AgentSkillsCN

api-patterns

适用于此SaaS应用的REST API设计模式、身份验证和错误处理

SKILL.md
--- frontmatter
name: api-patterns
description: REST API design patterns, authentication, and error handling for this SaaS application
allowed-tools: Read, Grep, Glob

API Patterns

Authentication

JWT Token Structure

typescript
interface JWTPayload {
  sub: string;        // User ID
  email: string;
  role: 'user' | 'admin';
  iat: number;
  exp: number;
}

Auth Middleware

typescript
// Always use authMiddleware for protected routes
import { authMiddleware } from '@/middleware/auth';

router.get('/protected', authMiddleware, handler);

Error Handling

Standard Error Codes

CodeHTTP StatusDescription
AUTH_REQUIRED401Missing or invalid token
FORBIDDEN403Insufficient permissions
NOT_FOUND404Resource not found
VALIDATION_ERROR400Invalid request body
RATE_LIMITED429Too many requests
INTERNAL_ERROR500Server error

Error Response Format

typescript
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Email is required",
    "details": { "field": "email" }
  }
}

Pagination

Request

code
GET /api/users?page=1&limit=20&sort=createdAt&order=desc

Response

typescript
{
  "data": [...],
  "meta": {
    "page": 1,
    "limit": 20,
    "total": 150,
    "totalPages": 8
  }
}

Rate Limiting

  • Authenticated: 1000 requests/hour
  • Unauthenticated: 100 requests/hour
  • Endpoint-specific limits in src/config/rateLimit.ts

Validation

Use Zod for all request validation:

typescript
import { z } from 'zod';

const createUserSchema = z.object({
  email: z.string().email(),
  name: z.string().min(2).max(100),
  password: z.string().min(8),
});