Api Integration Specialist
Integrate third-party REST, GraphQL, and webhooks with production-grade auth, retries, rate limits, and response shaping.
Overview
API Integration Specialist is an agent skill most often used in Build (also Ship, Operate) that guides robust third-party API clients with auth, retries, rate limits, and webhooks.
Install
npx skills add https://github.com/davila7/claude-code-templates --skill api-integration-specialistWhat is this skill?
- API keys and OAuth 2.0 authorization-code patterns with env-based secrets
- Rate limiting, retries, and circuit-breaker style resilience guidance
- Webhook and event-driven integration setup
- Request/response transformation for application-facing models
Adoption & trust: 584 installs on skills.sh; 27.8k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are connecting to an external API but worry about leaked keys, brittle error handling, OAuth mistakes, or outages when rate limits hit.
Who is it for?
Indie developers adding Stripe-class vendors, internal microservices, or webhook-driven workflows without a dedicated platform team.
Skip if: Greenfield projects with no external HTTP dependencies, or when you only need OpenAPI mock servers without real vendor auth.
When should I use this skill?
Integrating REST APIs, GraphQL endpoints, webhooks, or external services; implementing OAuth, API keys, JWT auth, rate limits, or retries.
What do I get? / Deliverables
After the skill runs, your codebase has a structured API client pattern with secure credential loading, retry and limit handling, and webhook-ready integration seams.
- API client module with authentication and base URL configuration
- Webhook route handlers and response transformation layers
- Retry, rate-limit, and error-handling policy aligned with vendor constraints
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
New external service wiring happens during Build, but the same patterns apply when hardening or debugging live integrations—hence multi-phase scope. Integrations is canonical because the skill’s core is client construction, OAuth, webhooks, and resilient HTTP clients to vendor APIs.
Where it fits
Scaffold a SendGrid or Twilio client with env-based keys and typed error handling before merging your onboarding flow.
Add OAuth authorization-code flow and token refresh to connect a user’s external account to your SaaS backend.
Audit generated integration code for hard-coded secrets and tighten scopes before production deploy.
Debug intermittent 429 responses by applying retry and circuit-breaker patterns from the skill to an existing vendor client.
How it compares
Integration craft skill for application code—not an MCP server catalog or a one-off curl cheat sheet.
Common Questions / FAQ
Who is api integration specialist for?
Solo builders and small teams shipping SaaS or agents that must talk to third-party REST, GraphQL, or webhook APIs with production expectations.
When should I use api integration specialist?
Use it while building new vendor clients in Build integrations, when hardening retry and auth before release in Ship, and when debugging live API failures in Operate.
Is api integration specialist safe to install?
It teaches patterns that use secrets and network access in your app—review the Security Audits panel on this Prism page and never commit real API keys.
SKILL.md
READMESKILL.md - Api Integration Specialist
# API Integration Specialist Expert guidance for integrating external APIs into applications with production-ready patterns, security best practices, and comprehensive error handling. ## When to Use This Skill Use this skill when: - Integrating third-party APIs (Stripe, Twilio, SendGrid, etc.) - Building API client libraries or wrappers - Implementing OAuth 2.0, API keys, or JWT authentication - Setting up webhooks and event-driven integrations - Handling rate limits, retries, and circuit breakers - Transforming API responses for application use - Debugging API integration issues ## Core Integration Principles ### 1. Authentication & Security **API Key Management:** ```javascript // Store keys in environment variables, never in code const apiClient = new APIClient({ apiKey: process.env.SERVICE_API_KEY, baseURL: process.env.SERVICE_BASE_URL }); ``` **OAuth 2.0 Flow:** ```javascript // Authorization Code Flow const oauth = new OAuth2Client({ clientId: process.env.CLIENT_ID, clientSecret: process.env.CLIENT_SECRET, redirectUri: process.env.REDIRECT_URI, scopes: ['read:users', 'write:data'] }); // Get authorization URL const authUrl = oauth.getAuthorizationUrl(); // Exchange code for tokens const tokens = await oauth.exchangeCode(code); ``` ### 2. Request/Response Handling **Standardized Request Structure:** ```javascript async function makeRequest(endpoint, options = {}) { const defaultHeaders = { 'Content-Type': 'application/json', 'Authorization': `Bearer ${apiKey}`, 'User-Agent': 'MyApp/1.0.0' }; const response = await fetch(`${baseURL}${endpoint}`, { ...options, headers: { ...defaultHeaders, ...options.headers } }); if (!response.ok) { throw new APIError(response.status, await response.json()); } return response.json(); } ``` **Response Transformation:** ```javascript class APIClient { async getUser(userId) { const raw = await this.request(`/users/${userId}`); // Transform external API format to internal model return { id: raw.user_id, email: raw.email_address, name: `${raw.first_name} ${raw.last_name}`, createdAt: new Date(raw.created_timestamp) }; } } ``` ### 3. Error Handling **Structured Error Types:** ```javascript class APIError extends Error { constructor(status, body) { super(`API Error: ${status}`); this.status = status; this.body = body; this.isAPIError = true; } isRateLimited() { return this.status === 429; } isUnauthorized() { return this.status === 401; } isServerError() { return this.status >= 500; } } ``` **Retry Logic with Exponential Backoff:** ```javascript async function retryWithBackoff(fn, maxRetries = 3) { for (let i = 0; i < maxRetries; i++) { try { return await fn(); } catch (error) { if (!error.isAPIError || !error.isServerError()) { throw error; // Don't retry client errors } if (i === maxRetries - 1) throw error; const delay = Math.pow(2, i) * 1000; // 1s, 2s, 4s await sleep(delay); } } } ``` ### 4. Rate Limiting **Client-Side Rate Limiter:** ```javascript class RateLimiter { constructor(maxRequests, windowMs) { this.maxRequests = maxRequests; this.windowMs = windowMs; this.requests = []; } async acquire() { const now = Date.now(); this.requests = this.requests.filter(t => now - t < this.windowMs); if (this.requests.length >= this.maxRequests) { const oldestRequest = this.requests[0]; const waitTime = this.windowMs - (now - oldestRequest); await sleep(waitTime); re