API Design Patterns
When to Use
Activate this skill when:
- Designing new API endpoints or modifying existing endpoint contracts
- Defining request/response schemas for a feature
- Standardizing pagination, filtering, or sorting across endpoints
- Designing a consistent error response format
- Planning API versioning or deprecation strategy
- Reviewing API contracts for consistency before implementation
- Documenting endpoint specifications for frontend/backend coordination
Input: If
or
exists, read for context about the feature scope and architectural decisions. Otherwise, work from the user's request directly.
Output: Write API design to
. Tell the user: "API design written to
. Run
to create implementation tasks or
to implement."
Do NOT use this skill for:
- Writing implementation code (use )
- System-level architecture decisions (use )
- Writing tests for endpoints (use )
- Frontend data fetching implementation (use )
Instructions
URL Naming Conventions
Resource Naming Rules
- Plural nouns for collections: , ,
- Kebab-case for multi-word resources: ,
- Singular resource by ID: ,
- Maximum 2 nesting levels: (not
/users/{user_id}/orders/{order_id}/items/{item_id}
- No verbs in URLs: use HTTP methods instead ( not )
- Query parameters for filtering, sorting, pagination:
/users?role=admin&sort=-created_at
URL Structure Template
/{version}/{resource} → Collection (list, create)
/{version}/{resource}/{id} → Single resource (get, update, delete)
/{version}/{resource}/{id}/{sub-resource} → Nested collection
/{version}/{resource}/actions/{action} → Non-CRUD operations (rarely needed)
Naming Examples
| Good | Bad | Reason |
|---|
| | No verbs — HTTP method implies action |
| | POST to collection = create |
| | Kebab-case, not camelCase |
GET /v1/users/{id}/orders
| GET /v1/users/{id}/orders/{oid}/items
| Max 2 nesting levels |
POST /v1/orders/{id}/actions/cancel
| POST /v1/cancelOrder/{id}
| Action sub-resource for non-CRUD |
HTTP Method Semantics
| Method | Purpose | Request Body | Success Status | Idempotent |
|---|
| Retrieve resource(s) | None | | Yes |
| Create new resource | Required | | No |
| Full replace | Required (full) | | Yes |
| Partial update | Required (partial) | | No* |
| Remove resource | None | | Yes |
*PATCH is not inherently idempotent but can be made so with proper implementation.
Response headers for creation:
- returning SHOULD include a header with the URL of the created resource
Conditional requests:
- Support / for caching on GET endpoints with frequently-accessed resources
Schema Naming Conventions (Pydantic v2)
Follow a consistent naming pattern for all Pydantic schemas:
| Pattern | Purpose | Fields |
|---|
| POST request body | Writable fields, no id, no timestamps |
| PUT request body | All writable fields required |
| PATCH request body | All fields Optional |
| Single resource response | All fields including id, timestamps |
| Paginated list response | items + pagination metadata |
| Query parameters | Optional filter fields |
Schema design rules:
- Never expose internal fields (hashed_password, internal_notes) in Response schemas
- Always include and timestamps (, ) in Response schemas
- Use
model_validate(orm_instance)
- Use
model_dump(exclude_unset=True)
- Reference
references/pydantic-schema-examples.md
Pagination
Cursor-Based Pagination (Default)
Use cursor-based pagination for all list endpoints. It is more performant than offset-based for large datasets and avoids the "shifting window" problem.
Request parameters:
GET /v1/users?cursor=eyJpZCI6MTAwfQ&limit=20
| Parameter | Type | Default | Description |
|---|
| | | Opaque cursor from previous response |
| | | Items per page (max 100) |
Response format:
json
{
"items": [...],
"next_cursor": "eyJpZCI6MTIwfQ",
"has_more": true
}
Cursor implementation:
- Encode the last item's sort key (usually ) as a base64 string
- The cursor is opaque to the client — they must not parse or construct it
- Use
WHERE id > :last_id ORDER BY id ASC LIMIT :limit + 1
Offset-Based Pagination (When Needed)
Use offset-based only when the client needs to jump to arbitrary pages (e.g., admin tables).
json
{
"items": [...],
"total": 150,
"page": 2,
"page_size": 20,
"total_pages": 8
}
Filtering and Sorting
Filtering
Use query parameters with field names:
GET /v1/users?role=admin&is_active=true&created_after=2024-01-01
Filtering conventions:
- Exact match:
- Range:
?field_min=10&field_max=100
?created_after=...&created_before=...
- Search: (for full-text search across multiple fields)
- Multiple values:
?status=active&status=pending
Sorting
Use a
query parameter with field name and direction prefix:
GET /v1/users?sort=-created_at → descending by created_at
GET /v1/users?sort=name → ascending by name
GET /v1/users?sort=-created_at,name → multi-field sort
Convention: prefix means descending, no prefix means ascending.
