Reference skill for API design. Load when build-workflow needs API guidance. Covers REST, GraphQL, error handling, and security patterns.
This skill inherits all available tools. When active, it can use any tool Claude has access to.
GET /users - List users
GET /users/:id - Get single user
POST /users - Create user
PUT /users/:id - Update user (full)
PATCH /users/:id - Update user (partial)
DELETE /users/:id - Delete user
// Success
{
"data": { "id": 1, "name": "John" },
"meta": { "timestamp": "2024-01-01T00:00:00Z" }
}
// Error
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Email is required",
"details": [{ "field": "email", "issue": "required" }]
}
}
| Code | When to Use |
|---|---|
| 200 | Success (GET, PUT, PATCH) |
| 201 | Created (POST) |
| 204 | No content (DELETE) |
| 400 | Bad request (validation) |
| 401 | Unauthorized (no auth) |
| 403 | Forbidden (no permission) |
| 404 | Not found |
| 409 | Conflict (duplicate) |
| 500 | Server error |
// Always validate at API boundary
function createUser(req, res) {
const { email, name } = req.body;
if (!email || !isValidEmail(email)) {
return res.status(400).json({
error: { code: 'VALIDATION_ERROR', message: 'Invalid email' }
});
}
// Proceed with valid data
}
// JWT in header
Authorization: Bearer <token>
// Middleware
function authMiddleware(req, res, next) {
const token = req.headers.authorization?.split(' ')[1];
if (!token) return res.status(401).json({ error: 'Unauthorized' });
try {
req.user = verifyToken(token);
next();
} catch {
res.status(401).json({ error: 'Invalid token' });
}
}
GET /users?page=1&limit=20
Response:
{
"data": [...],
"meta": {
"page": 1,
"limit": 20,
"total": 100,
"totalPages": 5
}
}