Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

curiositech/api-versioning-backward-compatibility

Name: api-versioning-backward-compatibility
Author: curiositech

skills/api-versioning-backward-compatibility/SKILL.md

npx skillsauth add curiositech/windags-skills api-versioning-backward-compatibility

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

API Versioning & Backward Compatibility

Design API versioning strategies that evolve gracefully without breaking existing consumers.

Activation Triggers

Activate on: "API versioning", "backward compatibility", "deprecation", "breaking change", "API migration", "v1 v2", "sunset header", "API evolution", "non-breaking change"

NOT for: Data schema evolution → schema-evolution-manager | Gateway version routing → api-gateway-reverse-proxy-expert | GraphQL deprecation → graphql-server-architect

Quick Start

Classify the change — additive (safe), modification (maybe breaking), removal (breaking)
Choose strategy — URL path (/v2/), header (API-Version), or content negotiation
Implement Sunset headers — RFC 8594 tells consumers when old versions die
Run versions in parallel — minimum 6-month overlap for major versions
Monitor adoption — track per-version traffic to know when to retire

Core Capabilities

| Domain | Technologies | |--------|-------------| | URL Versioning | /api/v1/, /api/v2/ path-based routing | | Header Versioning | API-Version: 2024-01-15, Accept-Version | | Content Negotiation | Accept: application/vnd.myapi.v2+json | | Deprecation | Sunset header (RFC 8594), Deprecation header | | Tooling | OpenAPI 3.1 overlays, Optic, Bump.sh |

Architecture Patterns

Versioning Strategy Decision Tree

Is it additive only? (new fields, new endpoints)
  ├─ YES → No version bump needed (backward compatible)
  └─ NO → Is it a field rename/type change?
       ├─ YES → Can you keep both old + new fields?
       │    ├─ YES → Add new, deprecate old (minor version)
       │    └─ NO → Major version bump (v1 → v2)
       └─ NO → Is it a removal?
            └─ YES → Major version bump with sunset period

Parallel Version Deployment

// Express router with version-based routing
import { Router } from 'express';

const v1Router = Router();
const v2Router = Router();

// v1: returns { name: string }
v1Router.get('/users/:id', async (req, res) => {
  const user = await getUser(req.params.id);
  res.json({ name: user.fullName }); // legacy shape
});

// v2: returns { firstName, lastName, displayName }
v2Router.get('/users/:id', async (req, res) => {
  const user = await getUser(req.params.id);
  res.json({
    firstName: user.firstName,
    lastName: user.lastName,
    displayName: user.fullName,
  });
});

app.use('/api/v1', v1Router);
app.use('/api/v2', v2Router);

// Sunset header middleware for v1
v1Router.use((req, res, next) => {
  res.set('Sunset', 'Sat, 01 Nov 2026 00:00:00 GMT');
  res.set('Deprecation', 'true');
  res.set('Link', '</api/v2>; rel="successor-version"');
  next();
});

Date-Based Versioning (Stripe Model)

API-Version: 2026-03-15

Changes are tied to dates, not integers:
  2026-01-01 → baseline
  2026-03-15 → renamed `name` → `display_name`
  2026-06-01 → removed `legacy_field`

Server pins unversioned requests to the account's default version.
Each version is a transform layer over the canonical internal model.

Anti-Patterns

Versioning too eagerly — most changes are additive and do not require a version bump; add fields freely
No sunset timeline — deprecating without a concrete shutdown date means versions live forever
Copying entire controllers — use a transform/adapter layer, not duplicated business logic per version
Ignoring unknown fields — APIs should be tolerant readers; ignore unknown fields on input (Postel's Law)
Breaking changes in minor versions — if consumers relied on it, removing it is breaking regardless of your intent

