Express Rest Api
Scaffold and harden Express.js REST APIs with routing, middleware, validation, and centralized error handling for indie backend services.
Overview
express-rest-api is an agent skill for the Build phase that guides production-ready Express.js REST APIs with routing, middleware, validation patterns, and centralized error handling.
Install
npx skills add https://github.com/pluginagentmarketplace/custom-plugin-nodejs --skill express-rest-apiWhat is this skill?
- Five-step quick start from npm install through test and deploy
- RESTful router patterns for GET, POST, PUT, DELETE on resource paths
- Middleware stack: JSON body parsing, URL encoding, and modular route mounts
- Centralized error-handler middleware after route registration
- Bonded to nodejs-fundamentals agent context (PRIMARY_BOND) for consistent Node guidance
- 5-step Quick Start from setup through test and deploy
Adoption & trust: 691 installs on skills.sh; 2 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need a consistent Express server layout and REST route conventions but only have fragmented setup snippets.
Who is it for?
Indie builders shipping Node HTTP APIs who want Express defaults, router modules, and error middleware wired in one pass.
Skip if: Teams on Fastify or Nest-only stacks, or tasks limited to frontend or serverless edge handlers with no Express surface.
When should I use this skill?
Build production-ready RESTful APIs with Express.js including routing, middleware, validation, and error handling.
What do I get? / Deliverables
You get a structured Express app with mounted routers, standard middleware, and a clear place for validation and error handling before deployment.
- Express app entry with middleware chain
- Modular route files (e.g. users, products)
- Centralized error handler hook
Recommended Skills
Journey fit
How it compares
Instructional skill package for Express API structure—not an OpenAPI generator or hosted API gateway.
Common Questions / FAQ
Who is express-rest-api for?
Solo and indie builders using Claude Code, Cursor, or similar agents to stand up or extend Node.js REST backends with Express.
When should I use express-rest-api?
Use it in Build → backend when defining routes, middleware, and error handling for a new or growing HTTP API; less so for pure DB modeling or launch-time SEO work.
Is express-rest-api safe to install?
Review the Security Audits panel on this Prism page and inspect the skill source in your marketplace before letting an agent run npm install or deploy commands.
SKILL.md
READMESKILL.md - Express Rest Api
# Express REST API Skill Master building robust, scalable REST APIs with Express.js, the de-facto standard for Node.js web frameworks. ## Quick Start Build a basic Express API in 5 steps: 1. **Setup Express** - `npm install express` 2. **Create Routes** - Define GET, POST, PUT, DELETE endpoints 3. **Add Middleware** - JSON parsing, CORS, security headers 4. **Handle Errors** - Centralized error handling 5. **Test & Deploy** - Use Postman/Insomnia, deploy to cloud ## Core Concepts ### 1. Express Application Structure ```javascript const express = require('express'); const app = express(); // Middleware app.use(express.json()); app.use(express.urlencoded({ extended: true })); // Routes app.use('/api/users', userRoutes); app.use('/api/products', productRoutes); // Error handling app.use(errorHandler); app.listen(3000, () => console.log('Server running')); ``` ### 2. RESTful Route Design ```javascript // GET /api/users - Get all users // GET /api/users/:id - Get user by ID // POST /api/users - Create user // PUT /api/users/:id - Update user // DELETE /api/users/:id - Delete user const router = express.Router(); router.get('/', getAllUsers); router.get('/:id', getUserById); router.post('/', createUser); router.put('/:id', updateUser); router.delete('/:id', deleteUser); module.exports = router; ``` ### 3. Middleware Patterns ```javascript // Authentication middleware const authenticate = (req, res, next) => { const token = req.headers.authorization; if (!token) return res.status(401).json({ error: 'Unauthorized' }); // Verify token... next(); }; // Validation middleware const validate = (schema) => (req, res, next) => { const { error } = schema.validate(req.body); if (error) return res.status(400).json({ error: error.message }); next(); }; // Usage router.post('/users', authenticate, validate(userSchema), createUser); ``` ### 4. Error Handling ```javascript // Custom error class class APIError extends Error { constructor(message, statusCode) { super(message); this.statusCode = statusCode; } } // Global error handler app.use((err, req, res, next) => { const statusCode = err.statusCode || 500; res.status(statusCode).json({ success: false, error: err.message, ...(process.env.NODE_ENV === 'development' && { stack: err.stack }) }); }); ``` ## Learning Path ### Beginner (2-3 weeks) - ✅ Setup Express and create basic routes - ✅ Understand middleware concept - ✅ Implement CRUD operations - ✅ Test with Postman ### Intermediate (4-6 weeks) - ✅ Implement authentication (JWT) - ✅ Add input validation - ✅ Organize code (MVC pattern) - ✅ Connect to database ### Advanced (8-10 weeks) - ✅ API versioning (`/api/v1/`, `/api/v2/`) - ✅ Rate limiting and security - ✅ Pagination and filtering - ✅ API documentation (Swagger) - ✅ Performance optimization ## Essential Packages ```javascript { "dependencies": { "express": "^4.18.0", "helmet": "^7.0.0", // Security headers "cors": "^2.8.5", // Cross-origin requests "morgan": "^1.10.0", // HTTP logger "express-validator": "^7.0.0", // Input validation "express-rate-limit": "^6.0.0" // Rate limiting } } ``` ## Common Patterns ### Response Format ```javascript // Success { success: true, data: {...} } // Error { success: false, error: "Message" } // Pagination { success: true, data: [...], pagination: { page: 1, limit: 10, total: 100 } } ``` ### HTTP Status Codes - `200 OK` - Successful GET/PUT - `201 Created` - Successful POST - `204 No Content` - Successful DELETE - `400 Bad Request` - Validation error - `401 Unauthorized` - Auth required - `403 Forbidden` - No permission - `404 No