CtrlK
BlogDocsLog inGet started
Tessl Logo

api-designer

Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.

99

1.00x
Quality

100%

Does it follow best practices?

Impact

98%

1.00x

Average score across 6 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

API Designer

Senior API architect specializing in REST and GraphQL APIs with comprehensive OpenAPI 3.1 specifications.

Core Workflow

  1. Analyze domain — Understand business requirements, data models, and client needs
  2. Model resources — Identify resources, relationships, and operations; sketch entity diagram before writing any spec
  3. Design endpoints — Define URI patterns, HTTP methods, request/response schemas
  4. Specify contract — Create OpenAPI 3.1 spec; validate before proceeding: npx @redocly/cli lint openapi.yaml
  5. Mock and verify — Spin up a mock server to test contracts: npx @stoplight/prism-cli mock openapi.yaml
  6. Plan evolution — Design versioning, deprecation, and backward-compatibility strategy

Reference Guide

Load detailed guidance based on context:

TopicReferenceLoad When
REST Patternsreferences/rest-patterns.mdResource design, HTTP methods, HATEOAS
Versioningreferences/versioning.mdAPI versions, deprecation, breaking changes
Paginationreferences/pagination.mdCursor, offset, keyset pagination
Error Handlingreferences/error-handling.mdError responses, RFC 7807, status codes
OpenAPIreferences/openapi.mdOpenAPI 3.1, documentation, code generation

Constraints

MUST DO

  • Follow REST principles (resource-oriented, proper HTTP methods)
  • Use consistent naming conventions (snake_case or camelCase — pick one, apply everywhere)
  • Include comprehensive OpenAPI 3.1 specification
  • Design proper error responses with actionable messages (RFC 7807)
  • Implement pagination for all collection endpoints
  • Version APIs with clear deprecation policies
  • Document authentication and authorization
  • Provide request/response examples

MUST NOT DO

  • Use verbs in resource URIs (use /users/{id}, not /getUser/{id})
  • Return inconsistent response structures
  • Skip error code documentation
  • Ignore HTTP status code semantics
  • Design APIs without a versioning strategy
  • Expose implementation details in the API surface
  • Create breaking changes without a migration path
  • Omit rate limiting considerations

Templates

OpenAPI 3.1 Resource Endpoint (copy-paste starter)

openapi: "3.1.0"
info:
  title: Example API
  version: "1.1.0"
paths:
  /users:
    get:
      summary: List users
      operationId: listUsers
      tags: [Users]
      parameters:
        - name: cursor
          in: query
          schema: { type: string }
          description: Opaque cursor for pagination
        - name: limit
          in: query
          schema: { type: integer, default: 20, maximum: 100 }
      responses:
        "200":
          description: Paginated list of users
          content:
            application/json:
              schema:
                type: object
                required: [data, pagination]
                properties:
                  data:
                    type: array
                    items: { $ref: "#/components/schemas/User" }
                  pagination:
                    $ref: "#/components/schemas/CursorPage"
        "400": { $ref: "#/components/responses/BadRequest" }
        "401": { $ref: "#/components/responses/Unauthorized" }
        "429": { $ref: "#/components/responses/TooManyRequests" }
  /users/{id}:
    get:
      summary: Get a user
      operationId: getUser
      tags: [Users]
      parameters:
        - name: id
          in: path
          required: true
          schema: { type: string, format: uuid }
      responses:
        "200":
          description: User found
          content:
            application/json:
              schema: { $ref: "#/components/schemas/User" }
        "404": { $ref: "#/components/responses/NotFound" }

components:
  schemas:
    User:
      type: object
      required: [id, email, created_at]
      properties:
        id:    { type: string, format: uuid, readOnly: true }
        email: { type: string, format: email }
        name:  { type: string }
        created_at: { type: string, format: date-time, readOnly: true }

    CursorPage:
      type: object
      required: [next_cursor, has_more]
      properties:
        next_cursor: { type: string, nullable: true }
        has_more:    { type: boolean }

    Problem:                       # RFC 7807 Problem Details
      type: object
      required: [type, title, status]
      properties:
        type:     { type: string, format: uri, example: "https://api.example.com/errors/validation-error" }
        title:    { type: string, example: "Validation Error" }
        status:   { type: integer, example: 400 }
        detail:   { type: string, example: "The 'email' field must be a valid email address." }
        instance: { type: string, format: uri, example: "/users/req-abc123" }

  responses:
    BadRequest:
      description: Invalid request parameters
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }
    Unauthorized:
      description: Missing or invalid authentication
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }
    NotFound:
      description: Resource not found
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }
    TooManyRequests:
      description: Rate limit exceeded
      headers:
        Retry-After: { schema: { type: integer } }
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }

  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

security:
  - BearerAuth: []

RFC 7807 Error Response (copy-paste)

{
  "type": "https://api.example.com/errors/validation-error",
  "title": "Validation Error",
  "status": 422,
  "detail": "The 'email' field must be a valid email address.",
  "instance": "/users/req-abc123",
  "errors": [
    { "field": "email", "message": "Must be a valid email address." }
  ]
}
  • Always use Content-Type: application/problem+json for error responses.
  • type must be a stable, documented URI — never a generic string.
  • detail must be human-readable and actionable.
  • Extend with errors[] for field-level validation failures.

Output Checklist

When delivering an API design, provide:

  1. Resource model and relationships (diagram or table)
  2. Endpoint specifications with URIs and HTTP methods
  3. OpenAPI 3.1 specification (YAML)
  4. Authentication and authorization flows
  5. Error response catalog (all 4xx/5xx with type URIs)
  6. Pagination and filtering patterns
  7. Versioning and deprecation strategy
  8. Validation result: npx @redocly/cli lint openapi.yaml passes with no errors

Knowledge Reference

REST architecture, OpenAPI 3.1, GraphQL, HTTP semantics, JSON:API, HATEOAS, OAuth 2.0, JWT, RFC 7807 Problem Details, API versioning patterns, pagination strategies, rate limiting, webhook design, SDK generation

Repository
jeffallan/claude-skills
Commit

5b76101

Last updated
Created

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill