Our review
Provides REST API design principles, detailed FastAPI implementation, and authentication practices for APIs.
Strengths
- Covers resource naming, HTTP methods, and status codes
- Concrete Python examples with FastAPI
- Includes JWT authentication and error handling
Limitations
- Focuses on FastAPI, less useful for other frameworks
- Does not address scaling or performance
- JWT authentication is presented in a simplified manner
When designing or implementing a new REST API or adding features to an existing one.
If you are working with GraphQL APIs or event-driven architectures.
Security analysis
SafeThe skill provides standard REST API guidance and code examples with no destructive, exfiltrating, or obfuscated instructions. It uses Bash for API testing examples but nothing risky.
No concerns found
Examples
Design a REST API for managing agents with CRUD operations following REST best practices. Include resource naming, HTTP methods, and status codes.Implement a FastAPI endpoint for creating a new agent with validation using Pydantic models. Include proper status codes and error handling.Add JWT authentication to an existing FastAPI REST API using OAuth2PasswordBearer and a dependency for getting the current user.name: restapi description: REST API design, implementation, and best practices. Activate for API endpoints, HTTP methods, status codes, authentication, and API documentation. allowed-tools:
- Bash
- Read
- Write
- Edit
- Glob
- Grep
REST API Skill
Provides comprehensive REST API design and implementation capabilities for the Golden Armada AI Agent Fleet Platform.
When to Use This Skill
Activate this skill when working with:
- API endpoint design
- HTTP request/response handling
- API authentication
- OpenAPI documentation
- API testing
REST API Design Principles
Resource Naming
```
Good - nouns, plural
GET /agents GET /agents/{id} POST /agents PUT /agents/{id} DELETE /agents/{id}
Nested resources
GET /agents/{id}/tasks POST /agents/{id}/tasks
Bad - verbs, actions
GET /getAgents POST /createAgent ```
HTTP Methods
| Method | Usage | Idempotent | |--------|-------|------------| | GET | Read resource | Yes | | POST | Create resource | No | | PUT | Replace resource | Yes | | PATCH | Partial update | No | | DELETE | Delete resource | Yes |
Status Codes
```
Success
200 OK - Successful GET, PUT, PATCH 201 Created - Successful POST 204 No Content - Successful DELETE
Client Errors
400 Bad Request - Validation error 401 Unauthorized - Authentication required 403 Forbidden - Not permitted 404 Not Found - Resource not found 409 Conflict - Duplicate/conflict 422 Unprocessable - Semantic validation error
Server Errors
500 Internal Error - Server error 502 Bad Gateway - Upstream error 503 Service Unavailable - Temporary overload ```
API Implementation (FastAPI)
```python from fastapi import FastAPI, HTTPException, Query, Path, Depends, status from typing import List, Optional from pydantic import BaseModel, Field
app = FastAPI(title="Golden Armada API", version="1.0.0")
Models
class AgentCreate(BaseModel): name: str = Field(..., min_length=1, max_length=100) type: str = Field(..., pattern="^(claude|gpt|gemini)$")
class AgentResponse(BaseModel): id: str name: str type: str status: str created_at: datetime
Endpoints
@app.get("/agents", response_model=List[AgentResponse]) async def list_agents( skip: int = Query(0, ge=0), limit: int = Query(100, ge=1, le=1000), status: Optional[str] = Query(None) ): """List all agents with pagination and filtering.""" return await agent_service.list(skip=skip, limit=limit, status=status)
@app.get("/agents/{agent_id}", response_model=AgentResponse) async def get_agent(agent_id: str = Path(..., description="Agent ID")): """Get a specific agent by ID.""" agent = await agent_service.get(agent_id) if not agent: raise HTTPException(status_code=404, detail="Agent not found") return agent
@app.post("/agents", response_model=AgentResponse, status_code=201) async def create_agent(agent: AgentCreate): """Create a new agent.""" return await agent_service.create(agent)
@app.put("/agents/{agent_id}", response_model=AgentResponse) async def update_agent(agent_id: str, agent: AgentCreate): """Replace an existing agent.""" existing = await agent_service.get(agent_id) if not existing: raise HTTPException(status_code=404, detail="Agent not found") return await agent_service.update(agent_id, agent)
@app.delete("/agents/{agent_id}", status_code=204) async def delete_agent(agent_id: str): """Delete an agent.""" deleted = await agent_service.delete(agent_id) if not deleted: raise HTTPException(status_code=404, detail="Agent not found") ```
Authentication
JWT Authentication
```python from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from jose import JWTError, jwt
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
async def get_current_user(token: str = Depends(oauth2_scheme)): credentials_exception = HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": "Bearer"}, ) try: payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) user_id: str = payload.get("sub") if user_id is None: raise credentials_exception except JWTError: raise credentials_exception return await get_user(user_id)
Protected endpoint
@app.get("/protected") async def protected_route(user: User = Depends(get_current_user)): return {"user": user.email} ```
API Key Authentication
```python from fastapi.security import APIKeyHeader
api_key_header = APIKeyHeader(name="X-API-Key")
async def verify_api_key(api_key: str = Depends(api_key_header)): if api_key != VALID_API_KEY: raise HTTPException(status_code=403, detail="Invalid API key") return api_key ```
Error Handling
```python class ErrorResponse(BaseModel): error: str message: str details: Optional[dict] = None
@app.exception_handler(ValueError) async def value_error_handler(request, exc): return JSONResponse( status_code=400, content=ErrorResponse( error="validation_error", message=str(exc) ).dict() )
@app.exception_handler(Exception) async def general_exception_handler(request, exc): return JSONResponse( status_code=500, content=ErrorResponse( error="internal_error", message="An unexpected error occurred" ).dict() ) ```
API Testing with curl
```bash
GET
curl -X GET "http://localhost:8000/agents"
-H "Authorization: Bearer TOKEN"
POST
curl -X POST "http://localhost:8000/agents"
-H "Content-Type: application/json"
-H "Authorization: Bearer TOKEN"
-d '{"name": "agent-1", "type": "claude"}'
PUT
curl -X PUT "http://localhost:8000/agents/123"
-H "Content-Type: application/json"
-d '{"name": "updated-agent", "type": "claude"}'
DELETE
curl -X DELETE "http://localhost:8000/agents/123"
-H "Authorization: Bearer TOKEN"
```
OpenAPI Documentation
```python from fastapi import FastAPI
app = FastAPI( title="Golden Armada API", description="AI Agent Fleet Platform API", version="1.0.0", docs_url="/docs", redoc_url="/redoc", openapi_url="/openapi.json" )
Access documentation at:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
- OpenAPI JSON: http://localhost:8000/openapi.json
```
Next.js App Router Expert
Development
A skill that turns Claude into a Next.js App Router expert.
README Generator
Development
Creates professional and comprehensive README.md files for your projects.
API Documentation Writer
Development
Generates comprehensive API documentation in OpenAPI/Swagger format.