Api Design Reviewer
Have your coding agent spot REST anti-patterns—verb URLs, mixed naming, poor resource modeling—before you ship public APIs.
Overview
API Design Reviewer is an agent skill most often used in Ship (also Build) that flags REST API anti-patterns and suggests resource-oriented fixes.
Install
npx skills add https://github.com/alirezarezvani/claude-skills --skill api-design-reviewerWhat is this skill?
- Documents verb-based URL anti-patterns with REST-aligned replacements (GET/POST/PATCH/DELETE on resources)
- Calls out inconsistent JSON field naming (snake_case, camelCase, kebab-case) in one payload
- Explains why RPC-style routes hurt cacheability and HTTP semantics
- Pairs bad and good examples per anti-pattern for copy-paste agent guidance
Adoption & trust: 560 installs on skills.sh; 17.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are exposing HTTP endpoints but URLs read like RPC calls and response fields use mixed naming, which will confuse SDK users and future you.
Who is it for?
Solo builders shipping or refactoring REST APIs who want a structured anti-pattern checklist during PR review or spec writing.
Skip if: Teams that only need GraphQL schema review, gRPC/protobuf design, or automated OWASP API security scanning without design guidance.
When should I use this skill?
Reviewing or authoring REST routes, OpenAPI paths, or JSON response shapes for a new or legacy HTTP API.
What do I get? / Deliverables
You get concrete before/after endpoint and JSON examples aligned to REST conventions so the agent can rewrite routes and payloads consistently.
- Annotated list of anti-patterns with recommended endpoint and payload fixes
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
API design review is the quality gate before release; Prism shelves it under Ship so builders find it next to other pre-launch checks. Review is where contract and endpoint shape get scrutinized against REST norms, separate from first-pass backend implementation.
Where it fits
Refactor POST /api/createUser into POST /api/users before wiring the admin dashboard.
Run a PR pass that flags mixed camelCase and snake_case fields in list endpoints.
Align MVP API surface to nouns and standard verbs so the prototype contract matches production.
How it compares
Use as a design checklist during agent review, not as a substitute for an OpenAPI linter or penetration test.
Common Questions / FAQ
Who is api-design-reviewer for?
Indie and solo developers building REST backends, BaaS wrappers, or agent tools that call HTTP APIs and want consistent resource naming before clients depend on the contract.
When should I use api-design-reviewer?
During Build when sketching routes and DTOs, during Ship review before tagging a release, and when fixing legacy verb-based URLs after a support ticket exposes confusing endpoints.
Is api-design-reviewer safe to install?
It is documentation-style guidance with no mandated shell or network access; review the Security Audits panel on this Prism page before adding any skill to your agent.
SKILL.md
READMESKILL.md - Api Design Reviewer
# Common API Anti-Patterns and How to Avoid Them ## Introduction This document outlines common anti-patterns in REST API design that can lead to poor developer experience, maintenance nightmares, and scalability issues. Each anti-pattern is accompanied by examples and recommended solutions. ## 1. Verb-Based URLs (The RPC Trap) ### Anti-Pattern Using verbs in URLs instead of treating endpoints as resources. ``` ❌ Bad Examples: POST /api/getUsers POST /api/createUser GET /api/deleteUser/123 POST /api/updateUserPassword GET /api/calculateOrderTotal/456 ``` ### Why It's Bad - Violates REST principles - Makes the API feel like RPC instead of REST - HTTP methods lose their semantic meaning - Reduces cacheability - Harder to understand resource relationships ### Solution ``` ✅ Good Examples: GET /api/users # Get users POST /api/users # Create user DELETE /api/users/123 # Delete user PATCH /api/users/123/password # Update password GET /api/orders/456/total # Get order total ``` ## 2. Inconsistent Naming Conventions ### Anti-Pattern Mixed naming conventions across the API. ```json ❌ Bad Examples: { "user_id": 123, // snake_case "firstName": "John", // camelCase "last-name": "Doe", // kebab-case "EMAIL": "john@example.com", // UPPER_CASE "IsActive": true // PascalCase } ``` ### Why It's Bad - Confuses developers - Increases cognitive load - Makes code generation difficult - Reduces API adoption ### Solution ```json ✅ Choose one convention and stick to it (camelCase recommended): { "userId": 123, "firstName": "John", "lastName": "Doe", "email": "john@example.com", "isActive": true } ``` ## 3. Ignoring HTTP Status Codes ### Anti-Pattern Always returning HTTP 200 regardless of the actual result. ```json ❌ Bad Example: HTTP/1.1 200 OK { "status": "error", "code": 404, "message": "User not found" } ``` ### Why It's Bad - Breaks HTTP semantics - Prevents proper error handling by clients - Breaks caching and proxies - Makes monitoring and debugging harder ### Solution ```json ✅ Good Example: HTTP/1.1 404 Not Found { "error": { "code": "USER_NOT_FOUND", "message": "User with ID 123 not found", "requestId": "req-abc123" } } ``` ## 4. Overly Complex Nested Resources ### Anti-Pattern Creating deeply nested URL structures that are hard to navigate. ``` ❌ Bad Example: /companies/123/departments/456/teams/789/members/012/projects/345/tasks/678/comments/901 ``` ### Why It's Bad - URLs become unwieldy - Creates tight coupling between resources - Makes independent resource access difficult - Complicates authorization logic ### Solution ``` ✅ Good Examples: /tasks/678 # Direct access to task /tasks/678/comments # Task comments /users/012/tasks # User's tasks /projects/345?team=789 # Project filtering ``` ## 5. Inconsistent Error Response Formats ### Anti-Pattern Different error response structures across endpoints. ```json ❌ Bad Examples: # Endpoint 1 {"error": "Invalid email"} # Endpoint 2 {"success": false, "msg": "User not found", "code": 404} # Endpoint 3 {"errors": [{"field": "name", "message": "Required"}]} ``` ### Why It's Bad - Makes error handling complex for clients - Reduces code reusability - Poor developer experience ### Solution ```json ✅ Standardized Error Format: { "error": { "code": "VALIDATION_ERROR", "message": "The request contains invalid data", "details": [ { "field": "email", "code": "INVALID_FORMAT", "message": "Email address is not valid" } ], "requestId": "req-123456", "timestamp": "2024-02-16T13:00:00Z" } } ``` ## 6. Missing or Poor Pagination ### Anti-Pattern Returning all results in a single response or inconsistent pagination. ```json ❌ Bad Examples: # No pagination (returns 10,000 records) GET /api/users # Inconsistent pagination paramet