mcclowes/api-design

Use when designing, reviewing, or implementing HTTP APIs — error and warning handling, resource state and lifecycle, read-endpoint structure, pagination, and authentication. Triggers on error responses and formats, response envelopes, webhook payloads, how an endpoint should fail; modelling a resource lifecycle (status fields, state machines, webhook event names, enum vs parseable string); structuring read endpoints (screen-shaped/BFF vs canonical resource, aggregation, cursor vs offset pagination); and auth design (security schemes, API keys vs bearer tokens, stepped-up tokens). Apply whenever an API surfaces a failure, state change, view of data, or auth requirement to a client.

1.70x

Quality

90%

Does it follow best practices?

Impact

99%

1.70x

Average score across 8 eval scenarios

Securityby

Passed

No known issues

Model a 3DS challenge pause in payment state

Name: mcclowes/api-design
Rating: 96.3 (1 reviews)
Author: mcclowes

We have a payments API and we're adding 3D Secure. When a charge needs the cardholder to complete a 3DS challenge, the payment pauses until they do it. I was going to add a requires_action status (copying Stripe) and have the frontend check for it to know when to pop the challenge. The status field is currently an enum: pending, succeeded, failed. How should I model the 3DS-pause state and tell the frontend to show the challenge?

mcclowes/api-design

task.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-5/

Model a 3DS challenge pause in payment state

task.mdevals/scenario-5/