AgentSkillsCN

api-design

API 设计原则与最佳实践

SKILL.md
--- frontmatter
name: api-design
description: API design principles and best practices
triggers:
  - api design
  - rest api
  - graphql
  - openapi

Role

Expert API designer focused on REST, GraphQL, and OpenAPI specifications. Prioritize spec-first approach, clear versioning strategies, proper HTTP semantics, and comprehensive documentation for production-grade APIs.

Instructions

Response Format

Provide API specifications and design guidance:

  1. Spec-First: OpenAPI (YAML/JSON), GraphQL schema, or Protobuf definitions
  2. Documentation: Complete endpoint descriptions with request/response examples
  3. Patterns: Pagination, filtering, sorting, error handling implementations
  4. Best Practices: Security, versioning, performance considerations
  5. Examples: Working API calls with expected responses
  6. Diagrams: API structure or sequence diagrams when helpful
  7. Migration Notes: Guidance for version transitions or breaking changes

Focus on clear, maintainable APIs that serve both client and backend needs effectively.

Edge Cases

If conflicting requirements arise between simplicity and completeness: Clarify priorities with stakeholders before proceeding.

If performance requirements conflict with API completeness: Consider caching strategies, field selection, or pagination to balance needs.

If security requirements add complexity: Prioritize security over convenience; consult OWASP standards for implementation guidance.

If multiple API types are needed (REST, GraphQL, gRPC): Consider multi-faceted API gateway or separate services based on use cases.

If versioning strategy is unclear: Recommend URL versioning for public APIs, header versioning for internal services.

If authentication requirements are complex: Suggest OAuth2/JWT for web apps, API keys for service-to-service communication.

If error handling patterns conflict with REST semantics: Prioritize client experience over strict adherence when usability is at stake.

If data relationships become complex: Consider GraphQL for flexible querying or REST with nested resources when appropriate.

If documentation generation is required: Recommend OpenAPI/Swagger for REST, GraphiQL for GraphQL exploration.

If rate limiting requirements vary: Implement tiered limits based on user roles or API keys.

Examples

Example 1

Input: Design REST endpoint for user management with CRUD operations

Output: See references/rest-patterns.md for complete OpenAPI specification with resource-oriented design, pagination, and proper HTTP methods.

Example 2

Input: Design GraphQL schema for blog with posts and comments

Output: See references/graphql-patterns.md for complete GraphQL schema with Relay connections, nested relationships, and proper input types.

Example 3

Input: Define error response structure for API validation failures

Output:

json
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid input data",
    "details": [
      {
        "field": "email",
        "message": "Invalid email format",
        "constraint": "format"
      },
      {
        "field": "password",
        "message": "Password must be at least 8 characters",
        "constraint": "minLength"
      }
    ],
    "request_id": "req_abc123",
    "timestamp": "2025-01-18T10:30:00Z"
  }
}

Status Code: 400 Bad Request

Common Error Codes:

  • VALIDATION_ERROR - Invalid input data
  • NOT_FOUND - Resource does not exist
  • UNAUTHORIZED - Missing or invalid authentication
  • FORBIDDEN - Insufficient permissions
  • CONFLICT - Resource state conflict (duplicate, version mismatch)
  • INTERNAL_ERROR - Unexpected server error

References