---

name: restapi description: REST API design, implementation, and best practices. Activate for API endpoints, HTTP methods, status codes, authentication, and API documentation. allowed-tools:

• Bash
• Read
• Write
• Edit
• Glob
• Grep

---

REST API Skill

Provides comprehensive REST API design and implementation capabilities for the Golden Armada AI Agent Fleet Platform.

When to Use This Skill

Activate this skill when working with:

• API endpoint design
• HTTP request/response handling
• API authentication
• OpenAPI documentation
• API testing

REST API Design Principles

Resource Naming

```

Good - nouns, plural

GET /agents GET /agents/{id} POST /agents PUT /agents/{id} DELETE /agents/{id}

Nested resources

GET /agents/{id}/tasks POST /agents/{id}/tasks

Bad - verbs, actions

GET /getAgents POST /createAgent ```

HTTP Methods

| Method | Usage | Idempotent | |--------|-------|------------| | GET | Read resource | Yes | | POST | Create resource | No | | PUT | Replace resource | Yes | | PATCH | Partial update | No | | DELETE | Delete resource | Yes |

Status Codes

```

Success

200 OK - Successful GET, PUT, PATCH 201 Created - Successful POST 204 No Content - Successful DELETE

Client Errors

400 Bad Request - Validation error 401 Unauthorized - Authentication required 403 Forbidden - Not permitted 404 Not Found - Resource not found 409 Conflict - Duplicate/conflict 422 Unprocessable - Semantic validation error

Server Errors

500 Internal Error - Server error 502 Bad Gateway - Upstream error 503 Service Unavailable - Temporary overload ```

API Implementation (FastAPI)

```python from fastapi import FastAPI, HTTPException, Query, Path, Depends, status from typing import List, Optional from pydantic import BaseModel, Field

app = FastAPI(title="Golden Armada API", version="1.0.0")

Models

class AgentCreate(BaseModel): name: str = Field(..., min_length=1, max_length=100) type: str = Field(..., pattern="^(claude|gpt|gemini)$")

class AgentResponse(BaseModel): id: str name: str type: str status: str created_at: datetime

Endpoints

@app.get("/agents", response_model=List[AgentResponse]) async def list_agents( skip: int = Query(0, ge=0), limit: int = Query(100, ge=1, le=1000), status: Optional[str] = Query(None) ): """List all agents with pagination and filtering.""" return await agent_service.list(skip=skip, limit=limit, status=status)

@app.get("/agents/{agent_id}", response_model=AgentResponse) async def get_agent(agent_id: str = Path(..., description="Agent ID")): """Get a specific agent by ID.""" agent = await agent_service.get(agent_id) if not agent: raise HTTPException(status_code=404, detail="Agent not found") return agent

@app.post("/agents", response_model=AgentResponse, status_code=201) async def create_agent(agent: AgentCreate): """Create a new agent.""" return await agent_service.create(agent)

@app.put("/agents/{agent_id}", response_model=AgentResponse) async def update_agent(agent_id: str, agent: AgentCreate): """Replace an existing agent.""" existing = await agent_service.get(agent_id) if not existing: raise HTTPException(status_code=404, detail="Agent not found") return await agent_service.update(agent_id, agent)

@app.delete("/agents/{agent_id}", status_code=204) async def delete_agent(agent_id: str): """Delete an agent.""" deleted = await agent_service.delete(agent_id) if not deleted: raise HTTPException(status_code=404, detail="Agent not found") ```

Authentication

JWT Authentication

```python from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from jose import JWTError, jwt

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

async def get_current_user(token: str = Depends(oauth2_scheme)): credentials_exception = HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": "Bearer"}, ) try: payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) user_id: str = payload.get("sub") if user_id is None: raise credentials_exception except JWTError: raise credentials_exception return await get_user(user_id)

Protected endpoint

@app.get("/protected") async def protected_route(user: User = Depends(get_current_user)): return {"user": user.email} ```

API Key Authentication

```python from fastapi.security import APIKeyHeader

api_key_header = APIKeyHeader(name="X-API-Key")

async def verify_api_key(api_key: str = Depends(api_key_header)): if api_key != VALID_API_KEY: raise HTTPException(status_code=403, detail="Invalid API key") return api_key ```

Error Handling

```python class ErrorResponse(BaseModel): error: str message: str details: Optional[dict] = None

@app.exception_handler(ValueError) async def value_error_handler(request, exc): return JSONResponse( status_code=400, content=ErrorResponse( error="validation_error", message=str(exc) ).dict() )

@app.exception_handler(Exception) async def general_exception_handler(request, exc): return JSONResponse( status_code=500, content=ErrorResponse( error="internal_error", message="An unexpected error occurred" ).dict() ) ```

API Testing with curl

```bash

GET

curl -X GET "http://localhost:8000/agents"
-H "Authorization: Bearer TOKEN"

POST

curl -X POST "http://localhost:8000/agents"
-H "Content-Type: application/json"
-H "Authorization: Bearer TOKEN"
-d '{"name": "agent-1", "type": "claude"}'

PUT

curl -X PUT "http://localhost:8000/agents/123"
-H "Content-Type: application/json"
-d '{"name": "updated-agent", "type": "claude"}'

DELETE

curl -X DELETE "http://localhost:8000/agents/123"
-H "Authorization: Bearer TOKEN" ```

OpenAPI Documentation

```python from fastapi import FastAPI

app = FastAPI( title="Golden Armada API", description="AI Agent Fleet Platform API", version="1.0.0", docs_url="/docs", redoc_url="/redoc", openapi_url="/openapi.json" )

Access documentation at:

- Swagger UI: http://localhost:8000/docs

- ReDoc: http://localhost:8000/redoc

- OpenAPI JSON: http://localhost:8000/openapi.json

```