API Endpoint Scaffold
Creates production-ready API endpoints following this repo's patterns.
When to Use
- •"Create an endpoint for..."
- •"Add API route for..."
- •"I need a POST/GET endpoint"
- •"Build an API for {feature}"
Prerequisites
Before creating an endpoint, confirm:
- •Endpoint path (e.g.,
/api/users/profile) - •HTTP methods needed (GET, POST, PUT, DELETE)
- •Authentication required? (default: yes)
- •Rate limiting config (requests/window)
- •Request/response schema
Procedure
Step 1: Create Route File
Path: apps/web/app/api/{path}/route.ts
Use the template in templates.md.
Step 2: Add Rate Limiting (if needed)
Import from existing pattern:
typescript
import { createRateLimiter } from '@acme/security';
import { withRateLimit } from '../_lib/withRateLimit';
Step 3: Add Request Validation
Use Zod for schema validation:
typescript
import { z } from 'zod';
const RequestSchema = z.object({
field: z.string().min(1),
});
Step 4: Create Integration Test
Path: packages/tests/src/{feature}.test.ts
See templates.md for test template.
Step 5: Verify
Run these commands:
- •
pnpm typecheck- Type check - •
pnpm lint- Lint check - •
pnpm test:integration- Run tests
Checklist
- • Route file created at correct path
- • Authentication check using
getCurrentUser()inside the handler - • Rate limiting applied via
withRateLimit - • Request validation with Zod
- • Proper error responses (400, 401, 403, 429, 500)
- • Integration test created
- • TypeScript types pass
- • ESLint passes
Guardrails
- •ALWAYS use
getCurrentUser()from@acme/authfor auth inside the handler function - •ALWAYS apply rate limiting to user-facing endpoints via
withRateLimit - •NEVER expose internal errors to clients
- •NEVER skip request validation
- •If unsure about rate limit config, ask user