Agent skill

api-design-patterns

RESTful API design, error handling, versioning, and best practices. Use when designing APIs, reviewing endpoints, implementing error responses, or setting up API structure. Triggers on "design API", "review API", "REST best practices", or "API patterns".

View SKILL.md on GitHub Repository
Stars 22
Forks 2

Install this agent skill to your Project

npx add-skill https://github.com/AsyrafHussin/agent-skills/tree/main/skills/api-design-patterns

Metadata

Additional technical details for this skill

author
agent-skills
version
2.0.0

SKILL.md

API Design Patterns

RESTful API design principles for building consistent, developer-friendly APIs. Contains 38 rules across 7 categories covering resource design, error handling, security, pagination, versioning, response format, and documentation.

Metadata

  • Version: 2.0.0
  • Rule Count: 38 rules across 7 categories
  • License: MIT

When to Apply

Reference these guidelines when:

  • Designing new API endpoints
  • Reviewing existing API structure
  • Implementing error handling and validation
  • Setting up pagination, filtering, and sorting
  • Planning API versioning strategy
  • Configuring API security (auth, CORS, rate limiting)
  • Writing API documentation (OpenAPI/Swagger)

Rule Categories by Priority

Priority Category Impact Prefix
1 Resource Design CRITICAL rest-
2 Error Handling CRITICAL error-
3 Security CRITICAL sec-
4 Pagination & Filtering HIGH page-, filter-, sort-
5 Versioning HIGH ver-
6 Response Format MEDIUM resp-
7 Documentation MEDIUM doc-

Quick Reference

1. Resource Design (CRITICAL)

  • rest-nouns-not-verbs - Use nouns for endpoints, not verbs
  • rest-plural-resources - Use plural resource names
  • rest-http-methods - Correct HTTP method usage (GET, POST, PUT, PATCH, DELETE)
  • rest-nested-resources - Proper resource nesting (max 2 levels)
  • rest-status-codes - Appropriate HTTP status codes
  • rest-idempotency - Idempotent operations with idempotency keys
  • rest-hateoas - Hypermedia links for discoverability
  • rest-resource-actions - Non-CRUD actions as sub-resources

2. Error Handling (CRITICAL)

  • error-consistent-format - Consistent error response structure
  • error-meaningful-messages - Helpful, actionable error messages
  • error-validation-details - Field-level validation errors
  • error-error-codes - Machine-readable error codes
  • error-no-stack-traces - Never expose stack traces in production
  • error-request-id - Include request IDs for debugging

3. Security (CRITICAL)

  • sec-authentication - Proper auth implementation (OAuth2/JWT)
  • sec-authorization - Resource-level permissions (RBAC)
  • sec-rate-limiting - Prevent abuse with rate limiting
  • sec-input-validation - Validate and sanitize all input
  • sec-cors-config - CORS configuration with whitelists
  • sec-https-only - Enforce HTTPS for all traffic
  • sec-sensitive-data - Protect passwords, tokens, PII

4. Pagination & Filtering (HIGH)

  • page-cursor-based - Cursor pagination for large datasets
  • page-offset-based - Offset pagination for simple cases
  • page-consistent-params - Consistent parameter naming
  • page-metadata - Include pagination metadata in responses
  • filter-query-params - Filter via query parameters
  • sort-flexible - Flexible sorting with - prefix for descending

5. Versioning (HIGH)

  • ver-url-path - Version in URL path (/api/v1/)
  • ver-header-based - Version via Accept header
  • ver-backward-compatible - Maintain backward compatibility
  • ver-deprecation - Deprecation strategy with Sunset header

6. Response Format (MEDIUM)

  • resp-consistent-structure - Consistent response envelope
  • resp-json-conventions - JSON naming conventions
  • resp-partial-responses - Field selection (sparse fieldsets)
  • resp-compression - Response compression (gzip/Brotli)

7. Documentation (MEDIUM)

  • doc-openapi - OpenAPI/Swagger specification
  • doc-examples - Request/response examples
  • doc-changelog - API changelog

Essential Guidelines

Resource Naming

# ❌ Verbs in URLs
GET    /getUsers
POST   /createUser

# ✅ Nouns with HTTP methods
GET    /users          # List users
POST   /users          # Create user
GET    /users/123      # Get user
PUT    /users/123      # Update user (full)
PATCH  /users/123      # Update user (partial)
DELETE /users/123      # Delete user

Error Response Format

json
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "The request contains invalid data",
    "details": [
      {
        "field": "email",
        "code": "INVALID_FORMAT",
        "message": "Please provide a valid email address"
      }
    ],
    "request_id": "req_abc123"
  }
}

Pagination

json
{
  "data": [...],
  "meta": {
    "current_page": 2,
    "per_page": 20,
    "total_pages": 10,
    "total_count": 195
  },
  "links": {
    "first": "/users?page=1&per_page=20",
    "prev": "/users?page=1&per_page=20",
    "next": "/users?page=3&per_page=20",
    "last": "/users?page=10&per_page=20"
  }
}

Rate Limiting Headers

HTTP/1.1 200 OK
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 998
X-RateLimit-Reset: 1640995200

How to Use

Read individual rule files for detailed explanations:

rules/rest-http-methods.md
rules/error-consistent-format.md
rules/page-cursor-based.md
rules/sec-authentication.md
rules/ver-url-path.md
rules/doc-openapi.md

References

Full Compiled Document

For the complete guide with all rules expanded: AGENTS.md

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

AsyrafHussin/agent-skills

testing-best-practices

Unit testing, integration testing, and test-driven development principles. Use when writing tests, reviewing test code, improving test coverage, or setting up testing strategy. Triggers on "write tests", "review tests", "testing best practices", or "TDD".

22 2
Explore
AsyrafHussin/agent-skills

laravel-owasp-security

OWASP Top 10 security audit and secure coding guidelines for Laravel + React/Inertia.js applications. Use when auditing for vulnerabilities ("run OWASP audit", "security review", "check my app security") or writing secure Laravel code involving auth, payments, file uploads, or API design. Triggers on security-related tasks, payment handling, authentication, or any request to audit a Laravel codebase.

22 2
Explore
AsyrafHussin/agent-skills

laravel-ai-sdk

Laravel AI SDK for building AI-powered features. Use when creating agents, generating images or audio, working with embeddings, vector search, or testing AI features. Triggers on tasks involving laravel/ai, AI agents, tool-calling, structured output, streaming, embeddings, reranking, or AI faking in tests.

22 2
Explore
AsyrafHussin/agent-skills

php-best-practices

PHP 8.x modern patterns, PSR standards, and SOLID principles. Use when reviewing PHP code, checking type safety, auditing code quality, or ensuring PHP best practices. Triggers on "review PHP", "check PHP code", "audit PHP", or "PHP best practices".

22 2
Explore
AsyrafHussin/agent-skills

react-vite-best-practices

React and Vite performance optimization guidelines. Use when writing, reviewing, or optimizing React components built with Vite. Triggers on tasks involving Vite configuration, build optimization, code splitting, lazy loading, HMR, bundle size, or React performance.

22 2
Explore
AsyrafHussin/agent-skills

laravel-mcp

Laravel MCP server development. Use when building MCP servers, tools, prompts, or resources for AI client integration. Triggers on tasks involving laravel/mcp, MCP tools, MCP prompts, MCP resources, or AI client protocols.

22 2
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results