菜单
REST API design with resource naming, pagination, versioning, and OpenAPI spec generation
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | api-design-patterns |
| description | REST API design with resource naming, pagination, versioning, and OpenAPI spec generation |
/users, /orders, /products/users/{id}/orders/user-profiles, not /userProfiles/users/{id}/activate is wrong, use POST /users/{id}/activation| Method | Purpose | Idempotent | Request Body | Success Code |
|---|---|---|---|---|
| GET | Read resource(s) | Yes | No | 200 |
| POST | Create resource | No | Yes | 201 |
| PUT | Full replace | Yes | Yes | 200 |
| PATCH | Partial update | No | Yes | 200 |
| DELETE | Remove resource | Yes | No | 204 |
Return Location header on POST with the URL of the created resource.
200 OK - Successful read/update
201 Created - Successful creation
204 No Content - Successful delete
400 Bad Request - Validation error (include field-level errors)
401 Unauthorized - Missing or invalid authentication
403 Forbidden - Authenticated but not authorized
404 Not Found - Resource does not exist
409 Conflict - State conflict (duplicate, version mismatch)
422 Unprocessable - Semantically invalid (valid JSON, bad values)
429 Too Many Reqs - Rate limited (include Retry-After header)
500 Internal Error - Unhandled server error (never expose stack traces)
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Request validation failed",
"details": [
{ "field": "email", "message": "Must be a valid email address" },
{ "field": "age", "message": "Must be at least 18" }
]
}
}
Use consistent error codes across the API. Document every code in your API reference.
GET /users?limit=20&cursor=eyJpZCI6MTAwfQ
Response:
{
"data": [...],
"pagination": {
"next_cursor": "eyJpZCI6MTIwfQ",
"has_more": true
}
}
Use cursor pagination for large or frequently changing datasets. Encode cursors as opaque base64 strings. Never expose raw IDs in cursors.
GET /users?page=3&per_page=20
Response:
{
"data": [...],
"pagination": {
"page": 3,
"per_page": 20,
"total": 245,
"total_pages": 13
}
}
Only use offset pagination when total count is cheap and dataset is small.
GET /orders?status=pending&created_after=2025-01-01&sort=-created_at,+total
GET /products?category=electronics&price_min=100&price_max=500
GET /users?search=john&fields=id,name,email
Use field selection (fields param) to reduce payload size. Prefix sort fields with - for descending.
Prefer URL path versioning for simplicity:
/api/v1/users
/api/v2/users
Rules:
Sunset header and 6-month noticeContent-Type: application/json
Accept: application/json
Authorization: Bearer <token>
X-Request-Id: <uuid> # For tracing
X-RateLimit-Limit: 100 # Requests per window
X-RateLimit-Remaining: 47 # Remaining in window
X-RateLimit-Reset: 1700000000 # Window reset Unix timestamp
Retry-After: 30 # Seconds until rate limit resets
Always return X-Request-Id in responses for debugging.
$ref for shared schemas: $ref: '#/components/schemas/User'examples for every endpointoneOf/anyOf for polymorphic responsespaths:
/users/{id}:
get:
operationId: getUser
parameters:
- name: id
in: path
required: true
schema:
type: string
format: uuid
responses:
'200':
description: User found
content:
application/json:
schema:
$ref: '#/components/schemas/User'
'404':
$ref: '#/components/responses/NotFound'
429 with Retry-After headerRoute broad or ambiguous AgentKit SEO work to the right module while keeping context scoped. Use when a request spans multiple surfaces, asks for overall digital-presence strategy, involves provider or install architecture, needs agent-context planning, or the correct platform skill is unclear.
Persistent memory system for Claude Code. Two-layer architecture (hot cache + knowledge wiki), safety hooks, /close-day end-of-day synthesis. Zero external dependencies.
Claude-native deep research using DAG-based query planning, parallel subagent execution, and gap-driven iteration. No external API needed.
Web accessibility patterns for WCAG 2.2 compliance including ARIA, keyboard navigation, screen readers, and testing
Authentication and authorization patterns including OAuth2, JWT, RBAC, session management, and PKCE flows
AWS cloud patterns for Lambda, ECS, S3, DynamoDB, and Infrastructure as Code with CDK/Terraform