achreftlili/architect/api-design
architect/api-design/SKILL.md
--- name: api-design description: Use this skill whenever the architect subagent is asked to design an API, define endpoints, choose between REST/GraphQL/gRPC, establish API conventions, review an API contract, or set API versioning strategy. Triggers on: "design an API", "define the endpoints", "REST vs GraphQL", "API contract", "API versioning", "API standards", "how should our API work", "design the interface". Always use this skill before producing any API design output — it ensures APIs are
$ install --global
skillsauthnpx skillsauth add achreftlili/deep-dev-skills architect/api-designInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 2:48 PM12.4s1 file scanned
SKILL.md
- name:
- api-design
- description:
- Use this skill whenever the architect subagent is asked to design an API, define endpoints, choose between REST/GraphQL/gRPC, establish API conventions, review an API contract, or set API versioning strategy. Triggers on: "design an API", "define the endpoints", "REST vs GraphQL", "API contract", "API versioning", "API standards", "how should our API work", "design the interface". Always use this skill before producing any API design output — it ensures APIs are consistent, evolvable, and well-documented.
- category:
- architect
- agent-type:
- architect
API Design Skill
Purpose
Produce consistent, well-structured API designs that are easy to consume, hard to misuse, and built to evolve.
Step 1 — Choose the API Paradigm
Use this decision tree:
Need flexible querying by clients (mobile/web with varying data needs)?
→ GraphQL
Need high-performance internal service-to-service communication?
→ gRPC
Need a simple, widely-understood external API?
→ REST
Need real-time bidirectional communication?
→ WebSocket (+ REST for control plane)
Need async event-driven communication between services?
→ Message queue (Kafka, SQS, RabbitMQ) — not an API pattern per se
State the choice and justify it before designing anything else.
REST API Design Standards
Resource Naming
- Use nouns, never verbs:
/users, not/getUsers - Use plural:
/orders, not/order - Nest to show ownership (max 2 levels):
/users/{id}/orders - Use kebab-case:
/payment-methods, not/paymentMethods
HTTP Methods
| Action | Method | Example |
|--------|--------|---------|
| List | GET | GET /users |
| Get one | GET | GET /users/{id} |
| Create | POST | POST /users |
| Full replace | PUT | PUT /users/{id} |
| Partial update | PATCH | PATCH /users/{id} |
| Delete | DELETE | DELETE /users/{id} |
Status Codes — Always Use Correctly
200OK,201Created,204No Content400Bad Request,401Unauthorized,403Forbidden,404Not Found,409Conflict,422Unprocessable Entity500Internal Server Error,503Service Unavailable
Request/Response Format
Always define with examples:
// POST /users - Request
{
"email": "[email protected]",
"name": "Jane Doe",
"role": "admin"
}
// 201 Created - Response
{
"id": "usr_abc123",
"email": "[email protected]",
"name": "Jane Doe",
"role": "admin",
"createdAt": "2024-01-15T10:30:00Z"
}
Error Format (always consistent)
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Email address is invalid",
"field": "email",
"requestId": "req_xyz789"
}
}
Pagination (for list endpoints)
{
"data": [...],
"pagination": {
"page": 1,
"pageSize": 20,
"total": 143,
"nextCursor": "cursor_abc" // use cursor pagination for large datasets
}
}
Versioning Strategy
| Strategy | When to use |
|----------|-------------|
| URL versioning (/v1/users) | Public APIs, simple versioning needs — recommended default |
| Header versioning (API-Version: 2024-01) | Internal APIs, clients you control |
| Query param (?version=2) | Avoid — messy caching, hard to route |
Rules:
- Never make breaking changes without a new version
- Support the previous version for minimum 12 months after deprecation notice
- Breaking change = removing a field, changing a field type, changing behavior
GraphQL Design Standards
- Use queries for reads, mutations for writes, subscriptions for real-time
- Never expose your database schema directly — design for the client's needs
- Implement DataLoader pattern to avoid N+1 queries
- Enforce depth limiting and query complexity limits
- Use cursor-based pagination (Relay spec)
gRPC Design Standards
- Define
.protofiles as the source of truth — version control them - Use deadlines on all calls — never allow unbounded waits
- Implement retry with exponential backoff on the client
- Use streaming only when data volume justifies it
- Document with
// commentsin.protofiles
API Design Checklist
Before finalizing any API design:
- [ ] Authentication method defined (API key / OAuth2 / JWT)
- [ ] Authorization model defined (who can call what)
- [ ] Rate limiting specified (per user? per key? per endpoint?)
- [ ] All error codes documented
- [ ] Pagination implemented on all list endpoints
- [ ] Idempotency keys on POST/PUT for financial or criticaloperations
- [ ] Request/response examples for every endpoint
- [ ] Deprecation strategy defined
- [ ] Breaking vs. non-breaking change policy documented
Related Skills
achreftlili/vitest-testing-skill
testing
VerifiedTrustedCommunity
Set up Vitest 2.x with TypeScript for unit and component testing using test/describe/it, vi.fn/vi.mock/vi.spyOn, component testing with Testing Library, coverage (v8/istanbul), workspace config, and snapshot testing.
1SKILL.mdUpdated Apr 25, 2026
achreftlili/pytest-testing-skill
testing
VerifiedTrustedCommunity
Set up pytest 8.x with Python for unit and integration testing using fixtures (scope, autouse, parametrize), async tests (pytest-asyncio), mocking (unittest.mock, pytest-mock), coverage (pytest-cov), conftest.py patterns, and markers.
1SKILL.mdUpdated Apr 25, 2026
achreftlili/playwright-testing-skill
testing
VerifiedTrustedCommunity
Set up Playwright 1.49+ with TypeScript for E2E testing using page object model, fixtures, test.describe/test blocks, assertions, selectors, network mocking, CI configuration, and trace viewer.
1SKILL.mdUpdated Apr 25, 2026
achreftlili/jest-testing-skill
testing
VerifiedTrustedCommunity
Set up Jest 30+ with TypeScript for unit tests, integration tests, mocking (jest.fn, jest.mock, jest.spyOn), coverage configuration, custom matchers, snapshot testing, and setup/teardown patterns.
1SKILL.mdUpdated Apr 25, 2026