Api And Interface Design
Design REST, GraphQL, module, and component interfaces that are hard to misuse and stable under real consumer dependencies.
Install
npx skills add https://github.com/addyosmani/agent-skills --skill api-and-interface-designWhat is this skill?
- Applies Hyrum’s Law: every observable behavior becomes a dependency once shipped
- Covers REST, GraphQL, module boundaries, component props, and schema-informed APIs
- Emphasizes intentional surface area and hiding implementation leakage
- Pairs with deprecation-and-migration thinking at design time
- Use cases include new endpoints, team contracts, and evolving public interfaces
Adoption & trust: 4.1k installs on skills.sh; 49.1k GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+200% hot-view momentum).
Recommended Skills
Entra App Registrationmicrosoft/azure-skills
Azure Aigatewaymicrosoft/azure-skills
Lark Openapi Explorerlarksuite/cli
Supabasesupabase/agent-skills
Firebase Auth Basicsfirebase/agent-skills
Firebase Data Connectfirebase/agent-skills
Journey fit
Primary fit
Build → backend is the primary shelf because new endpoints and cross-module contracts are defined while the product is taking shape. Backend subphase covers public API shape, schema-driven contracts, and boundaries between frontend, services, and data layers.
Common Questions / FAQ
Is Api And Interface Design safe to install?
skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.
SKILL.md
READMESKILL.md - Api And Interface Design
# API and Interface Design ## Overview Design stable, well-documented interfaces that are hard to misuse. Good interfaces make the right thing easy and the wrong thing hard. This applies to REST APIs, GraphQL schemas, module boundaries, component props, and any surface where one piece of code talks to another. ## When to Use - Designing new API endpoints - Defining module boundaries or contracts between teams - Creating component prop interfaces - Establishing database schema that informs API shape - Changing existing public interfaces ## Core Principles ### Hyrum's Law > With a sufficient number of users of an API, all observable behaviors of your system will be depended on by somebody, regardless of what you promise in the contract. This means: every public behavior — including undocumented quirks, error message text, timing, and ordering — becomes a de facto contract once users depend on it. Design implications: - **Be intentional about what you expose.** Every observable behavior is a potential commitment. - **Don't leak implementation details.** If users can observe it, they will depend on it. - **Plan for deprecation at design time.** See `deprecation-and-migration` for how to safely remove things users depend on. - **Tests are not enough.** Even with perfect contract tests, Hyrum's Law means "safe" changes can break real users who depend on undocumented behavior. ### The One-Version Rule Avoid forcing consumers to choose between multiple versions of the same dependency or API. Diamond dependency problems arise when different consumers need different versions of the same thing. Design for a world where only one version exists at a time — extend rather than fork. ### 1. Contract First Define the interface before implementing it. The contract is the spec — implementation follows. ```typescript // Define the contract first interface TaskAPI { // Creates a task and returns the created task with server-generated fields createTask(input: CreateTaskInput): Promise<Task>; // Returns paginated tasks matching filters listTasks(params: ListTasksParams): Promise<PaginatedResult<Task>>; // Returns a single task or throws NotFoundError getTask(id: string): Promise<Task>; // Partial update — only provided fields change updateTask(id: string, input: UpdateTaskInput): Promise<Task>; // Idempotent delete — succeeds even if already deleted deleteTask(id: string): Promise<void>; } ``` ### 2. Consistent Error Semantics Pick one error strategy and use it everywhere: ```typescript // REST: HTTP status codes + structured error body // Every error response follows the same shape interface APIError { error: { code: string; // Machine-readable: "VALIDATION_ERROR" message: string; // Human-readable: "Email is required" details?: unknown; // Additional context when helpful }; } // Status code mapping // 400 → Client sent invalid data // 401 → Not authenticated // 403 → Authenticated but not authorized // 404 → Resource not found // 409 → Conflict (duplicate, version mismatch) // 422 → Validation failed (semantically invalid) // 500 → Server error (never expose internal details) ``` **Don't mix patterns.** If some endpoints throw, others return null, and others return `{ error }` — the consumer can't predict behavior. ### 3. Validate at Boundaries Trust internal code. Validate at system edges where external input enters: ```typescript // Validate at the API boundary app.post('/api/tasks', async (req, res) => { const result = CreateTaskSchema.safeParse(req.body); if (!result.success) { return res.status(422).json({ error: { code: 'VALIDATION_ERROR',