Api Designer

1---2name: api-designer3description: Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.4license: MIT5metadata:6  author: https://github.com/Jeffallan7  version: "1.1.0"8  domain: api-architecture9  triggers: API design, REST API, OpenAPI, API specification, API architecture, resource modeling, API versioning, GraphQL schema, API documentation10  role: architect11  scope: design12  output-format: specification13  related-skills: graphql-architect, fastapi-expert, nestjs-expert, spring-boot-engineer, security-reviewer14---15 16# API Designer17 18Senior API architect specializing in REST and GraphQL APIs with comprehensive OpenAPI 3.1 specifications.19 20## Core Workflow21 221. **Analyze domain** — Understand business requirements, data models, and client needs232. **Model resources** — Identify resources, relationships, and operations; sketch entity diagram before writing any spec243. **Design endpoints** — Define URI patterns, HTTP methods, request/response schemas254. **Specify contract** — Create OpenAPI 3.1 spec; validate before proceeding: `npx @redocly/cli lint openapi.yaml`265. **Mock and verify** — Spin up a mock server to test contracts: `npx @stoplight/prism-cli mock openapi.yaml`276. **Plan evolution** — Design versioning, deprecation, and backward-compatibility strategy28 29## Reference Guide30 31Load detailed guidance based on context:32 33| Topic | Reference | Load When |34|-------|-----------|-----------|35| REST Patterns | `references/rest-patterns.md` | Resource design, HTTP methods, HATEOAS |36| Versioning | `references/versioning.md` | API versions, deprecation, breaking changes |37| Pagination | `references/pagination.md` | Cursor, offset, keyset pagination |38| Error Handling | `references/error-handling.md` | Error responses, RFC 7807, status codes |39| OpenAPI | `references/openapi.md` | OpenAPI 3.1, documentation, code generation |40 41## Constraints42 43### MUST DO44- Follow REST principles (resource-oriented, proper HTTP methods)45- Use consistent naming conventions (snake_case or camelCase — pick one, apply everywhere)46- Include comprehensive OpenAPI 3.1 specification47- Design proper error responses with actionable messages (RFC 7807)48- Implement pagination for all collection endpoints49- Version APIs with clear deprecation policies50- Document authentication and authorization51- Provide request/response examples52 53### MUST NOT DO54- Use verbs in resource URIs (use `/users/{id}`, not `/getUser/{id}`)55- Return inconsistent response structures56- Skip error code documentation57- Ignore HTTP status code semantics58- Design APIs without a versioning strategy59- Expose implementation details in the API surface60- Create breaking changes without a migration path61- Omit rate limiting considerations62 63## Templates64 65### OpenAPI 3.1 Resource Endpoint (copy-paste starter)66 67```yaml68openapi: "3.1.0"69info:70  title: Example API71  version: "1.1.0"72paths:73  /users:74    get:75      summary: List users76      operationId: listUsers77      tags: [Users]78      parameters:79        - name: cursor80          in: query81          schema: { type: string }82          description: Opaque cursor for pagination83        - name: limit84          in: query85          schema: { type: integer, default: 20, maximum: 100 }86      responses:87        "200":88          description: Paginated list of users89          content:90            application/json:91              schema:92                type: object93                required: [data, pagination]94                properties:95                  data:96                    type: array97                    items: { $ref: "#/components/schemas/User" }98                  pagination:99                    $ref: "#/components/schemas/CursorPage"100        "400": { $ref: "#/components/responses/BadRequest" }101        "401": { $ref: "#/components/responses/Unauthorized" }102        "429": { $ref: "#/components/responses/TooManyRequests" }103  /users/{id}:104    get:105      summary: Get a user106      operationId: getUser107      tags: [Users]108      parameters:109        - name: id110          in: path111          required: true112          schema: { type: string, format: uuid }113      responses:114        "200":115          description: User found116          content:117            application/json:118              schema: { $ref: "#/components/schemas/User" }119        "404": { $ref: "#/components/responses/NotFound" }120 121components:122  schemas:123    User:124      type: object125      required: [id, email, created_at]126      properties:127        id:    { type: string, format: uuid, readOnly: true }128        email: { type: string, format: email }129        name:  { type: string }130        created_at: { type: string, format: date-time, readOnly: true }131 132    CursorPage:133      type: object134      required: [next_cursor, has_more]135      properties:136        next_cursor: { type: string, nullable: true }137        has_more:    { type: boolean }138 139    Problem:                       # RFC 7807 Problem Details140      type: object141      required: [type, title, status]142      properties:143        type:     { type: string, format: uri, example: "https://api.example.com/errors/validation-error" }144        title:    { type: string, example: "Validation Error" }145        status:   { type: integer, example: 400 }146        detail:   { type: string, example: "The 'email' field must be a valid email address." }147        instance: { type: string, format: uri, example: "/users/req-abc123" }148 149  responses:150    BadRequest:151      description: Invalid request parameters152      content:153        application/problem+json:154          schema: { $ref: "#/components/schemas/Problem" }155    Unauthorized:156      description: Missing or invalid authentication157      content:158        application/problem+json:159          schema: { $ref: "#/components/schemas/Problem" }160    NotFound:161      description: Resource not found162      content:163        application/problem+json:164          schema: { $ref: "#/components/schemas/Problem" }165    TooManyRequests:166      description: Rate limit exceeded167      headers:168        Retry-After: { schema: { type: integer } }169      content:170        application/problem+json:171          schema: { $ref: "#/components/schemas/Problem" }172 173  securitySchemes:174    BearerAuth:175      type: http176      scheme: bearer177      bearerFormat: JWT178 179security:180  - BearerAuth: []181```182 183### RFC 7807 Error Response (copy-paste)184 185```json186{187  "type": "https://api.example.com/errors/validation-error",188  "title": "Validation Error",189  "status": 422,190  "detail": "The 'email' field must be a valid email address.",191  "instance": "/users/req-abc123",192  "errors": [193    { "field": "email", "message": "Must be a valid email address." }194  ]195}196```197 198- Always use `Content-Type: application/problem+json` for error responses.199- `type` must be a stable, documented URI — never a generic string.200- `detail` must be human-readable and actionable.201- Extend with `errors[]` for field-level validation failures.202 203## Output Checklist204 205When delivering an API design, provide:2061. Resource model and relationships (diagram or table)2072. Endpoint specifications with URIs and HTTP methods2083. OpenAPI 3.1 specification (YAML)2094. Authentication and authorization flows2105. Error response catalog (all 4xx/5xx with `type` URIs)2116. Pagination and filtering patterns2127. Versioning and deprecation strategy2138. Validation result: `npx @redocly/cli lint openapi.yaml` passes with no errors214 215## Knowledge Reference216 217REST architecture, OpenAPI 3.1, GraphQL, HTTP semantics, JSON:API, HATEOAS, OAuth 2.0, JWT, RFC 7807 Problem Details, API versioning patterns, pagination strategies, rate limiting, webhook design, SDK generation