api-design
REST API Design Principles
URL Structure
GET /api/v1/resources # List all
GET /api/v1/resources/{id} # Get one
POST /api/v1/resources # Create
PUT /api/v1/resources/{id} # Replace
PATCH /api/v1/resources/{id} # Partial update
DELETE /api/v1/resources/{id} # Delete
# Nested resources
GET /api/v1/parents/{id}/children
POST /api/v1/parents/{id}/children
HTTP Status Codes
| Code | Meaning | When to Use |
|---|---|---|
| 200 | OK | Successful GET, PUT, PATCH |
| 201 | Created | Successful POST (new resource) |
| 204 | No Content | Successful DELETE |
| 400 | Bad Request | Validation errors, malformed request |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Valid auth but no permission |
| 404 | Not Found | Resource doesn't exist |
| 409 | Conflict | Duplicate, state conflict |
| 422 | Unprocessable | Semantic errors |
| 500 | Server Error | Unexpected errors |
Request/Response Design
Collection Response
{
"data": [...],
"pagination": {
"page": 1,
"pageSize": 20,
"totalItems": 150,
"totalPages": 8
}
}
Single Resource Response
{
"id": "uuid",
"name": "Resource Name",
"createdAt": "2024-01-15T10:30:00Z",
"updatedAt": "2024-01-15T11:00:00Z"
}
Error Response
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Name is required",
"details": [
{"field": "name", "message": "must not be blank"}
]
}
}
Query Parameters
# Filtering
GET /api/v1/resources?status=active&type=premium
# Sorting
GET /api/v1/resources?sort=createdAt,desc
# Pagination
GET /api/v1/resources?page=1&pageSize=20
# Field selection
GET /api/v1/resources?fields=id,name,status
# Search
GET /api/v1/resources?search=query
Idempotency
- POST with unique identifiers should return existing resource (200) if duplicate
- PUT/DELETE should be idempotent
- Use
Pair<Result, Boolean>pattern to indicate created vs existing
Versioning
- Use URL path versioning:
/api/v1/,/api/v2/ - Version when making breaking changes
- Support old versions during migration period
Security Considerations
- Always validate input at API boundary
- Use parameterized queries (JOOQ handles this)
- Check authorization in service layer
- Never expose internal IDs or sensitive data
- Rate limit public endpoints
More from andvl1/claude-plugin
kmp
Kotlin Multiplatform fundamentals - use for project setup, expect/actual patterns, source sets, and platform-specific code
40decompose
Decompose navigation and components - use for KMP component architecture, navigation, lifecycle, and state management
15koog
JetBrains Koog AI Agent framework (Kotlin) - use for building AI agents with tool calling, LLM integration via OpenRouter/OpenAI/Anthropic/Google/DeepSeek, streaming, GOAP planning, MCP integration, and AI-powered workflows. Use when implementing AI agents, LLM calls, tool-calling patterns, or integrating LLM providers in Kotlin projects.
11compose
Compose Multiplatform UI patterns - use for shared UI components, theming, resources, and platform-specific adaptations
10compose-arch
Compose Multiplatform Architecture Framework - strict Screen/View/Component layering, use cases, repositories, and feature slice patterns
8skill-creator
Guide for creating effective skills that extend agent capabilities with specialized knowledge, workflows, or tool integrations. Use this skill when the user asks to: (1) create a new skill, (2) make a skill, (3) build a skill, (4) set up a skill, (5) initialize a skill, (6) scaffold a skill, (7) update or modify an existing skill, (8) validate a skill, (9) learn about skill structure, (10) understand how skills work, or (11) get guidance on skill design patterns. Trigger on phrases like \"create a skill\", \"new skill\", \"make a skill\", \"skill for X\", \"how do I create a skill\", or \"help me build a skill\".
7