Home/AI Backend Engineering/api-design
A

api-design

by @supercent-iov
4.5(460)

This skill is used for designing new REST APIs, GraphQL schemas, refactoring API endpoints, writing API specifications, formulating API versioning strategies, and defining data models, ensuring sound API design.

restful-apigraphqlmicroservicesapi-gatewayhateoasGitHub
Installation
npx skills add supercent-io/skills-template --skill api-design
compare_arrows

Before / After Comparison

1
Before

Early API designs lacked unified specifications, leading to chaotic endpoint naming and inconsistent data models. This made APIs difficult to understand and use, requiring extensive adaptation work during new feature development, severely impacting system scalability and development efficiency.

After

With professional API design guidance, we can now build APIs that adhere to RESTful principles, are clearly structured, easy to understand and use. We have unified naming conventions and data models, significantly enhancing API maintainability and future scalability.

SKILL.md

api-design

API Design

When to use this skill

  • Designing new REST APIs

  • Creating GraphQL schemas

  • Refactoring API endpoints

  • Documenting API specifications

  • API versioning strategies

  • Defining data models and relationships

Instructions

Step 1: Define API requirements

  • Identify resources and entities

  • Define relationships between entities

  • Specify operations (CRUD, custom actions)

  • Plan authentication/authorization

  • Consider pagination, filtering, sorting

Step 2: Design REST API

Resource naming:

  • Use nouns, not verbs: /users not /getUsers

  • Use plural names: /users/{id}

  • Nest resources logically: /users/{id}/posts

  • Keep URLs short and intuitive

HTTP methods:

  • GET: Retrieve resources (idempotent)

  • POST: Create new resources

  • PUT: Replace entire resource

  • PATCH: Partial update

  • DELETE: Remove resources (idempotent)

Response codes:

  • 200 OK: Success with response body

  • 201 Created: Resource created successfully

  • 204 No Content: Success with no response body

  • 400 Bad Request: Invalid input

  • 401 Unauthorized: Authentication required

  • 403 Forbidden: No permission

  • 404 Not Found: Resource doesn't exist

  • 409 Conflict: Resource conflict

  • 422 Unprocessable Entity: Validation failed

  • 500 Internal Server Error: Server error

Example REST endpoint:

GET    /api/v1/users           # List users
GET    /api/v1/users/{id}      # Get user
POST   /api/v1/users           # Create user
PUT    /api/v1/users/{id}      # Update user
PATCH  /api/v1/users/{id}      # Partial update
DELETE /api/v1/users/{id}      # Delete user

Step 3: Request/Response format

Request example:

POST /api/v1/users
Content-Type: application/json

{
  "name": "John Doe",
  "email": "john@example.com",
  "role": "admin"
}

Response example:

HTTP/1.1 201 Created
Content-Type: application/json
Location: /api/v1/users/123

{
  "id": 123,
  "name": "John Doe",
  "email": "john@example.com",
  "role": "admin",
  "created_at": "2024-01-15T10:30:00Z",
  "updated_at": "2024-01-15T10:30:00Z"
}

Step 4: Error handling

Error response format:

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid input provided",
    "details": [
      {
        "field": "email",
        "message": "Invalid email format"
      }
    ]
  }
}

Step 5: Pagination

Query parameters:

GET /api/v1/users?page=2&limit=20&sort=-created_at&filter=role:admin

Response with pagination:

{
  "data": [...],
  "pagination": {
    "page": 2,
    "limit": 20,
    "total": 100,
    "pages": 5
  },
  "links": {
    "self": "/api/v1/users?page=2&limit=20",
    "first": "/api/v1/users?page=1&limit=20",
    "prev": "/api/v1/users?page=1&limit=20",
    "next": "/api/v1/users?page=3&limit=20",
    "last": "/api/v1/users?page=5&limit=20"
  }
}

Step 6: Authentication

Options:

  • JWT (JSON Web Tokens)

  • OAuth 2.0

  • API Keys

  • Session-based

Example with JWT:

GET /api/v1/users
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Step 7: Versioning

URL versioning (recommended):

/api/v1/users
/api/v2/users

Header versioning:

GET /api/users
Accept: application/vnd.api+json; version=1

Step 8: Documentation

Create OpenAPI 3.0 specification:

openapi: 3.0.0
info:
  title: User Management API
  version: 1.0.0
  description: API for managing users
servers:
  - url: https://api.example.com/v1
paths:
  /users:
    get:
      summary: List users
      parameters:
        - name: page
          in: query
          schema:
            type: integer
            default: 1
        - name: limit
          in: query
          schema:
            type: integer
            default: 20
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/User'
    post:
      summary: Create user
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserCreate'
      responses:
        '201':
          description: User created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
components:
  schemas:
    User:
      type: object
      properties:
        id:
          type: integer
        name:
          type: string
        email:
          type: string
          format: email
        created_at:
          type: string
          format: date-time
    UserCreate:
      type: object
      required:
        - name
        - email
      properties:
        name:
          type: string
        email:
          type: string
          format: email

Best practices

  • Consistency: Use consistent naming, structure, and patterns

  • Versioning: Always version your APIs from the start

  • Security: Implement authentication and authorization

  • Validation: Validate all inputs on the server side

  • Rate limiting: Protect against abuse

  • Caching: Use ETags and Cache-Control headers

  • CORS: Configure properly for web clients

  • Documentation: Keep docs up-to-date with code

  • Testing: Test all endpoints thoroughly

  • Monitoring: Log requests and track performance

Common patterns

Filtering:

GET /api/v1/users?role=admin&status=active

Sorting:

GET /api/v1/users?sort=-created_at,name

Field selection:

GET /api/v1/users?fields=id,name,email

Batch operations:

POST /api/v1/users/batch
{
  "operations": [
    {"action": "create", "data": {...}},
    {"action": "update", "id": 123, "data": {...}}
  ]
}

GraphQL alternative

If REST doesn't fit, consider GraphQL:

type User {
  id: ID!
  name: String!
  email: String!
  posts: [Post!]!
  createdAt: DateTime!
}

type Query {
  users(page: Int, limit: Int): [User!]!
  user(id: ID!): User
}

type Mutation {
  createUser(input: CreateUserInput!): User!
  updateUser(id: ID!, input: UpdateUserInput!): User!
  deleteUser(id: ID!): Boolean!
}

References

Examples

Example 1: Basic usage

Example 2: Advanced usage

Weekly Installs11.2KRepositorysupercent-io/sk…templateGitHub Stars58First SeenJan 24, 2026Security AuditsGen Agent Trust HubPassSocketPassSnykPassInstalled oncodex11.1Kgemini-cli11.0Kopencode11.0Kgithub-copilot11.0Kcursor11.0Kamp11.0K

User Reviews (0)

Write a Review

Effect
Usability
Docs
Compatibility

No reviews yet

Statistics

Installs11.5K
Rating4.5 / 5.0
Version
Updated2026年5月17日
Comparisons1

User Rating

4.5(460)
5
69%
4
31%
3
0%
2
0%
1
0%

Rate this Skill

0.0

Compatible Platforms

🔧Claude Code
🔧OpenClaw
🔧OpenCode
🔧Codex
🔧Gemini CLI
🔧GitHub Copilot
🔧Amp
🔧Kimi CLI

Timeline

Created2026年3月17日
Last Updated2026年5月17日