{"id":"52eb9cc9-25ba-4614-90b8-549141994244","shortId":"SZBYqB","kind":"skill","title":"Api And Interface Design","tagline":"Agent Skills skill by Addyosmani","description":"# API and Interface Design\n\n## Overview\n\nDesign stable, well-documented interfaces that are hard to misuse. Good interfaces make the right thing easy and the wrong thing hard. This applies to REST APIs, GraphQL schemas, module boundaries, component props, and any surface where one piece of code talks to another.\n\n## When to Use\n\n- Designing new API endpoints\n- Defining module boundaries or contracts between teams\n- Creating component prop interfaces\n- Establishing database schema that informs API shape\n- Changing existing public interfaces\n\n## Core Principles\n\n### Hyrum's Law\n\n> With a sufficient number of users of an API, all observable behaviors of your system will be depended on by somebody, regardless of what you promise in the contract.\n\nThis means: every public behavior — including undocumented quirks, error message text, timing, and ordering — becomes a de facto contract once users depend on it. Design implications:\n\n- **Be intentional about what you expose.** Every observable behavior is a potential commitment.\n- **Don't leak implementation details.** If users can observe it, they will depend on it.\n- **Plan for deprecation at design time.** See `deprecation-and-migration` for how to safely remove things users depend on.\n- **Tests are not enough.** Even with perfect contract tests, Hyrum's Law means \"safe\" changes can break real users who depend on undocumented behavior.\n\n### The One-Version Rule\n\nAvoid forcing consumers to choose between multiple versions of the same dependency or API. Diamond dependency problems arise when different consumers need different versions of the same thing. Design for a world where only one version exists at a time — extend rather than fork.\n\n### 1. Contract First\n\nDefine the interface before implementing it. The contract is the spec — implementation follows.\n\n```typescript\n// Define the contract first\ninterface TaskAPI {\n // Creates a task and returns the created task with server-generated fields\n createTask(input: CreateTaskInput): Promise;\n\n // Returns paginated tasks matching filters\n listTasks(params: ListTasksParams): Promise>;\n\n // Returns a single task or throws NotFoundError\n getTask(id: string): Promise;\n\n // Partial update — only provided fields change\n updateTask(id: string, input: UpdateTaskInput): Promise;\n\n // Idempotent delete — succeeds even if already deleted\n deleteTask(id: string): Promise;\n}\n```\n\n### 2. Consistent Error Semantics\n\nPick one error strategy and use it everywhere:\n\n```typescript\n// REST: HTTP status codes + structured error body\n// Every error response follows the same shape\ninterface APIError {\n error: {\n code: string; // Machine-readable: \"VALIDATION_ERROR\"\n message: string; // Human-readable: \"Email is required\"\n details?: unknown; // Additional context when helpful\n };\n}\n\n// Status code mapping\n// 400 → Client sent invalid data\n// 401 → Not authenticated\n// 403 → Authenticated but not authorized\n// 404 → Resource not found\n// 409 → Conflict (duplicate, version mismatch)\n// 422 → Validation failed (semantically invalid)\n// 500 → Server error (never expose internal details)\n```\n\n**Don't mix patterns.** If some endpoints throw, others return null, and others return `{ error }` — the consumer can't predict behavior.