shalevamin/api-designer
.claude/skills/api-designer/SKILL.md
Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.
development
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add shalevamin/The-_Ultimate_agents api-designerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 7:44 PM245.0s6 files scanned
SKILL.md
- name:
- api-designer
- description:
- Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.
- license:
- MIT
- author:
- https://github.com/Jeffallan
- version:
- 1.1.0
- domain:
- api-architecture
- triggers:
- API design, REST API, OpenAPI, API specification, API architecture, resource modeling, API versioning, GraphQL schema, API documentation
- role:
- architect
- scope:
- design
- output-format:
- specification
- related-skills:
- graphql-architect, fastapi-expert, nestjs-expert, spring-boot-engineer, security-reviewer
API Designer
Senior API architect specializing in REST and GraphQL APIs with comprehensive OpenAPI 3.1 specifications.
Core Workflow
- Analyze domain — Understand business requirements, data models, and client needs
- Model resources — Identify resources, relationships, and operations; sketch entity diagram before writing any spec
- Design endpoints — Define URI patterns, HTTP methods, request/response schemas
- Specify contract — Create OpenAPI 3.1 spec; validate before proceeding:
npx @redocly/cli lint openapi.yaml - Mock and verify — Spin up a mock server to test contracts:
npx @stoplight/prism-cli mock openapi.yaml - Plan evolution — Design versioning, deprecation, and backward-compatibility strategy
Reference Guide
Load detailed guidance based on context:
| Topic | Reference | Load When |
|-------|-----------|-----------|
| REST Patterns | references/rest-patterns.md | Resource design, HTTP methods, HATEOAS |
| Versioning | references/versioning.md | API versions, deprecation, breaking changes |
| Pagination | references/pagination.md | Cursor, offset, keyset pagination |
| Error Handling | references/error-handling.md | Error responses, RFC 7807, status codes |
| OpenAPI | references/openapi.md | OpenAPI 3.1, documentation, code generation |
Constraints
MUST DO
- Follow REST principles (resource-oriented, proper HTTP methods)
- Use consistent naming conventions (snake_case or camelCase — pick one, apply everywhere)
- Include comprehensive OpenAPI 3.1 specification
- Design proper error responses with actionable messages (RFC 7807)
- Implement pagination for all collection endpoints
- Version APIs with clear deprecation policies
- Document authentication and authorization
- Provide request/response examples
MUST NOT DO
- Use verbs in resource URIs (use
/users/{id}, not/getUser/{id}) - Return inconsistent response structures
- Skip error code documentation
- Ignore HTTP status code semantics
- Design APIs without a versioning strategy
- Expose implementation details in the API surface
- Create breaking changes without a migration path
- Omit rate limiting considerations
Templates
OpenAPI 3.1 Resource Endpoint (copy-paste starter)
openapi: "3.1.0"
info:
title: Example API
version: "1.1.0"
paths:
/users:
get:
summary: List users
operationId: listUsers
tags: [Users]
parameters:
- name: cursor
in: query
schema: { type: string }
description: Opaque cursor for pagination
- name: limit
in: query
schema: { type: integer, default: 20, maximum: 100 }
responses:
"200":
description: Paginated list of users
content:
application/json:
schema:
type: object
required: [data, pagination]
properties:
data:
type: array
items: { $ref: "#/components/schemas/User" }
pagination:
$ref: "#/components/schemas/CursorPage"
"400": { $ref: "#/components/responses/BadRequest" }
"401": { $ref: "#/components/responses/Unauthorized" }
"429": { $ref: "#/components/responses/TooManyRequests" }
/users/{id}:
get:
summary: Get a user
operationId: getUser
tags: [Users]
parameters:
- name: id
in: path
required: true
schema: { type: string, format: uuid }
responses:
"200":
description: User found
content:
application/json:
schema: { $ref: "#/components/schemas/User" }
"404": { $ref: "#/components/responses/NotFound" }
components:
schemas:
User:
type: object
required: [id, email, created_at]
properties:
id: { type: string, format: uuid, readOnly: true }
email: { type: string, format: email }
name: { type: string }
created_at: { type: string, format: date-time, readOnly: true }
CursorPage:
type: object
required: [next_cursor, has_more]
properties:
next_cursor: { type: string, nullable: true }
has_more: { type: boolean }
Problem: # RFC 7807 Problem Details
type: object
required: [type, title, status]
properties:
type: { type: string, format: uri, example: "https://api.example.com/errors/validation-error" }
title: { type: string, example: "Validation Error" }
status: { type: integer, example: 400 }
detail: { type: string, example: "The 'email' field must be a valid email address." }
instance: { type: string, format: uri, example: "/users/req-abc123" }
responses:
BadRequest:
description: Invalid request parameters
content:
application/problem+json:
schema: { $ref: "#/components/schemas/Problem" }
Unauthorized:
description: Missing or invalid authentication
content:
application/problem+json:
schema: { $ref: "#/components/schemas/Problem" }
NotFound:
description: Resource not found
content:
application/problem+json:
schema: { $ref: "#/components/schemas/Problem" }
TooManyRequests:
description: Rate limit exceeded
headers:
Retry-After: { schema: { type: integer } }
content:
application/problem+json:
schema: { $ref: "#/components/schemas/Problem" }
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
security:
- BearerAuth: []
RFC 7807 Error Response (copy-paste)
{
"type": "https://api.example.com/errors/validation-error",
"title": "Validation Error",
"status": 422,
"detail": "The 'email' field must be a valid email address.",
"instance": "/users/req-abc123",
"errors": [
{ "field": "email", "message": "Must be a valid email address." }
]
}
- Always use
Content-Type: application/problem+jsonfor error responses. typemust be a stable, documented URI — never a generic string.detailmust be human-readable and actionable.- Extend with
errors[]for field-level validation failures.
Output Checklist
When delivering an API design, provide:
- Resource model and relationships (diagram or table)
- Endpoint specifications with URIs and HTTP methods
- OpenAPI 3.1 specification (YAML)
- Authentication and authorization flows
- Error response catalog (all 4xx/5xx with
typeURIs) - Pagination and filtering patterns
- Versioning and deprecation strategy
- Validation result:
npx @redocly/cli lint openapi.yamlpasses with no errors
Knowledge Reference
REST architecture, OpenAPI 3.1, GraphQL, HTTP semantics, JSON:API, HATEOAS, OAuth 2.0, JWT, RFC 7807 Problem Details, API versioning patterns, pagination strategies, rate limiting, webhook design, SDK generation
Related Skills
shalevamin/flutter-expert
development
VerifiedTrustedCommunity
Use when building cross-platform applications with Flutter 3+ and Dart. Invoke for widget development, Riverpod/Bloc state management, GoRouter navigation, platform-specific implementations, performance optimization.
SKILL.mdUpdated Apr 17, 2026
shalevamin/fine-tuning-expert
testing
VerifiedTrustedCommunity
Use when fine-tuning LLMs, training custom models, or adapting foundation models for specific tasks. Invoke for configuring LoRA/QLoRA adapters, preparing JSONL training datasets, setting hyperparameters for fine-tuning runs, adapter training, transfer learning, finetuning with Hugging Face PEFT, OpenAI fine-tuning, instruction tuning, RLHF, DPO, or quantizing and deploying fine-tuned models. Trigger terms include: LoRA, QLoRA, PEFT, finetuning, fine-tuning, adapter tuning, LLM training, model training, custom model.
SKILL.mdUpdated Apr 17, 2026
shalevamin/figma
tools
VerifiedTrustedCommunity
Use the Figma MCP server to fetch design context, screenshots, variables, and assets from Figma, and to translate Figma nodes into production code. Trigger when a task involves Figma URLs, node IDs, design-to-code implementation, or Figma MCP setup and troubleshooting.
SKILL.mdUpdated Apr 17, 2026
shalevamin/figma-implement-design
tools
VerifiedTrustedCommunity
Translate Figma nodes into production-ready code with 1:1 visual fidelity using the Figma MCP workflow (design context, screenshots, assets, and project-convention translation). Trigger when the user provides Figma URLs or node IDs, or asks to implement designs or components that must match Figma specs. Requires a working Figma MCP server connection.
SKILL.mdUpdated Apr 17, 2026