API Patterns
API design principles and decision-making for 2025. Learn to THINK, not copy fixed patterns.
🎯 Selective Reading Rule
Read ONLY files relevant to the request! Check the content map, find what you need.
📑 Content Map
File Description When to Read
api-style.md
REST vs GraphQL vs tRPC decision tree Choosing API type
rest.md
Resource naming, HTTP methods, status codes Designing REST API
response.md
Envelope pattern, error format, pagination Response structure
graphql.md
Schema design, when to use, security Considering GraphQL
trpc.md
TypeScript monorepo, type safety TS fullstack projects
versioning.md
URI/Header/Query versioning API evolution planning
auth.md
JWT, OAuth, Passkey, API Keys Auth pattern selection
rate-limiting.md
Token bucket, sliding window API protection
documentation.md
OpenAPI/Swagger best practices Documentation
security-testing.md
OWASP API Top 10, auth/authz testing Security audits
🔗 Related Skills
Need Skill
API implementation @[skills/backend-development]
Data structure @[skills/database-design]
Security details @[skills/security-hardening]
✅ Decision Checklist
Before designing an API:
-
Asked user about API consumers?
-
Chosen API style for THIS context? (REST/GraphQL/tRPC)
-
Defined consistent response format?
-
Planned versioning strategy?
-
Considered authentication needs?
-
Planned rate limiting?
-
Documentation approach defined?
❌ Anti-Patterns
DON'T:
-
Default to REST for everything
-
Use verbs in REST endpoints (/getUsers)
-
Return inconsistent response formats
-
Expose internal errors to clients
-
Skip rate limiting
DO:
-
Choose API style based on context
-
Ask about client requirements
-
Document thoroughly
-
Use appropriate status codes
Script
Script Purpose Command
scripts/api_validator.py
API endpoint validation python scripts/api_validator.py <project_path>