Our review
Generates a new Next.js API route in the App Router with TypeScript types, Zod input validation, error handling, and optional rate limiting or authentication.
Strengths
- Provides a standardized template with proper error handling and validation.
- Supports integration with Arcjet for rate limiting and Clerk for authentication.
- Generates clean TypeScript code with typed request validation.
- Reduces boilerplate and ensures consistent API route structure.
Limitations
- Only supports Next.js App Router, not Pages Router.
- Assumes specific libraries (Zod, Arcjet, Clerk) are already configured in the project.
- Does not cover advanced scenarios like file uploads or streaming responses.
When you need to quickly scaffold a new API endpoint in a Next.js App Router project with validation and security best practices.
When building routes in the Pages Router, or if you prefer a different validation library or authentication provider.
Security analysis
SafeThe skill provides a template for creating Next.js API routes with best practices like input validation, error handling, and optional rate limiting/authentication. It does not include any destructive, exfiltrating, or obfuscated instructions, and uses standard development patterns.
No concerns found
Examples
Add a new public API route called 'feedback' that accepts POST requests. Include Zod validation for an email and message field, and add Arcjet rate limiting.Create a protected API route for 'profile/update' that uses Clerk for authentication. It should accept a PUT method and validate a name field using Zod.Add API Route
Create a new Next.js API route with proper patterns.
Description
Creates a new API route in the Next.js App Router with:
- TypeScript types
- Zod input validation
- Error handling
- Rate limiting setup (optional)
- Authentication check (optional)
Instructions
- Create a new folder in
app/api/[route-name]/ - Create
route.tswith the appropriate HTTP handlers - Add Zod schema for request validation
- Include proper error handling with status codes
- Add rate limiting using Arcjet if public-facing
- Add Clerk authentication if the endpoint is protected
Parameters
route_name- The URL path for the route (e.g., "webhooks", "notifications")methods- HTTP methods to support (GET, POST, PUT, DELETE)is_public- Whether the route is public or requires authneeds_rate_limit- Whether to add Arcjet rate limiting
Template
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
// Input validation schema
const RequestSchema = z.object({
// Define your schema here
});
export async function POST(request: NextRequest) {
try {
const body = await request.json();
const validated = RequestSchema.parse(body);
// Your logic here
return NextResponse.json({ success: true });
} catch (error) {
if (error instanceof z.ZodError) {
return NextResponse.json(
{ error: 'Validation failed', details: error.errors },
{ status: 400 }
);
}
console.error('API Error:', error);
return NextResponse.json(
{ error: 'Internal server error' },
{ status: 500 }
);
}
}
Examples
Public endpoint with rate limiting
import { arcjet } from '@/lib/arcjet';
export async function POST(request: NextRequest) {
const decision = await arcjet.protect(request);
if (decision.isDenied()) {
return NextResponse.json({ error: 'Rate limited' }, { status: 429 });
}
// ... rest of handler
}
Protected endpoint
import { auth } from '@clerk/nextjs/server';
export async function POST(request: NextRequest) {
const { userId } = await auth();
if (!userId) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
// ... rest of handler
}
Next.js App Router Expert
Development
A skill that turns Claude into a Next.js App Router expert.
README Generator
Development
Creates professional and comprehensive README.md files for your projects.
API Documentation Writer
Development
Generates comprehensive API documentation in OpenAPI/Swagger format.