"action": "create", "data": {...}},
    {"action": "update", "id": 123, "data": {...}}
  ]
}

GraphQL alternative

If REST doesn't fit, consider GraphQL:

type User {
  id: ID!
  name: String!
  email: String!
  posts: [Post!]!
  createdAt: DateTime!
}

type Query {
  users(page: Int, limit: Int): [User!]!
  user(id: ID!): User
}

type Mutation {
  createUser(input: CreateUserInput!): User!
  updateUser(id: ID!, input: UpdateUserInput!): User!
  deleteUser(id: ID!): Boolean!
}

References

OpenAPI Specification
REST API Tutorial
GraphQL Best Practices
HTTP Status Codes

Examples

Example 1: Basic usage

Example 2: Advanced usage

Related Skills

Reinasboo/security-review

development

VerifiedTrustedCommunity

Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP review", or review code for injection, XSS, authentication, authorization, cryptography issues. Provides systematic review with confidence-based reporting.

SKILL.mdUpdated Apr 15, 2026

Reinasboo/security-review

Reinasboo/security-best-practices

development

VerifiedTrustedCommunity

Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.

SKILL.mdUpdated Apr 15, 2026

Reinasboo/security-best-practices

Reinasboo/responsive-design

development

VerifiedTrustedCommunity

Create responsive web designs that work across all devices and screen sizes. Use when building mobile-first layouts, implementing breakpoints, or optimizing for different viewports. Handles CSS Grid, Flexbox, media queries, viewport units, and responsive images.

SKILL.mdUpdated Apr 15, 2026

Reinasboo/responsive-design

Reinasboo/remotion-video-production

content-media

VerifiedTrustedCommunity

Produce programmable videos with Remotion using scene planning, asset orchestration, and validation gates for automated, brand-consistent video content.

SKILL.mdUpdated Apr 15, 2026

Reinasboo/remotion-video-production

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/Reinasboo/Bountylab.git

# Copy into Claude Code skills folder (global)
cp -r Bountylab/.agents/skills/api-design ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

Reinasboo/Bountylab

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT