Skills api-design-framework
📦

api-design-framework

Low Risk 🌐 Network access

Design Consistent APIs with OpenAPI Templates

API teams often lose time resolving inconsistent routes, errors, versions, and documentation. This skill provides practical patterns, checklists, and templates for REST, GraphQL, gRPC, OpenAPI, and AsyncAPI work.

Supports: Claude Codex Code(CC)
🥉 77 Bronze
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "api-design-framework". Design a user management REST API for an internal admin tool.

Expected outcome:

  • A resource model with users, roles, and status fields.
  • A route list with methods for list, create, read, update, and delete operations.
  • A response strategy covering pagination, validation errors, authentication errors, and rate limits.

Using "api-design-framework". Review this GraphQL mutation design before implementation.

Expected outcome:

  • A checklist-based review of mutation input types, payload shape, nullable fields, and field-level errors.
  • A list of contract changes that improve client experience and backward compatibility.
  • A short set of follow-up questions for unresolved product or security decisions.

Using "api-design-framework". Document order lifecycle events for a message bus.

Expected outcome:

  • An AsyncAPI-oriented outline with channels, operations, messages, payload schemas, and security schemes.
  • Recommendations for event IDs, correlation IDs, timestamps, idempotency, and retry behavior.

Security Audit

Low Risk
v6 • 6/28/2026

Static analysis reported many high-risk patterns, but review found they are documentation examples, API route snippets, schema fields, and placeholder service URLs. No executable scripts, command execution, credential exfiltration, prompt injection, or malicious intent were found. The remaining low risk is that example URLs and auth placeholders must be customized before production use.

4
Files scanned
2,047
Lines analyzed
4
findings
6
Total audits
Low Risk Issues (3)
False Positive: Markdown API Examples Flagged as Shell Execution
Verdict: FALSE_POSITIVE. The static external command findings point to fenced markdown examples and inline API route examples, such as REST endpoints, GraphQL snippets, gRPC definitions, and checklist items. These files contain no executable scripts or command invocation instructions.
False Positive: API Security Terms Flagged as Weak Cryptography
Verdict: FALSE_POSITIVE. The weak cryptography alerts map to API authentication, token, password hash, request ID, and schema examples. The content discusses API security patterns and does not implement cryptographic code.
Placeholder Network URLs in Templates
Verdict: LOW_RISK_TRUE_POSITIVE. The OpenAPI and AsyncAPI templates include example URLs and hosts for support, servers, CDN assets, documentation, and webhooks. They are not active network calls, but users should replace placeholders before production use.
Audited by: codex View Audit History →

Quality Score

55
Architecture
100
Maintainability
87
Content
71
Community
84
Security
78
Spec Compliance

What You Can Build

Create a New Public REST API

Use the conventions and OpenAPI template to define endpoints, errors, authentication, rate limits, and documentation before implementation.

Review an API Contract Before Build

Use the checklist to compare a proposed contract against naming, versioning, error handling, performance, and launch requirements.

Document Event-Driven Services

Use the AsyncAPI template to describe Kafka, RabbitMQ, WebSocket, or message-based channels, payloads, and security schemes.

Try These Prompts

Choose an API Style
Help me choose REST, GraphQL, or gRPC for this service. Ask for missing requirements, then recommend an API style with tradeoffs.
Design REST Endpoints
Design REST endpoints for this resource model. Include routes, methods, status codes, pagination, filtering, errors, and versioning.
Review an Existing Contract
Review this API contract against the API design checklist. Identify inconsistencies, missing documentation, security gaps, and launch blockers.
Prepare Full API Documentation
Create an OpenAPI or AsyncAPI documentation plan for this service. Include schemas, operations, security schemes, examples, errors, and rollout notes.

Best Practices

  • Start with requirements, users, data ownership, and API style before naming endpoints.
  • Keep error formats, pagination, authentication, and versioning consistent across services.
  • Replace all placeholder URLs, contacts, examples, and security schemes before publishing documentation.

Avoid

  • Do not copy template endpoints or credentials into production without review.
  • Do not mix naming conventions, status code meanings, or error formats across one API.
  • Do not design breaking changes without versioning, deprecation notices, and migration guidance.

Frequently Asked Questions

Does this skill generate production-ready API code?
No. It provides design guidance, review checklists, and documentation templates for API planning.
Which API styles does it cover?
It covers REST, GraphQL, gRPC, OpenAPI 3.1, and AsyncAPI 3.0 documentation patterns.
Can I use it with Claude, Codex, and Claude Code?
Yes. The report marks support for Claude, Codex, and Claude Code.
Are the URLs in the templates active integrations?
No. They are placeholders and examples that must be replaced for real projects.
Does it include a security review process?
It includes API security checklist items, but it does not replace a dedicated security review.
When should I use this skill?
Use it when designing, reviewing, documenting, versioning, or standardizing backend APIs.