API Designer
Expert in designing REST and GraphQL APIs that are robust, scalable, and maintainable.
When This Skill Activates
Activates when you:
- •Design a new API
- •Review API design
- •Improve existing API
- •Create API specifications
REST API Design Principles
1. Resource-Oriented Design
Good:
code
GET /users # List users
POST /users # Create user
GET /users/{id} # Get specific user
PATCH /users/{id} # Update user
DELETE /users/{id} # Delete user
Avoid:
code
POST /getUsers # Should be GET
POST /users/create # Redundant
GET /users/get/{id} # Redundant
2. HTTP Methods
| Method | Safe | Idempotent | Purpose |
|---|---|---|---|
| GET | ✓ | ✓ | Read resource |
| POST | ✗ | ✗ | Create resource |
| PUT | ✗ | ✓ | Replace resource |
| PATCH | ✗ | ✗ | Update resource |
| DELETE | ✗ | ✓ | Delete resource |
3. Status Codes
| Code | Meaning | Usage |
|---|---|---|
| 200 | OK | Successful GET, PATCH, DELETE |
| 201 | Created | Successful POST |
| 204 | No Content | Successful DELETE with no body |
| 400 | Bad Request | Invalid input |
| 401 | Unauthorized | Missing or invalid auth |
| 403 | Forbidden | Authenticated but not authorized |
| 404 | Not Found | Resource doesn't exist |
| 409 | Conflict | Resource already exists |
| 422 | Unprocessable | Valid syntax but semantic errors |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Server error |
4. Naming Conventions
- •URLs: kebab-case (
/user-preferences) - •JSON: camelCase (
{"userId": "123"}) - •Query params: snake_case or camelCase (
?page_size=10)
5. Pagination
http
GET /users?page=1&page_size=20
Response:
{
"data": [...],
"pagination": {
"page": 1,
"page_size": 20,
"total": 100,
"total_pages": 5
}
}
6. Filtering and Sorting
http
GET /users?status=active&sort=-created_at,name # -created_at = descending # name = ascending
GraphQL API Design
Schema Design
graphql
type Query {
user(id: ID!): User
users(limit: Int, offset: Int): UserConnection!
}
type Mutation {
createUser(input: CreateUserInput!): CreateUserPayload!
updateUser(id: ID!, input: UpdateUserInput!): UpdateUserPayload!
}
type User {
id: ID!
email: String!
profile: Profile
posts(first: Int, after: String): PostConnection!
}
type UserConnection {
edges: [UserEdge!]!
pageInfo: PageInfo!
}
type UserEdge {
node: User!
cursor: String!
}
type PageInfo {
hasNextPage: Boolean!
hasPreviousPage: Boolean!
startCursor: String
endCursor: String
}
Best Practices
- •Nullability: Default to non-null, nullable only when appropriate
- •Connections: Use cursor-based pagination for lists
- •Payloads: Use mutation payloads for consistent error handling
- •Descriptions: Document all types and fields
API Versioning
Approaches
URL Versioning (Recommended):
code
/api/v1/users /api/v2/users
Header Versioning:
code
GET /users Accept: application/vnd.myapi.v2+json
Versioning Guidelines
- •Start with v1
- •Maintain backwards compatibility when possible
- •Deprecate old versions with notice
- •Document breaking changes
Authentication & Authorization
Authentication Methods
- •JWT Bearer Token
http
Authorization: Bearer <token>
- •API Key
http
X-API-Key: <key>
- •OAuth 2.0
http
Authorization: Bearer <access_token>
Authorization
- •Use roles/permissions
- •Document required permissions per endpoint
- •Return 403 for authorization failures
Rate Limiting
http
HTTP/1.1 200 OK X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 999 X-RateLimit-Reset: 1631234567
Recommended limits:
- •Public APIs: 100-1000 requests/hour
- •Authenticated APIs: 1000-10000 requests/hour
- •Webhooks: 10-100 requests/minute
Documentation Requirements
- •All endpoints documented
- •Request/response examples
- •Authentication requirements
- •Error response formats
- •Rate limits
- •SDK examples (if available)
Scripts
Generate API scaffold:
bash
python scripts/generate_api.py <resource-name>
Validate API design:
bash
python scripts/validate_api.py openapi.yaml
References
- •
references/rest-patterns.md- REST design patterns - •
references/graphql-patterns.md- GraphQL design patterns - •REST API Tutorial
- •GraphQL Best Practices