Quality Checklist

[ ] Additive changes (new fields, new endpoints) ship without version bump
[ ] Breaking changes require major version with 6+ month sunset period
[ ] Sunset header (RFC 8594) set on deprecated versions
[ ] Link header points consumers to successor version
[ ] Per-version traffic monitored to track migration progress
[ ] OpenAPI spec published per version with diff tooling (Optic/Bump.sh)
[ ] Consumer notification plan: changelog, email, dashboard warning
[ ] Version routing handled at gateway level, not in application code
[ ] Integration tests validate backward compatibility (contract tests)

curiositech/api-versioning-backward-compatibility

skills/api-versioning-backward-compatibility/SKILL.md

API migration strategies, deprecation workflows, and header/URL/content versioning. Activate on: API versioning, backward compatibility, deprecation, breaking change, API migration, v1 v2, sunset header. NOT for: schema evolution in data (use schema-evolution-manager), gateway routing (use api-gateway-reverse-proxy-expert).

development

Updated Apr 4, 2026

$ install --global

skillsauth

npx skillsauth add curiositech/windags-skills api-versioning-backward-compatibility

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 4, 2026, 1:39 PM329.2s1 file scanned

SKILL.md

license:: Apache-2.0
name:: api-versioning-backward-compatibility
description:: API migration strategies, deprecation workflows, and header/URL/content versioning. Activate on: API versioning, backward compatibility, deprecation, breaking change, API migration, v1 v2, sunset header. NOT for: schema evolution in data (use schema-evolution-manager), gateway routing (use api-gateway-reverse-proxy-expert).
allowed-tools:: Read,Write,Edit,Bash(npm:*,npx:*)
category:: Backend & Infrastructure
- skill:: graphql-server-architect
reason:: GraphQL has its own deprecation model via @deprecated

API Versioning & Backward Compatibility

Design API versioning strategies that evolve gracefully without breaking existing consumers.

Activation Triggers

Activate on: "API versioning", "backward compatibility", "deprecation", "breaking change", "API migration", "v1 v2", "sunset header", "API evolution", "non-breaking change"

NOT for: Data schema evolution → schema-evolution-manager | Gateway version routing → api-gateway-reverse-proxy-expert | GraphQL deprecation → graphql-server-architect

Quick Start

Classify the change — additive (safe), modification (maybe breaking), removal (breaking)
Choose strategy — URL path (/v2/), header (API-Version), or content negotiation
Implement Sunset headers — RFC 8594 tells consumers when old versions die
Run versions in parallel — minimum 6-month overlap for major versions
Monitor adoption — track per-version traffic to know when to retire

Core Capabilities

Architecture Patterns

Versioning Strategy Decision Tree

Is it additive only? (new fields, new endpoints)
  ├─ YES → No version bump needed (backward compatible)
  └─ NO → Is it a field rename/type change?
       ├─ YES → Can you keep both old + new fields?
       │    ├─ YES → Add new, deprecate old (minor version)
       │    └─ NO → Major version bump (v1 → v2)
       └─ NO → Is it a removal?
            └─ YES → Major version bump with sunset period

Parallel Version Deployment

// Express router with version-based routing
import { Router } from 'express';

const v1Router = Router();
const v2Router = Router();

// v1: returns { name: string }
v1Router.get('/users/:id', async (req, res) => {
  const user = await getUser(req.params.id);
  res.json({ name: user.fullName }); // legacy shape
});

// v2: returns { firstName, lastName, displayName }
v2Router.get('/users/:id', async (req, res) => {
  const user = await getUser(req.params.id);
  res.json({
    firstName: user.firstName,
    lastName: user.lastName,
    displayName: user.fullName,
  });
});

app.use('/api/v1', v1Router);
app.use('/api/v2', v2Router);

// Sunset header middleware for v1
v1Router.use((req, res, next) => {
  res.set('Sunset', 'Sat, 01 Nov 2026 00:00:00 GMT');
  res.set('Deprecation', 'true');
  res.set('Link', '</api/v2>; rel="successor-version"');
  next();
});

Date-Based Versioning (Stripe Model)

API-Version: 2026-03-15

Changes are tied to dates, not integers:
  2026-01-01 → baseline
  2026-03-15 → renamed `name` → `display_name`
  2026-06-01 → removed `legacy_field`

Server pins unversioned requests to the account's default version.
Each version is a transform layer over the canonical internal model.

