# Design Allra Spring APIs

Backend teams need consistent API structure, DTO names, validation, and response patterns. This skill guides Claude, Codex, and Claude Code to follow Allra Spring Boot conventions.

## Install

```bash
npx skillstore add allra-fintech/allra-api-design
```

## Metadata

- - Slug: allra-fintech-allra-api-design
- - Version: 1.0.0
- - Author: Allra-Fintech
- - GitHub username: Allra-Fintech
- - License: MIT
- - Repository: https://github.com/Allra-Fintech/allra-ai-skills/tree/main/backend-plugin/skills/api-design
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: safe
- - Quality score: 80
- - Quality tier: silver
- - Public page: https://skillstore.pages.dev/skills/allra-fintech-allra-api-design
- - Manifest: https://skillstore.pages.dev/api/skills/allra-fintech-allra-api-design/manifest

## Capabilities

- Recommends domain-based package structure for Java backend features.
- Defines Request, Response, and internal DTO naming conventions.
- Encourages Java record usage for simple DTO classes.
- Shows Spring REST controller patterns for common CRUD endpoints.
- Describes Bean Validation expectations for request DTOs.
- Provides a checklist for new API endpoint work.

## Use Cases

- Create a New Domain API: Plan package folders, controller endpoints, request DTOs, response DTOs, and service boundaries for a new Spring domain.
- Standardize DTO Naming: Review request, response, internal transfer, query result, and event DTO names against Allra naming expectations.
- Prepare API Implementation Tasks: Turn a feature request into an implementation checklist aligned with Allra REST and validation conventions.

## Prompt Templates

### Plan a Simple API

```
Use the Allra API design rules to plan a new Spring Boot API for [domain]. Include package structure, endpoint names, and DTO names.
```

### Review DTO Names

```
Review these DTO names for Allra conventions: [names]. Identify which should be Request, Response, or internal Dto types.
```

### Design Validation Rules

```
Design request DTO validation for [operation]. Follow the Allra guidance for Spring Bean Validation and explain each required field.
```

### Audit an API Design

```
Evaluate this Spring API design against Allra package, DTO, controller, response, and checklist standards. Provide concrete corrections: [design].
```

## Limitations

- It documents conventions but does not generate complete production services by itself.
- It is tailored to Allra backend standards and may need adaptation for other teams.
- It does not include authentication, authorization, or database transaction policy details.
- It does not validate live code or run automated tests.

## Best Practices

- Start from the domain package structure before naming classes.
- Keep client DTOs and internal DTOs separate by naming and package location.
- Apply validation to every request DTO that receives client input.

## Anti Patterns

- Mixing controller, entity, repository, and service code in one package.
- Using internal DTOs as public API response contracts.
- Creating request DTOs without validation for required client fields.

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-06-28T09:23:00.987\+00:00
- - Summary: Static analysis reported external command, weak cryptography, and reconnaissance patterns in SKILL.md. Manual review found these are false positives from Markdown code fences, inline examples, and descriptive text. No executable scripts, network access, filesystem access, prompt injection, or malicious intent were found.

## Stats

- - Views: 233
- - Downloads: 8
- - Favorites: 0
- - Popularity score: 0