Error Response Format
All API errors follow a consistent format:
json
{
"detail": "Human-readable error message",
"code": "MACHINE_READABLE_CODE",
"field_errors": [
{
"field": "email",
"message": "Invalid email format",
"code": "INVALID_FORMAT"
}
]
}
Standard Error Codes and Status Mapping
| HTTP Status | When to Use | Example |
|---|
| Malformed request | |
| Missing or invalid authentication | |
| Authenticated but not authorized | |
| Resource not found | |
| Conflict (duplicate, version mismatch) | |
| Validation error (Pydantic) | |
| Rate limit exceeded | |
| Unexpected server error | |
Error schema (Pydantic v2):
python
class FieldError(BaseModel):
field: str
message: str
code: str
class ErrorResponse(BaseModel):
detail: str
code: str
field_errors: list[FieldError] = []
API Versioning
Strategy: URL Prefix Versioning
/v1/users → Version 1
/v2/users → Version 2
Versioning rules:
- Start with for all new APIs
- Increment major version only for breaking changes
- Non-breaking changes (new optional fields, new endpoints) do NOT require a new version
- Support at most 2 active versions simultaneously
Breaking changes that require a new version:
- Removing a field from a response
- Changing a field's type
- Making an optional request field required
- Changing the URL structure for existing endpoints
- Changing error response format
Deprecation process:
- Add header to the old version:
- Add header with the retirement date:
Sunset: Sat, 01 Mar 2026 00:00:00 GMT
- Add header pointing to the new version:
Link: </v2/users>; rel="successor-version"
- Log usage of deprecated endpoints for monitoring
- Remove the old version after the sunset date
OpenAPI Documentation
FastAPI generates OpenAPI schemas automatically. Enhance them with:
python
@router.get(
"/users/{user_id}",
response_model=UserResponse,
summary="Get user by ID",
description="Retrieve a single user's details by their unique identifier.",
responses={
404: {"model": ErrorResponse, "description": "User not found"},
},
tags=["Users"],
)
async def get_user(user_id: int) -> UserResponse:
...
Documentation conventions:
- Every endpoint has a (short) and optional (detailed)
- Document all non-200 responses with their schema
- Group endpoints by matching the resource name
- Use for automatic response schema documentation
Examples
Designing a Products API Contract
Objective: Design the contract for a
CRUD endpoint with search and pagination.
Endpoints:
| Method | Path | Description | Request | Response | Status |
|---|
| GET | | List products | Query: cursor, limit, q, category, sort | ProductListResponse | 200 |
| POST | | Create product | Body: ProductCreate | ProductResponse | 201 |
| GET | | Get product | — | ProductResponse | 200 |
| PATCH | | Update product | Body: ProductPatch | ProductResponse | 200 |
| DELETE | | Delete product | — | — | 204 |
Schemas:
python
class ProductCreate(BaseModel):
name: str = Field(min_length=1, max_length=200)
description: str | None = None
price_cents: int = Field(gt=0)
category: str
sku: str = Field(pattern=r"^[A-Z0-9-]+$")
class ProductPatch(BaseModel):
name: str | None = None
description: str | None = None
price_cents: int | None = Field(default=None, gt=0)
category: str | None = None
class ProductResponse(BaseModel):
id: int
name: str
description: str | None
price_cents: int
category: str
sku: str
created_at: datetime
updated_at: datetime
class ProductListResponse(BaseModel):
items: list[ProductResponse]
next_cursor: str | None
has_more: bool
Search and filtering:
GET /v1/products?q=laptop&category=electronics&sort=-price_cents&limit=20
See
references/endpoint-catalog-template.md
for the full documentation template.
See
references/pydantic-schema-examples.md
for additional schema examples.
Edge Cases
Bulk Operations
For operations on multiple resources at once:
Request:
json
{
"items": [
{"email": "a@example.com", "name": "Alice"},
{"email": "b@example.com", "name": "Bob"}
]
}
Response (partial success — status 207):
json
{
"results": [
{"index": 0, "status": "created", "data": {...}},
{"index": 1, "status": "error", "error": {"detail": "Email already exists", "code": "CONFLICT"}}
],
"succeeded": 1,
"failed": 1
}
Use HTTP
when individual items can succeed or fail independently.
File Upload Endpoints
File uploads use
, not JSON:
python
@router.post("/v1/files", response_model=FileResponse, status_code=201)
async def upload_file(
file: UploadFile,
description: str = Form(default=""),
) -> FileResponse:
...
Validate file size and MIME type before processing. Return
for oversized files.
Long-Running Operations
For operations that cannot complete within a normal request timeout:
-
Return
with a status URL:
json
{"status_url": "/v1/jobs/abc123", "estimated_completion": "2024-01-15T10:30:00Z"}
-
Client polls the status URL:
GET /v1/jobs/abc123 → {"status": "processing", "progress": 0.65}
GET /v1/jobs/abc123 → {"status": "completed", "result_url": "/v1/reports/xyz"}
Sub-Resource Design
When a resource logically belongs to a parent but nesting would exceed 2 levels, use a top-level resource with a filter:
# Instead of: GET /v1/users/{id}/orders/{oid}/items
# Use: GET /v1/order-items?order_id=123
This keeps URLs flat while maintaining the relationship through filtering.
Output File
Write the API design to
at the project root:
markdown
# API Design: [Feature Name]
## Endpoints
|--------|-----|-------------|------|
| GET | /v1/users | List users | Required |
| POST | /v1/users | Create user | Required |
## Request/Response Schemas
### UserCreate
|-------|------|----------|------------|
| email | string | Yes | Valid email |
| name | string | Yes | 1-100 chars |
### UserResponse
|-------|------|-------------|
| id | uuid | User ID |
| email | string | User email |
## Error Codes
|------|-------------|-------------|
| USER_NOT_FOUND | 404 | User does not exist |
| EMAIL_EXISTS | 409 | Email already registered |
## Next Steps
- Run `/task-decomposition` to create implementation tasks
- Run `/python-backend-expert` to implement endpoints