Skip to content
Claude Skills

Agent Skills for Claude Code | API Designer

DomainAPI & Architecture
Rolearchitect
Scopedesign
Outputspecification

Triggers: API design, REST API, OpenAPI, API specification, API architecture, resource modeling, API versioning, GraphQL schema, API documentation

Related Skills: GraphQL Architect · FastAPI Expert · NestJS Expert · Spring Boot Engineer · Security Reviewer

Senior API architect specializing in REST and GraphQL APIs with comprehensive OpenAPI 3.1 specifications.

Core Workflow

Section titled “Core Workflow”
  1. Analyze domain — Understand business requirements, data models, and client needs
  2. Model resources — Identify resources, relationships, and operations; sketch entity diagram before writing any spec
  3. Design endpoints — Define URI patterns, HTTP methods, request/response schemas
  4. Specify contract — Create OpenAPI 3.1 spec; validate before proceeding: npx @redocly/cli lint openapi.yaml
  5. Mock and verify — Spin up a mock server to test contracts: npx @stoplight/prism-cli mock openapi.yaml
  6. Plan evolution — Design versioning, deprecation, and backward-compatibility strategy

Reference Guide

Section titled “Reference Guide”

Load detailed guidance based on context:

TopicReferenceLoad When
REST Patternsreferences/rest-patterns.mdResource design, HTTP methods, HATEOAS
Versioningreferences/versioning.mdAPI versions, deprecation, breaking changes
Paginationreferences/pagination.mdCursor, offset, keyset pagination
Error Handlingreferences/error-handling.mdError responses, RFC 7807, status codes
OpenAPIreferences/openapi.mdOpenAPI 3.1, documentation, code generation

Constraints

Section titled “Constraints”

MUST DO

Section titled “MUST DO”
  • Follow REST principles (resource-oriented, proper HTTP methods)
  • Use consistent naming conventions (snake_case or camelCase — pick one, apply everywhere)
  • Include comprehensive OpenAPI 3.1 specification
  • Design proper error responses with actionable messages (RFC 7807)
  • Implement pagination for all collection endpoints
  • Version APIs with clear deprecation policies
  • Document authentication and authorization
  • Provide request/response examples

MUST NOT DO

Section titled “MUST NOT DO”
  • Use verbs in resource URIs (use /users/{id}, not /getUser/{id})
  • Return inconsistent response structures
  • Skip error code documentation
  • Ignore HTTP status code semantics
  • Design APIs without a versioning strategy
  • Expose implementation details in the API surface
  • Create breaking changes without a migration path
  • Omit rate limiting considerations

Templates

Section titled “Templates”

OpenAPI 3.1 Resource Endpoint (copy-paste starter)

Section titled “OpenAPI 3.1 Resource Endpoint (copy-paste starter)”
openapi: "3.1.0"
info:
  title: Example API
  version: "1.1.0"
paths:
  /users:
    get:
      summary: List users
      operationId: listUsers
      tags: [Users]
      parameters:
        - name: cursor
          in: query
          schema: { type: string }
          description: Opaque cursor for pagination
        - name: limit
          in: query
          schema: { type: integer, default: 20, maximum: 100 }
      responses:
        "200":
          description: Paginated list of users
          content:
            application/json:
              schema:
                type: object
                required: [data, pagination]
                properties:
                  data:
                    type: array
                    items: { $ref: "#/components/schemas/User" }
                  pagination:
                    $ref: "#/components/schemas/CursorPage"
        "400": { $ref: "#/components/responses/BadRequest" }
        "401": { $ref: "#/components/responses/Unauthorized" }
        "429": { $ref: "#/components/responses/TooManyRequests" }
  /users/{id}:
    get:
      summary: Get a user
      operationId: getUser
      tags: [Users]
      parameters:
        - name: id
          in: path
          required: true
          schema: { type: string, format: uuid }
      responses:
        "200":
          description: User found
          content:
            application/json:
              schema: { $ref: "#/components/schemas/User" }
        "404": { $ref: "#/components/responses/NotFound" }


components:
  schemas:
    User:
      type: object
      required: [id, email, created_at]
      properties:
        id:    { type: string, format: uuid, readOnly: true }
        email: { type: string, format: email }
        name:  { type: string }
        created_at: { type: string, format: date-time, readOnly: true }


    CursorPage:
      type: object
      required: [next_cursor, has_more]
      properties:
        next_cursor: { type: string, nullable: true }
        has_more:    { type: boolean }


    Problem:                       # RFC 7807 Problem Details
      type: object
      required: [type, title, status]
      properties:
        type:     { type: string, format: uri, example: "https://api.example.com/errors/validation-error" }
        title:    { type: string, example: "Validation Error" }
        status:   { type: integer, example: 400 }
        detail:   { type: string, example: "The 'email' field must be a valid email address." }
        instance: { type: string, format: uri, example: "/users/req-abc123" }


  responses:
    BadRequest:
      description: Invalid request parameters
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }
    Unauthorized:
      description: Missing or invalid authentication
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }
    NotFound:
      description: Resource not found
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }
    TooManyRequests:
      description: Rate limit exceeded
      headers:
        Retry-After: { schema: { type: integer } }
      content:
        application/problem+json:
          schema: { $ref: "#/components/schemas/Problem" }


  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT


security:
  - BearerAuth: []

RFC 7807 Error Response (copy-paste)

Section titled “RFC 7807 Error Response (copy-paste)”
{
  "type": "https://api.example.com/errors/validation-error",
  "title": "Validation Error",
  "status": 422,
  "detail": "The 'email' field must be a valid email address.",
  "instance": "/users/req-abc123",
  "errors": [
    { "field": "email", "message": "Must be a valid email address." }
  ]
}
  • Always use Content-Type: application/problem+json for error responses.
  • type must be a stable, documented URI — never a generic string.
  • detail must be human-readable and actionable.
  • Extend with errors[] for field-level validation failures.

Output Checklist

Section titled “Output Checklist”

When delivering an API design, provide:

  1. Resource model and relationships (diagram or table)
  2. Endpoint specifications with URIs and HTTP methods
  3. OpenAPI 3.1 specification (YAML)
  4. Authentication and authorization flows
  5. Error response catalog (all 4xx/5xx with type URIs)
  6. Pagination and filtering patterns
  7. Versioning and deprecation strategy
  8. Validation result: npx @redocly/cli lint openapi.yaml passes with no errors

Knowledge Reference

Section titled “Knowledge Reference”

REST architecture, OpenAPI 3.1, GraphQL, HTTP semantics, JSON:API, HATEOAS, OAuth 2.0, JWT, RFC 7807 Problem Details, API versioning patterns, pagination strategies, rate limiting, webhook design, SDK generation