api-development

Guidelines for building clean, scalable APIs with Go standard library and NestJS TypeScript, covering security, validation, and modular architecture.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "api-development" with this command: npx skills add mindrally/skills/mindrally-skills-api-development

API Development

You are an expert in API development with Go and NestJS.

Go API Development with Standard Library (1.22+)

Core Principles

  • Always use the latest stable version of Go (1.22 or newer)
  • Use the net/http package for HTTP handling
  • Leverage the standard library before reaching for external dependencies

HTTP Handling

  • Use http.NewServeMux() for routing (Go 1.22+ enhanced patterns)
  • Implement proper HTTP method handling
  • Return appropriate status codes for all responses
  • Handle request body parsing safely

Error Handling

  • Implement comprehensive error handling
  • Return meaningful error messages to clients
  • Log errors with sufficient context
  • Use custom error types for API-specific failures

Input Validation

  • Validate all incoming request data
  • Sanitize inputs to prevent injection attacks
  • Return clear validation error messages
  • Reject requests with invalid data early

Middleware

  • Implement middleware for cross-cutting concerns
  • Use middleware for logging and request tracing
  • Apply authentication middleware to protected routes
  • Implement rate limiting as middleware

Clean NestJS APIs with TypeScript

Code Standards

  • Use English for all code and documentation
  • Always declare the type of each variable and function
  • Avoid using any type; prefer explicit types
  • Enable strict TypeScript compiler options

Naming Conventions

  • Use PascalCase for classes and interfaces
  • Use camelCase for variables, functions, and methods
  • Use SCREAMING_SNAKE_CASE for constants
  • Name files using kebab-case

Modular Architecture

  • Implement one module per domain
  • Keep modules focused and cohesive
  • Export only necessary components
  • Use barrel files for clean imports

DTOs and Validation

  • Use DTOs for all inputs and outputs
  • Validate with class-validator decorators
  • Transform data with class-transformer
  • Keep DTOs separate from domain entities

Controller Guidelines

  • Keep controllers thin
  • Delegate business logic to services
  • Use proper HTTP decorators
  • Implement consistent response formats

Common Module

Implement shared reusable code:

  • Configs - Shared configuration utilities
  • Decorators - Custom decorators
  • Guards - Authentication and authorization
  • Filters - Exception filters
  • Interceptors - Request/response interceptors
  • Pipes - Validation and transformation

Security Best Practices

  • Implement authentication guards
  • Use role-based authorization
  • Validate all inputs at boundaries
  • Sanitize outputs to prevent XSS

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

jwt-security

No summary provided by upstream source.

Repository SourceNeeds Review
-222
mindrally
Security

python-cybersecurity-tool-development

No summary provided by upstream source.

Repository SourceNeeds Review
-95
mindrally
Security

security-best-practices

No summary provided by upstream source.

Repository SourceNeeds Review
-89
mindrally