act70255/api-patterns
dev-python/skills/api-patterns/SKILL.md
API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
development
Updated Mar 29, 2026
$ install --global
skillsauthnpx skillsauth add act70255/skillsbundle api-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 11:02 PM57.0s12 files scanned
SKILL.md
- name:
- api-patterns
- description:
- API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
- risk:
- unknown
- source:
- community
- date_added:
- 2026-02-27
API Patterns
API design principles and decision-making for 2025. Learn to THINK, not copy fixed patterns.
🎯 Selective Reading Rule
Read ONLY files relevant to the request! Check the content map, find what you need.
📑 Content Map
| File | Description | When to Read |
|------|-------------|--------------|
| api-style.md | REST vs GraphQL vs tRPC decision tree | Choosing API type |
| rest.md | Resource naming, HTTP methods, status codes | Designing REST API |
| response.md | Envelope pattern, error format, pagination | Response structure |
| graphql.md | Schema design, when to use, security | Considering GraphQL |
| trpc.md | TypeScript monorepo, type safety | TS fullstack projects |
| versioning.md | URI/Header/Query versioning | API evolution planning |
| auth.md | JWT, OAuth, Passkey, API Keys | Auth pattern selection |
| rate-limiting.md | Token bucket, sliding window | API protection |
| documentation.md | OpenAPI/Swagger best practices | Documentation |
| security-testing.md | OWASP API Top 10, auth/authz testing | Security audits |
🔗 Related Skills
| Need | Skill |
|------|-------|
| API implementation | @[skills/backend-development] |
| Data structure | @[skills/database-design] |
| Security details | @[skills/security-hardening] |
✅ Decision Checklist
Before designing an API:
- [ ] Asked user about API consumers?
- [ ] Chosen API style for THIS context? (REST/GraphQL/tRPC)
- [ ] Defined consistent response format?
- [ ] Planned versioning strategy?
- [ ] Considered authentication needs?
- [ ] Planned rate limiting?
- [ ] Documentation approach defined?
❌ Anti-Patterns
DON'T:
- Default to REST for everything
- Use verbs in REST endpoints (/getUsers)
- Return inconsistent response formats
- Expose internal errors to clients
- Skip rate limiting
DO:
- Choose API style based on context
- Ask about client requirements
- Document thoroughly
- Use appropriate status codes
Script
| Script | Purpose | Command |
|--------|---------|---------|
| scripts/api_validator.py | API endpoint validation | python scripts/api_validator.py <project_path> |
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
Related Skills
act70255/verification-before-completion
data-ai
VerifiedTrustedCommunity
Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evide...
SKILL.mdUpdated Mar 29, 2026
act70255/testing-qa
tools
VerifiedTrustedCommunity
Comprehensive testing and QA workflow covering unit testing, integration testing, E2E testing, browser automation, and quality assurance.
SKILL.mdUpdated Mar 29, 2026
act70255/scout-regiment-workflow-lite
tools
VerifiedTrustedCommunity
evidence-driven proactive engineering workflow: keep momentum, avoid idle loops, require verifiable progress, and escalate blockers with structure.
SKILL.mdUpdated Mar 29, 2026
act70255/playwright-skill
tools
VerifiedTrustedCommunity
Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login ...
SKILL.mdUpdated Mar 29, 2026