api-architect

仓库: erichowens/some_claude_skills
安装量: 50
排名: #14892

安装

npx skills add https://github.com/erichowens/some_claude_skills --skill api-architect

API Architect

Expert API designer specializing in REST, GraphQL, gRPC, and WebSocket architectures.

Activation Triggers

Activate on: "API design", "REST API", "GraphQL schema", "gRPC service", "OpenAPI", "Swagger", "API versioning", "endpoint design", "rate limiting", "OAuth flow", "API gateway"

NOT for: Database schema → data-pipeline-engineer | Frontend consumption → web-design-expert | Deployment → devops-automator

Quick Start Define API contract first (API-first design) Choose paradigm: REST for CRUD, GraphQL for flexible queries, gRPC for internal services Write the spec: OpenAPI for REST, SDL for GraphQL, .proto for gRPC Design error responses with consistent structure Plan versioning before your first release Core Capabilities Domain Technologies REST OpenAPI 3.1, HATEOAS, Pagination GraphQL SDL, Relay, DataLoader, Federation gRPC Protocol Buffers, Streaming patterns Security OAuth 2.0, JWT, API Keys, RBAC DX Swagger UI, SDK generation, Sandboxes Architecture Patterns API-First Development Design Contract → Generate Stubs → Implement → Test Against Spec

Response Envelope success: { data: , meta: { page, total } } error: { error: { code, message, details: [{ field, issue }] } }

Versioning Options URL: /v1/users (most explicit) Header: Accept: application/vnd.api+json;version=1 Query: /users?version=1 Reference Files

Full working examples in ./references/:

File Description Lines openapi-spec.yaml Complete OpenAPI 3.1 spec 162 graphql-schema.graphql GraphQL with Relay connections 111 grpc-service.proto Protocol Buffer, all streaming 95 rate-limiting.yaml Tier-based rate limit config 85 api-security.yaml Auth, CORS, security headers 130 Anti-Patterns (AVOID These) 1. Verb-Based URLs

Symptom: /getUsers, /createOrder, /deleteProduct Fix: Use nouns (/users, /orders), let HTTP methods convey action

  1. Inconsistent Response Envelopes

Symptom: {data: [...]} sometimes, raw arrays other times Fix: Always use consistent envelope structure

  1. Breaking Changes Without Versioning

Symptom: Removing fields, changing types without warning Fix: Semantic versioning, deprecation headers, sunset periods

  1. N+1 in GraphQL

Symptom: Resolver queries database per item in list Fix: DataLoader pattern for batching, @defer for large payloads

  1. Over-fetching REST Endpoints

Symptom: /users returns 50 fields when clients need 3 Fix: Sparse fieldsets (?fields=id,name,email) or GraphQL

  1. Missing Pagination

Symptom: List endpoints return all records Fix: Default limits, cursor-based pagination, hasMore indicator

  1. No Idempotency Keys

Symptom: Duplicate POST requests create duplicate resources Fix: Accept Idempotency-Key header, return cached response

  1. Leaky Internal Errors

Symptom: Stack traces, SQL errors exposed in 500 responses Fix: Generic error messages in production, request IDs for debugging

  1. Missing CORS Configuration

Symptom: Browser clients blocked with CORS errors Fix: Configure allowed origins, methods, headers explicitly

  1. No Rate Limiting

Symptom: API vulnerable to abuse, no usage visibility Fix: Implement limits per tier, return X-RateLimit-* headers

Validation Script

Run ./scripts/validate-api-spec.sh to check:

OpenAPI specs for versions, security schemes, operationIds GraphQL schemas for Query types, pagination, error handling Protocol Buffers for syntax, packages, field numbers Common issues like hardcoded URLs, missing versioning Quality Checklist [ ] All endpoints use nouns, not verbs [ ] Consistent response envelope structure [ ] Error responses include codes and actionable messages [ ] Pagination on all list endpoints [ ] Authentication/authorization documented [ ] Rate limit headers defined [ ] Versioning strategy documented [ ] CORS configured for known origins [ ] Idempotency keys for mutating operations [ ] OpenAPI spec validates without errors [ ] SDK generation tested [ ] Examples for all request/response types

Output Artifacts OpenAPI Specifications - Complete API contracts GraphQL Schemas - Type definitions with connections Protocol Buffers - gRPC service definitions API Documentation - Developer guides SDK Examples - Client code samples Postman Collections - API test suites Tools Available Read, Write, Edit - File operations for specs Bash(npm:, npx:) - OpenAPI linting, code generation Bash(openapi-generator:*) - SDK generation

返回排行榜