asyrafhussin/api-design-patterns
skills/api-design-patterns/SKILL.md
RESTful API design, error handling, versioning, and best practices. Use when designing APIs, reviewing endpoints, implementing error responses, or setting up API structure. Triggers on "design API", "review API", "REST best practices", or "API patterns".
$ install --global
skillsauthnpx skillsauth add asyrafhussin/agent-skills api-design-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 17, 2026, 3:31 AM144.5s43 files scanned
SKILL.md
- name:
- api-design-patterns
- description:
- RESTful API design, error handling, versioning, and best practices. Use when designing APIs, reviewing endpoints, implementing error responses, or setting up API structure. Triggers on "design API", "review API", "REST best practices", or "API patterns".
- license:
- MIT
- author:
- agent-skills
- version:
- 2.0.0
API Design Patterns
RESTful API design principles for building consistent, developer-friendly APIs. Contains 38 rules across 7 categories covering resource design, error handling, security, pagination, versioning, response format, and documentation.
Metadata
- Version: 2.0.0
- Rule Count: 38 rules across 7 categories
- License: MIT
When to Apply
Reference these guidelines when:
- Designing new API endpoints
- Reviewing existing API structure
- Implementing error handling and validation
- Setting up pagination, filtering, and sorting
- Planning API versioning strategy
- Configuring API security (auth, CORS, rate limiting)
- Writing API documentation (OpenAPI/Swagger)
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|----------|----------|--------|--------|
| 1 | Resource Design | CRITICAL | rest- |
| 2 | Error Handling | CRITICAL | error- |
| 3 | Security | CRITICAL | sec- |
| 4 | Pagination & Filtering | HIGH | page-, filter-, sort- |
| 5 | Versioning | HIGH | ver- |
| 6 | Response Format | MEDIUM | resp- |
| 7 | Documentation | MEDIUM | doc- |
Quick Reference
1. Resource Design (CRITICAL)
rest-nouns-not-verbs- Use nouns for endpoints, not verbsrest-plural-resources- Use plural resource namesrest-http-methods- Correct HTTP method usage (GET, POST, PUT, PATCH, DELETE)rest-nested-resources- Proper resource nesting (max 2 levels)rest-status-codes- Appropriate HTTP status codesrest-idempotency- Idempotent operations with idempotency keysrest-hateoas- Hypermedia links for discoverabilityrest-resource-actions- Non-CRUD actions as sub-resources
2. Error Handling (CRITICAL)
error-consistent-format- Consistent error response structureerror-meaningful-messages- Helpful, actionable error messageserror-validation-details- Field-level validation errorserror-error-codes- Machine-readable error codeserror-no-stack-traces- Never expose stack traces in productionerror-request-id- Include request IDs for debugging
3. Security (CRITICAL)
sec-authentication- Proper auth implementation (OAuth2/JWT)sec-authorization- Resource-level permissions (RBAC)sec-rate-limiting- Prevent abuse with rate limitingsec-input-validation- Validate and sanitize all inputsec-cors-config- CORS configuration with whitelistssec-https-only- Enforce HTTPS for all trafficsec-sensitive-data- Protect passwords, tokens, PII
4. Pagination & Filtering (HIGH)
page-cursor-based- Cursor pagination for large datasetspage-offset-based- Offset pagination for simple casespage-consistent-params- Consistent parameter namingpage-metadata- Include pagination metadata in responsesfilter-query-params- Filter via query parameterssort-flexible- Flexible sorting with-prefix for descending
5. Versioning (HIGH)
ver-url-path- Version in URL path (/api/v1/)ver-header-based- Version via Accept headerver-backward-compatible- Maintain backward compatibilityver-deprecation- Deprecation strategy with Sunset header
6. Response Format (MEDIUM)
resp-consistent-structure- Consistent response enveloperesp-json-conventions- JSON naming conventionsresp-partial-responses- Field selection (sparse fieldsets)resp-compression- Response compression (gzip/Brotli)
7. Documentation (MEDIUM)
doc-openapi- OpenAPI/Swagger specificationdoc-examples- Request/response examplesdoc-changelog- API changelog
Essential Guidelines
Resource Naming
# ❌ Verbs in URLs
GET /getUsers
POST /createUser
# ✅ Nouns with HTTP methods
GET /users # List users
POST /users # Create user
GET /users/123 # Get user
PUT /users/123 # Update user (full)
PATCH /users/123 # Update user (partial)
DELETE /users/123 # Delete user
Error Response Format
{
"error": {
"code": "VALIDATION_ERROR",
"message": "The request contains invalid data",
"details": [
{
"field": "email",
"code": "INVALID_FORMAT",
"message": "Please provide a valid email address"
}
],
"request_id": "req_abc123"
}
}
Pagination
{
"data": [...],
"meta": {
"current_page": 2,
"per_page": 20,
"total_pages": 10,
"total_count": 195
},
"links": {
"first": "/users?page=1&per_page=20",
"prev": "/users?page=1&per_page=20",
"next": "/users?page=3&per_page=20",
"last": "/users?page=10&per_page=20"
}
}
Rate Limiting Headers
HTTP/1.1 200 OK
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 998
X-RateLimit-Reset: 1640995200
How to Use
Read individual rule files for detailed explanations:
rules/rest-http-methods.md
rules/error-consistent-format.md
rules/page-cursor-based.md
rules/sec-authentication.md
rules/ver-url-path.md
rules/doc-openapi.md
References
- RESTful API Guidelines
- Zalando RESTful API Guidelines
- Microsoft API Guidelines
- Google API Design Guide
- OpenAPI Specification
Full Compiled Document
For the complete guide with all rules expanded: AGENTS.md
Related Skills
asyrafhussin/laravel-best-practices
development
VerifiedTrustedCommunity
Laravel 13 conventions and best practices. Use when creating controllers, models, migrations, validation, services, or structuring Laravel applications. Triggers on tasks involving Laravel architecture, Eloquent, database, API development, or PHP patterns.
37SKILL.mdUpdated May 17, 2026
asyrafhussin/laravel-ai-sdk
tools
VerifiedTrustedCommunity
Laravel AI SDK for building AI-powered features. Use when creating agents, generating images or audio, working with embeddings, vector search, or testing AI features. Triggers on tasks involving laravel/ai, AI agents, tool-calling, structured output, streaming, embeddings, reranking, or AI faking in tests.
37SKILL.mdUpdated May 17, 2026
asyrafhussin/git-workflow
tools
VerifiedTrustedCommunity
Git best practices, branching strategies, commit conventions, and PR workflows. Use when reviewing git history, writing commits, setting up branching strategy, or improving git practices. Triggers on "git best practices", "commit message", "branching strategy", or "PR workflow".
37SKILL.mdUpdated May 17, 2026
asyrafhussin/e2e-playwright-testing
tools
VerifiedTrustedCommunity
End-to-end testing with Playwright for web applications. Use when writing E2E tests, browser automation, form submission testing, or user flow testing. Triggers on "playwright", "e2e test", "browser test", "end-to-end", "form flow testing", or test files in tests/e2e/.
37SKILL.mdUpdated May 17, 2026