AgentSkillsCN

api-patterns

当您设计API、在REST/GraphQL/tRPC之间做出选择、定义响应格式、规划版本管理,或实施速率限制时,不妨采用这一方法。关键词:API设计、REST、GraphQL、tRPC、OpenAPI、版本管理、分页、速率限制、身份认证、状态码。

SKILL.md
--- frontmatter
name: api-patterns
description: Use cuando diseñes APIs, elijas entre REST/GraphQL/tRPC, definas formatos de respuesta, planifiques versionado, o implementes rate limiting. Keywords: API design, REST, GraphQL, tRPC, OpenAPI, versioning, pagination, rate limiting, authentication, status codes.

API Patterns

API design principles and decision-making for 2025. Learn to THINK, not copy fixed patterns.

🎯 Selective Reading Rule

Read ONLY files relevant to the request! Check the content map, find what you need.


📑 Content Map

FileDescriptionWhen to Read
references/api-style.mdREST vs GraphQL vs tRPC decision treeChoosing API type
references/rest.mdResource naming, HTTP methods, status codesDesigning REST API
references/response.mdEnvelope pattern, error format, paginationResponse structure
references/graphql.mdSchema design, when to use, securityConsidering GraphQL
references/trpc.mdTypeScript monorepo, type safetyTS fullstack projects
references/versioning.mdURI/Header/Query versioningAPI evolution planning
references/auth.mdJWT, OAuth, Passkey, API KeysAuth pattern selection
references/rate-limiting.mdToken bucket, sliding windowAPI protection
references/documentation.mdOpenAPI/Swagger best practicesDocumentation
references/security-testing.mdOWASP API Top 10, auth/authz testingSecurity audits

🚀 Quick Decision

code
Who are the API consumers?
│
├── Public API / Multiple platforms ────→ REST + OpenAPI
├── Complex data / Multiple frontends ──→ GraphQL
├── TypeScript monorepo ────────────────→ tRPC
├── Real-time / Event-driven ───────────→ WebSocket + AsyncAPI
└── Internal microservices ─────────────→ gRPC or REST

First question ALWAYS: ¿Quién va a consumir esta API?


🔗 Related Skills

NeedSkill
API implementation@[skills/backend-development]
Data structure@[skills/database-design]
Security details@[skills/security-hardening]

✅ Decision Checklist

Before designing an API:

  • Asked user about API consumers?
  • Chosen API style for THIS context? (REST/GraphQL/tRPC)
  • Defined consistent response format?
  • Planned versioning strategy?
  • Considered authentication needs?
  • Planned rate limiting?
  • Documentation approach defined?

⚠️ Racionalizaciones Comunes

ExcusaRealidad
"Siempre usamos REST"Evalúa consumidores primero - tRPC o GraphQL podrían ser mejores
"GraphQL es overkill"Para apps con datos complejos, reduce overfetching significativamente
"No necesitamos versionado"Los clientes romperán sin aviso cuando hagas breaking changes
"Rate limiting después"Implementar desde día 1 es 10x más fácil que retrofitting
"Los errores ya se manejan"Sin formato consistente, el frontend sufre

❌ Anti-Patterns

NUNCA:

  • Defaults a REST sin evaluar contexto
  • Verbos en endpoints REST (/getUsers/users)
  • Formatos de respuesta inconsistentes
  • Exponer errores internos al cliente
  • Saltear rate limiting

SIEMPRE:

  • Elegir estilo API basado en consumidores
  • Preguntar requisitos del cliente
  • Documentar exhaustivamente
  • Usar status codes apropiados

Script

ScriptPurposeCommand
scripts/api_validator.pyAPI endpoint validationpython scripts/api_validator.py <project_path>