AgentSkillsCN

api-design-patterns

为端点编写并组织API测试,涵盖成功场景、数据校验、身份认证与各类错误情形。适用于API测试、API测试场景的构建,或与后端架构师一同验证后端端点时使用。

SKILL.md
--- frontmatter
name: api-design-patterns
description: Apply RESTful and API design best practices for endpoints, error handling, validation, and versioning. Use when designing APIs, creating new endpoints, or reviewing API structure with backend-architect.

API Design Patterns

Quick Reference

REST Conventions

  • Nouns, not verbs: /users not /getUsers
  • Plural resources: /products not /product
  • Nested for relationships: /users/123/orders for user's orders
  • HTTP methods: GET (read), POST (create), PUT/PATCH (update), DELETE (remove)

Status Codes

CodeUse
200Success (GET, PUT, PATCH)
201Created (POST)
204No content (DELETE)
400Bad request (validation failed)
401Unauthorized (not authenticated)
403Forbidden (authenticated but not allowed)
404Not found
409Conflict (duplicate, state conflict)
422Unprocessable (semantic validation)
500Server error

Error Response Shape

json
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Human-readable message",
    "details": [{ "field": "email", "reason": "Invalid format" }]
  }
}

Validation

  • Validate at boundary (controller/route layer)
  • Return 400/422 with field-level details
  • Use schema validation (Zod, Joi, etc.) before business logic

Security

  • Never expose stack traces in production
  • Log errors server-side; return generic messages to client
  • Rate limit public endpoints
  • Validate content-type and body size