oborchers/using-api-principles
api-design-principles/skills/using-api-principles/SKILL.md
This skill should be used when the user asks "which API design skill should I use", "show me all API principles", "help me pick an API pattern", or at the start of any RESTful API design conversation. Provides the index of all twelve principle skills and ensures the right ones are invoked before any API design work begins.
$ install --global
skillsauthnpx skillsauth add oborchers/fractional-cto using-api-principlesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 13, 2026, 6:39 AM143.8s1 file scanned
SKILL.md
- name:
- using-api-principles
- description:
- This skill should be used when the user asks "which API design skill should I use", "show me all API principles", "help me pick an API pattern", or at the start of any RESTful API design conversation. Provides the index of all twelve principle skills and ensures the right ones are invoked before any API design work begins.
- version:
- 1.0.0
<IMPORTANT>
When working on any RESTful API pattern — routes, naming, HTTP methods, error handling, authentication, pagination, caching, webhooks, versioning, or documentation — invoke the relevant api-design-principles skill BEFORE writing or reviewing code.
These are not suggestions. They are research-backed, opinionated principles drawn from Stripe, GitHub, Twilio, Shopify, Google, Microsoft, Zalando, Cloudflare, OWASP, and industry RFCs. </IMPORTANT>
How to Access Skills
Use the Skill tool to invoke any skill by name. When invoked, follow the skill's guidance directly.
Available Skills
| Skill | Triggers On |
|-------|-------------|
| api-design-principles:routes-and-naming | URL design, endpoint naming, plural nouns, nesting depth, query vs path params, snake_case, field naming |
| api-design-principles:http-methods | GET/POST/PUT/PATCH/DELETE semantics, idempotency per verb, CRUD operations, method selection |
| api-design-principles:prefixed-ids | Type-safe identifiers, Stripe-style prefixed IDs (cus_, ord_), KSUID, ULID, ID generation |
| api-design-principles:errors-and-status-codes | HTTP status codes, error envelopes, per-field validation errors, RFC 9457, error formatting |
| api-design-principles:response-design-and-pagination | Response envelopes, cursor/offset/keyset pagination, expand patterns, list metadata |
| api-design-principles:auth-and-api-keys | API key design (sk_live_, pk_test_), OAuth 2.0, JWT, Bearer tokens, key rotation |
| api-design-principles:rate-limiting-and-security | Rate limiting algorithms/headers, OWASP API Top 10, CORS, input validation, request signing |
| api-design-principles:versioning-and-evolution | URL versioning (/v1/), date-based versioning, sunset headers, additive evolution, deprecation |
| api-design-principles:caching-and-performance | Cache-Control, ETags, conditional requests, CDN strategies, compression, circuit breakers |
| api-design-principles:webhooks-and-events | HMAC-SHA256 signing, retry logic, event naming (resource.action), webhook endpoints |
| api-design-principles:documentation-and-dx | API docs, interactive explorers, SDK generation, onboarding, time-to-first-call, changelogs |
| api-design-principles:advanced-patterns | Bulk/batch ops, REST vs GraphQL vs gRPC, SSE/WebSockets, multi-tenancy, API gateways, CQRS |
When to Invoke Skills
Invoke a skill when there is even a small chance the work touches one of these areas:
- Designing or modifying any API endpoint, route, or resource
- Implementing authentication, authorization, or rate limiting
- Building error handling, response formatting, or pagination
- Reviewing existing API code for quality or consistency
- Making architectural decisions about caching, versioning, or real-time patterns
- Writing API documentation or designing developer onboarding
The Three Meta-Principles
All twelve principles rest on three foundations:
-
Consistency beats cleverness — A predictable API that follows conventions everywhere is better than a clever API that surprises developers. Pick one pattern and apply it universally.
-
Errors are part of the interface — Every error response, status code, and validation message is as carefully designed as the happy path. Developers spend more time debugging than building.
-
Optimize for the consumer, not the server — API shape follows what makes client code simple, not what matches the database schema. The server does extra work so every client doesn't have to.
Related Skills
oborchers/using-planning-tools
tools
VerifiedTrustedCommunity
This skill should be used when the user invokes any /plan-* command from the planning-tools plugin (/plan-context, /plan-master, /plan-open-questions, /plan-verify, /plan-tick, /plan-progress, /plan-delete), asks how Claude Code's plan files work, asks where plans are stored, asks to author or audit a multi-phase master planning document, asks how to walk through a plan's Open Questions interactively, asks how to write progress entries, or mentions ~/.claude/plans/ or .claude/planning-tools.local.md. Provides the index of planning-tools commands, the master-plan workflow lifecycle, the v0.3.0+ list-shape mandate (phases and questions as headings + bulleted scope items, never tables), the v0.3.2+ plain-bullet shape (no `- [ ]` checkboxes — heading emoji is the sole tick signal), the progress-entry methodology, and the mechanics of Claude Code's plan-mode file storage.
14SKILL.mdUpdated May 13, 2026
oborchers/whitespace-density
testing
VerifiedTrustedCommunity
This skill should be used when the user is adjusting spacing, padding, margins, content density, section gaps, vertical rhythm, or separation between elements. Also applies when reviewing whether a design feels cramped or too sparse, choosing between borders and whitespace for separation, or defining a spacing system. Covers the 4px/8px spacing system, macro vs micro whitespace, content density spectrum, separation techniques (whitespace > background shifts > borders), and vertical rhythm.
12SKILL.mdUpdated May 22, 2026
oborchers/visual-interest-expression
development
VerifiedTrustedCommunity
This skill should be used when the user is defining brand personality in design, choosing between illustration and photography, adding motion or animation, creating visual motifs, ensuring layout variety, customizing CSS framework defaults, or calibrating the level of creative expression for a given context. Covers Lavie & Tractinsky's expressive aesthetics, the expression spectrum (restrained to bold), brand personality translation, illustration systems, photography direction, and template independence.
12SKILL.mdUpdated May 22, 2026
oborchers/visual-hierarchy
development
VerifiedTrustedCommunity
This skill should be used when the user is establishing visual importance, designing headings, creating focal points, designing CTAs or buttons, arranging label-data relationships, implementing scanning patterns (F-pattern, Z-pattern), or ensuring one dominant element per screen. Covers the three levers of hierarchy (size, weight, color), three-tier information architecture, the 'emphasize by de-emphasizing' principle, CTA design, and label-data relationships.
12SKILL.mdUpdated May 22, 2026