fc3c7ae8a2
Add repo-wide auditing and targeted repair scripts for skill metadata. Fix truncated descriptions automatically, keep heading normalization conservative, and remove synthetic boilerplate sections that degrade editorial quality while regenerating repo indexes and catalogs. Fixes #365
86 lines
2.5 KiB
Markdown
86 lines
2.5 KiB
Markdown
---
|
|
name: api-patterns
|
|
description: "API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination."
|
|
risk: unknown
|
|
source: community
|
|
date_added: "2026-02-27"
|
|
---
|
|
|
|
# API Patterns
|
|
|
|
> API design principles and decision-making for 2025.
|
|
> **Learn to THINK, not copy fixed patterns.**
|
|
|
|
## 🎯 Selective Reading Rule
|
|
|
|
**Read ONLY files relevant to the request!** Check the content map, find what you need.
|
|
|
|
---
|
|
|
|
## 📑 Content Map
|
|
|
|
| File | Description | When to Read |
|
|
|------|-------------|--------------|
|
|
| `api-style.md` | REST vs GraphQL vs tRPC decision tree | Choosing API type |
|
|
| `rest.md` | Resource naming, HTTP methods, status codes | Designing REST API |
|
|
| `response.md` | Envelope pattern, error format, pagination | Response structure |
|
|
| `graphql.md` | Schema design, when to use, security | Considering GraphQL |
|
|
| `trpc.md` | TypeScript monorepo, type safety | TS fullstack projects |
|
|
| `versioning.md` | URI/Header/Query versioning | API evolution planning |
|
|
| `auth.md` | JWT, OAuth, Passkey, API Keys | Auth pattern selection |
|
|
| `rate-limiting.md` | Token bucket, sliding window | API protection |
|
|
| `documentation.md` | OpenAPI/Swagger best practices | Documentation |
|
|
| `security-testing.md` | OWASP API Top 10, auth/authz testing | Security audits |
|
|
|
|
---
|
|
|
|
## 🔗 Related Skills
|
|
|
|
| Need | Skill |
|
|
|------|-------|
|
|
| API implementation | `@[skills/backend-development]` |
|
|
| Data structure | `@[skills/database-design]` |
|
|
| Security details | `@[skills/security-hardening]` |
|
|
|
|
---
|
|
|
|
## ✅ Decision Checklist
|
|
|
|
Before designing an API:
|
|
|
|
- [ ] **Asked user about API consumers?**
|
|
- [ ] **Chosen API style for THIS context?** (REST/GraphQL/tRPC)
|
|
- [ ] **Defined consistent response format?**
|
|
- [ ] **Planned versioning strategy?**
|
|
- [ ] **Considered authentication needs?**
|
|
- [ ] **Planned rate limiting?**
|
|
- [ ] **Documentation approach defined?**
|
|
|
|
---
|
|
|
|
## ❌ Anti-Patterns
|
|
|
|
**DON'T:**
|
|
- Default to REST for everything
|
|
- Use verbs in REST endpoints (/getUsers)
|
|
- Return inconsistent response formats
|
|
- Expose internal errors to clients
|
|
- Skip rate limiting
|
|
|
|
**DO:**
|
|
- Choose API style based on context
|
|
- Ask about client requirements
|
|
- Document thoroughly
|
|
- Use appropriate status codes
|
|
|
|
---
|
|
|
|
## Script
|
|
|
|
| Script | Purpose | Command |
|
|
|--------|---------|---------|
|
|
| `scripts/api_validator.py` | API endpoint validation | `python scripts/api_validator.py <project_path>` |
|
|
|
|
## When to Use
|
|
This skill is applicable to execute the workflow or actions described in the overview.
|