sawrus/api-patterns
areas/software/full-stack/skills/api-patterns/SKILL.md
API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
$ install --global
skillsauthnpx skillsauth add sawrus/agent-guides api-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 12:42 PM37.0s12 files scanned
SKILL.md
- name:
- api-patterns
- description:
- API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
- allowed-tools:
- Read, Write, Edit, Glob, Grep
API Patterns
API design principles and decision-making for 2025. Learn to THINK, not copy fixed patterns.
🎯 Selective Reading Rule
Read ONLY files relevant to the request! Check the content map, find what you need.
📑 Content Map
| File | Description | When to Read |
|------|-------------|--------------|
| api-style.md | REST vs GraphQL vs tRPC decision tree | Choosing API type |
| rest.md | Resource naming, HTTP methods, status codes | Designing REST API |
| response.md | Envelope pattern, error format, pagination | Response structure |
| graphql.md | Schema design, when to use, security | Considering GraphQL |
| trpc.md | TypeScript monorepo, type safety | TS fullstack projects |
| versioning.md | URI/Header/Query versioning | API evolution planning |
| auth.md | JWT, OAuth, Passkey, API Keys | Auth pattern selection |
| rate-limiting.md | Token bucket, sliding window | API protection |
| documentation.md | OpenAPI/Swagger best practices | Documentation |
| security-testing.md | OWASP API Top 10, auth/authz testing | Security audits |
🔗 Related Skills
| Need | Skill |
|------|-------|
| API implementation | @[skills/backend-development] |
| Data structure | @[skills/database-design] |
| Security details | @[skills/security-hardening] |
✅ Decision Checklist
Before designing an API:
- [ ] Asked user about API consumers?
- [ ] Chosen API style for THIS context? (REST/GraphQL/tRPC)
- [ ] Defined consistent response format?
- [ ] Planned versioning strategy?
- [ ] Considered authentication needs?
- [ ] Planned rate limiting?
- [ ] Documentation approach defined?
❌ Anti-Patterns
DON'T:
- Default to REST for everything
- Use verbs in REST endpoints (/getUsers)
- Return inconsistent response formats
- Expose internal errors to clients
- Skip rate limiting
DO:
- Choose API style based on context
- Ask about client requirements
- Document thoroughly
- Use appropriate status codes
Script
| Script | Purpose | Command |
|--------|---------|---------|
| scripts/api_validator.py | API endpoint validation | python scripts/api_validator.py <project_path> |
Related Skills
sawrus/qa_expert
testing
VerifiedTrustedCommunity
QA Expert for writing E2E tests, test scenarios, test plans, and ensuring test coverage quality.
12SKILL.mdUpdated Apr 18, 2026
sawrus/design_expert
development
VerifiedTrustedCommunity
Expert UI/UX design intelligence for creating distinctive, high-craft, and mobile-first interfaces. Focuses on premium aesthetics, touch-first ergonomics, and Flutter performance.
12SKILL.mdUpdated Apr 18, 2026
sawrus/code_review_expert
development
VerifiedTrustedCommunity
Code Review Expert for static analysis, security auditing, architecture review, and ensuring code quality standards.
12SKILL.mdUpdated Apr 18, 2026
sawrus/babysit-pr
development
VerifiedTrustedCommunity
Babysit a GitHub pull request after creation by continuously polling review comments, CI checks/workflow runs, and mergeability state until the PR is merged/closed or user help is required. Diagnose failures, retry likely flaky failures up to 3 times, auto-fix/push branch-related issues when appropriate, and keep watching open PRs so fresh review feedback is surfaced promptly. Use when the user asks Codex to monitor a PR, watch CI, handle review comments, or keep an eye on failures and feedback on an open PR.
12SKILL.mdUpdated Apr 18, 2026