API Integration Skill When to Activate Activate this skill when: Integrating external APIs Building API clients or wrappers Handling API authentication Implementing rate limiting Caching API responses Core Principles Respect rate limits - APIs are shared resources Secure authentication - Keys in secrets.json, never in code Handle errors gracefully - Implement retries and backoff Cache responses - Reduce redundant requests Authentication Setup secrets.json { "github_token" : "ghp_your_token_here" , "openweather_api_key" : "your_key_here" , "comment" : "Never commit this file" } Python Loading import os import json from pathlib import Path def load_secrets ( ) : secrets_path = Path ( file ) . parent / "secrets.json" try : with open ( secrets_path ) as f : return json . load ( f ) except ( FileNotFoundError , json . JSONDecodeError ) : return { } secrets = load_secrets ( ) API_KEY = secrets . get ( "github_token" , os . getenv ( "GITHUB_TOKEN" , "" ) ) if not API_KEY : raise ValueError ( "No API key found" ) Request Patterns Basic GET (Python) import requests def api_request ( url : str , api_key : str ) -

dict : headers = { "Authorization" : f"Bearer { api_key } " , "Accept" : "application/json" } response = requests . get ( url , headers = headers , timeout = 10 ) response . raise_for_status ( ) return response . json ( ) With Retry and Backoff import time from typing import Optional def api_request_with_retry ( url : str , api_key : str , max_retries : int = 3 ) -

Optional [ dict ] : headers = { "Authorization" : f"Bearer { api_key } " } wait_time = 1 for attempt in range ( max_retries ) : try : response = requests . get ( url , headers = headers , timeout = 10 ) if response . status_code == 200 : return response . json ( ) elif response . status_code == 429 : print ( f"Rate limited. Waiting { wait_time } s..." ) time . sleep ( wait_time ) wait_time = 2 else : print ( f"Error: HTTP { response . status_code } " ) return None except requests . exceptions . RequestException as e : print ( f"Request failed: { e } " ) time . sleep ( wait_time ) wait_time = 2 return None Bash Request

!/bin/bash

API_KEY

$( python3 -c "import json ; print ( json.load ( open ( 'secrets.json' ) ) [ 'github_token' ] ) ") curl -s -H " Authorization: Bearer $API_KEY " \ -H " Accept: application/json " \ " https://api.github.com/user" | jq '.' Error Handling try : response = requests . get ( url , headers = headers , timeout = 10 ) response . raise_for_status ( ) data = response . json ( ) except requests . exceptions . HTTPError as e : if e . response . status_code == 429 : print ( "Rate limited - waiting" ) elif e . response . status_code == 401 : print ( "Unauthorized - check API key" ) else : print ( f"HTTP error: { e } " ) except requests . exceptions . ConnectionError : print ( "Connection error" ) except requests . exceptions . Timeout : print ( "Request timeout" ) HTTP Status Codes Code Meaning Action 200 Success Process response 401 Unauthorized Check API key 403 Forbidden Check permissions 404 Not found Verify endpoint 429 Rate limited Wait and retry 5xx Server error Retry with backoff Caching import time cache = { } CACHE_TTL = 3600

1 hour

def cached_request ( url : str , api_key : str ) -

dict : now = time . time ( ) if url in cache : data , timestamp = cache [ url ] if now - timestamp < CACHE_TTL : return data data = api_request ( url , api_key ) cache [ url ] = ( data , now ) return data Rate Limiting Check Headers curl -I -H "Authorization: Bearer $API_KEY " "https://api.github.com/user" | grep -i rate

x-ratelimit-limit: 5000

x-ratelimit-remaining: 4999

Implement Delays import time def bulk_requests ( urls : list , api_key : str , delay : float = 1.0 ) : results = [ ] for url in urls : result = api_request ( url , api_key ) results . append ( result ) time . sleep ( delay ) return results Pagination def fetch_all_pages ( base_url : str , api_key : str ) -

list : all_items = [ ] page = 1 while True : url = f" { base_url } ?page= { page } &per_page=100" data = api_request ( url , api_key ) if not data : break all_items . extend ( data ) page += 1 time . sleep ( 1 )

Respect rate limits

return all_items Best Practices DO ✅ Store keys in secrets.json Implement retry with exponential backoff Cache responses when appropriate Respect rate limits Handle errors gracefully Log requests (without sensitive data) DON'T ❌ Hardcode API keys Ignore rate limits Skip error handling Make requests in tight loops Log API keys API Etiquette Checklist Read API documentation and ToS Check rate limits Store keys securely Implement rate limiting Add error handling Cache appropriately Monitor usage Grove API Error Responses (MANDATORY) When building API routes in Grove applications, all error responses MUST use Signpost error codes . Never return ad-hoc JSON error shapes. import { API_ERRORS , buildErrorJson , logGroveError , } from "@autumnsgrove/lattice/errors" ; import { json } from "@sveltejs/kit" ; export const POST : RequestHandler = async ( { request , locals } ) => { if ( ! locals . user ) { logGroveError ( "Engine" , API_ERRORS . UNAUTHORIZED , { path : "/api/resource" } ) ; return json ( buildErrorJson ( API_ERRORS . UNAUTHORIZED ) , { status : 401 } ) ; } const body = schema . safeParse ( await request . json ( ) ) ; if ( ! body . success ) { return json ( buildErrorJson ( API_ERRORS . INVALID_REQUEST_BODY ) , { status : 400 , } ) ; } // ... business logic } ; Client-side, use apiRequest() (handles CSRF + credentials) and show toast feedback: import { toast } from "@autumnsgrove/lattice/ui" ; try { await apiRequest ( "/api/resource" , { method : "POST" , body } ) ; toast . success ( "Created!" ) ; } catch ( err ) { toast . error ( err instanceof Error ? err . message : "Something went wrong" ) ; } See AgentUsage/error_handling.md for the complete Signpost error code reference. Related Resources See AgentUsage/api_usage.md for complete documentation including: Bash request patterns Conditional requests (ETags) Advanced caching strategies Specific API examples (GitHub, OpenWeather)