Anti-Patterns

Versioning too eagerly — most changes are additive and do not require a version bump; add fields freely
No sunset timeline — deprecating without a concrete shutdown date means versions live forever
Copying entire controllers — use a transform/adapter layer, not duplicated business logic per version
Ignoring unknown fields — APIs should be tolerant readers; ignore unknown fields on input (Postel's Law)
Breaking changes in minor versions — if consumers relied on it, removing it is breaking regardless of your intent

Quality Checklist

[ ] Additive changes (new fields, new endpoints) ship without version bump
[ ] Breaking changes require major version with 6+ month sunset period
[ ] Sunset header (RFC 8594) set on deprecated versions
[ ] Link header points consumers to successor version
[ ] Per-version traffic monitored to track migration progress
[ ] OpenAPI spec published per version with diff tooling (Optic/Bump.sh)
[ ] Consumer notification plan: changelog, email, dashboard warning
[ ] Version routing handled at gateway level, not in application code
[ ] Integration tests validate backward compatibility (contract tests)

Related Skills

curiositech/circuit-breakers-and-retries

tools

VerifiedTrustedCommunity

Building resilient distributed systems with circuit breakers, retries with full-jitter exponential backoff, retry budgets (per-request 3-attempt + per-client 10% ratio per Google SRE), deadline propagation, and the cascading-failure math (4 layers × 3 retries = 64x amplification). Grounded in Resilience4j, Microsoft Cloud Patterns, AWS Architecture Blog (Marc Brooker), and Google SRE Book.

4SKILL.mdUpdated May 6, 2026

curiositech/circuit-breakers-and-retries

curiositech/cdn-cache-control-headers

testing

VerifiedTrustedCommunity

Designing HTTP cache headers that work correctly across browsers, CDNs, and shared proxies — `Cache-Control` directives per RFC 9111, `stale-while-revalidate` and `stale-if-error` per RFC 5861, the Vary header for varying responses, and surrogate keys for tag-based purging. Grounded in IETF RFCs and Cloudflare/Fastly docs.

4SKILL.mdUpdated May 5, 2026

curiositech/cdn-cache-control-headers

curiositech/content-security-policy-headers

development

VerifiedTrustedCommunity

Use when designing or fixing a Content Security Policy on a real site, choosing between nonce-based and hash-based CSP, adding strict-dynamic, debugging "Refused to execute inline script" errors, deploying CSP in report-only mode first, configuring report-to / report-uri, or auditing an existing policy for unsafe-inline / unsafe-eval / wildcards. Triggers: "CSP blocks legitimate inline script", strict-dynamic, nonce-{RANDOM}, sha256-{HASH}, object-src none, base-uri none, frame-ancestors, Trusted Types, X-Content-Security-Policy obsolete, report-only vs enforced. NOT for general HTTP security headers (HSTS, COOP/COEP), Trusted Types deep dive, CORS configuration, or building a WAF.

3SKILL.mdUpdated May 4, 2026

curiositech/content-security-policy-headers

curiositech/api-versioning-strategy

tools

VerifiedTrustedCommunity

Choosing and operating an HTTP API versioning strategy that doesn't break clients — Stripe's date-based pinned versions, the Deprecation/Sunset header pair (RFC 9745 + RFC 8594), URI vs header vs media-type approaches, and the version-transformer pattern. Grounded in Stripe's published architecture and IETF RFCs.

3SKILL.mdUpdated May 4, 2026

curiositech/api-versioning-strategy

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/curiositech/windags-skills.git

# Copy into Claude Code skills folder (global)
cp -r windags-skills/skills/api-versioning-backward-compatibility ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

curiositech/windags-skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT