shalin-rahman/skills/api-design
skills/api-design/SKILL.md
# Skill: RESTful API Design & Best Practices # Usage: Use when building robust, scalable, and consumer-friendly web APIs. ## 📡 REST Core Principles - **Statelessness**: Every request from client to server must contain all of the information necessary to understand the request. - **Resource-Based**: APIs should represent entities (resources) using URLs. Nouns, not verbs. - **Standard Methods**: Use HTTP verbs correctly: - `GET`: Retrieve a resource (Safe, Idempotent). - `POST`: Create a new
$ install --global
skillsauthnpx skillsauth add shalin-rahman/Synapticity skills/api-designInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 12:42 AM249.7s1 file scanned
SKILL.md
Skill: RESTful API Design & Best Practices
Usage: Use when building robust, scalable, and consumer-friendly web APIs.
📡 REST Core Principles
- Statelessness: Every request from client to server must contain all of the information necessary to understand the request.
- Resource-Based: APIs should represent entities (resources) using URLs. Nouns, not verbs.
- Standard Methods: Use HTTP verbs correctly:
GET: Retrieve a resource (Safe, Idempotent).POST: Create a new resource.PUT: Update a resource entirely (Idempotent).PATCH: Partially update a resource.DELETE: Remove a resource (Idempotent).
🛣️ URL Structure
- Keep URLs clean and hierarchical.
- Good:
GET /users/123/orders(Get orders for user 123) - Bad:
GET /get_orders_for_user?id=123
- Good:
- Use plural nouns for collections:
/users,/products,/orders. - Use sub-resources for relations, but restrict depth to avoid complex routes (max 2 levels deep).
📄 Payloads & Responses
- Always consume and produce
application/json. - Return standardized success payloads.
- Pagination: Use cursor-based or limit/offset pagination for collections. Return metadata (
total,next_page_url). - Filtering, Sorting, Field Selection: Allow clients to shape the response via query parameters:
GET /users?sort=-created_at&fields=id,name
- HATEOAS (Optional but powerful): Include hypermedia links in responses to guide the client through state transitions.
🛡️ Error Handling
- Use standard HTTP status codes to indicate success or failure:
200 OK,201 Created,204 No Content400 Bad Request(Client error/Validation failed)401 Unauthorized(Authentication missing/invalid)403 Forbidden(Authenticated, but lacks permissions)404 Not Found(Resource doesn't exist)409 Conflict(State violation, duplicate entry)500 Internal Server Error(Server crashed - shouldn't happen)
- Provide a consistent, machine-readable error payload:
{"error": {"code": "VALIDATION_FAILED", "message": "Email is required", "details": [...]}}
🔒 Security & Versioning
- Always use HTTPS.
- Use stateless auth mechanisms like JWT.
- Version the API early to prevent breaking changes for clients (e.g.,
api.example.com/v1/users). header-based versioning is also an accepted standard.
Related Skills
shalin-rahman/skills/zero-defect-engineering
tools
VerifiedTrustedCommunity
# Skill: Zero-Defect Software Engineering # Focus: Writing immortal, self-documenting, and resilient source code. ## Playbook Strategy: 1. **SOLID Foundations**: - **Single Responsibility**: Every class/function does ONE thing perfectly. - **Open/Closed**: Design for extension without modification. 2. **DRY (Don't Repeat Yourself)**: If logic appears twice, abstract it into a utility or base class. 3. **Defensive Programming**: - Validate every input. - Handle every exception specif
1SKILL.mdUpdated Apr 22, 2026
shalin-rahman/skills/typescript-clean
development
VerifiedTrustedCommunity
# Skill: TypeScript Clean Code (Staff Engineer) # Usage: Use for any TypeScript-based project to ensure enterprise-grade type safety and readability. ## Core Rules: - **Strict Typing:** Never use `any`. Use `unknown` with type guards if the type is truly uncertain. - **Interfaces vs Types:** Use `interface` for public APIs (extendability) and `type` for unions, intersections, and primitives. - **Functional Patterns:** Prioritize immutability. Use `readonly` for arrays and objects where possible
1SKILL.mdUpdated Apr 22, 2026
shalin-rahman/skills/testing-strategies
development
VerifiedTrustedCommunity
# Skill: Advanced Testing Strategies (TDD / BDD) # Usage: Use to enforce high code quality, prevent regressions, and ensure requirements are met implicitly. ## 🧪 The Testing Pyramid - **Unit Tests (70%)**: Fast, isolated tests for individual functions and classes. Mock all external dependencies. - **Integration Tests (20%)**: Test the interaction between several units or external systems (e.g., Database, APIs). - **End-to-End (E2E) Tests (10%)**: Slow, brittle tests that verify the system as a
1SKILL.mdUpdated Apr 22, 2026
shalin-rahman/skills/technical-writing-standards
development
VerifiedTrustedCommunity
# Skill: Technical Hand-off & Clarity # Focus: Professional documentation for human and machine consumption. ## Playbook Strategy: 1. **The "ReadMe First" Rule**: Use structured, hierarchical markdown. High-level summary first, deep-dive implementation second. 2. **Contextual Grounding**: Explain the "Why" and the "How" for every project. 3. **Semantic Clarity**: Use industry-standard terminology. Avoid jargon where simple language suffices. 4. **Machine-Readable Annotations**: Include clear co
1SKILL.mdUpdated Apr 22, 2026