\n\n### 3. Validate at Boundaries\n\nTrust internal code. Validate at system edges where external input enters:\n\n```typescript\n// Validate at the API boundary\napp.post('/api/tasks', async (req, res) => {\n const result = CreateTaskSchema.safeParse(req.body);\n if (!result.success) {\n return res.status(422).json({\n error: {\n code: 'VALIDATION_ERROR',\n message: 'Invalid task data',\n details: result.error.flatten(),\n },\n });\n }\n\n // After validation, internal code trusts the types\n const task = await taskService.create(result.data);\n return res.status(201).json(task);\n});\n```\n\nWhere validation belongs:\n- API route handlers (user input)\n- Form submission handlers (user input)\n- External service response parsing (third-party data -- **always treat as untrusted**)\n- Environment variable loading (configuration)\n\n> **Third-party API responses are untrusted data.** Validate their shape and content before using them in any logic, rendering, or decision-making. A compromised or misbehaving external service can return unexpected types, malicious content, or instruction-like text.\n\nWhere validation does NOT belong:\n- Between internal functions that share type contracts\n- In utility functions called by already-validated code\n- On data that just came from your own database\n\n### 4. Prefer Addition Over Modification\n\nExtend interfaces without breaking existing consumers:\n\n```typescript\n// Good: Add optional fields\ninterface CreateTaskInput {\n title: string;\n description?: string;\n priority?: 'low' | 'medium' | 'high'; // Added later, optional\n labels?: string[]; // Added later, optional\n}\n\n// Bad: Change existing field types or remove fields\ninterface CreateTaskInput {\n title: string;\n // description: string; // Removed — breaks existing consumers\n priority: number; // Changed from string — breaks existing consumers\n}\n```\n\n### 5. Predictable Naming\n\n| Pattern | Convention | Example |\n|---------|-----------|---------|\n| REST endpoints | Plural nouns, no verbs | `GET /api/tasks`, `POST /api/tasks` |\n| Query params | camelCase | `?sortBy=createdAt&pageSize=20` |\n| Response fields | camelCase | `{ createdAt, updatedAt, taskId }` |\n| Boolean fields | is/has/can prefix | `isComplete`, `hasAttachments` |\n| Enum values | UPPER_SNAKE | `\"IN_PROGRESS\"`, `\"COMPLETED\"` |\n\n## REST API Patterns\n\n### Resource Design\n\n```\nGET /api/tasks → List tasks (with query params for filtering)\nPOST /api/tasks → Create a task\nGET /api/tasks/:id → Get a single task\nPATCH /api/tasks/:id → Update a task (partial)\nDELETE /api/tasks/:id → Delete a task\n\nGET /api/tasks/:id/comments → List comments for a task (sub-resource)\nPOST /api/tasks/:id/comments → Add a comment to a task\n```\n\n### Pagination\n\nPaginate list endpoints:\n\n```typescript\n// Request\nGET /api/tasks?page=1&pageSize=20&sortBy=createdAt&sortOrder=desc\n\n// Response\n{\n \"data\": [...],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 20,\n \"totalItems\": 142,\n \"totalPages\": 8\n }\n}\n```\n\n### Filtering\n\nUse query parameters for filters:\n\n```\nGET /api/tasks?status=in_progress&assignee=user123&createdAfter=2025-01-01\n```\n\n### Partial Updates (PATCH)\n\nAccept partial objects — only update what's provided:\n\n```typescript\n// Only title changes, everything else preserved\nPATCH /api/tasks/123\n{ \"title\": \"Updated title\" }\n```\n\n## TypeScript Interface Patterns\n\n### Use Discriminated Unions for Variants\n\n```typescript\n// Good: Each variant is explicit\ntype TaskStatus =\n | { type: 'pending' }\n | { type: 'in_progress'; assignee: string; startedAt: Date }\n | { type: 'completed'; completedAt: Date; completedBy: string }\n | { type: 'cancelled'; reason: string; cancelledAt: Date };\n\n// Consumer gets type narrowing\nfunction getStatusLabel(status: TaskStatus): string {\n switch (status.type) {\n case 'pending': return 'Pending';\n case 'in_progress': return `In progress (${status.assignee})`;\n case 'completed': return `Done on ${status.completedAt}`;\n case 'cancelled': return `Cancelled: ${status.reason}`;\n }\n}\n```\n\n### Input/Output Separation\n\n```typescript\n// Input: what the caller provides\ninterface CreateTaskInput {\n title: string;\n description?: string;\n}\n\n// Output: what the system returns (includes server-generated fields)\ninterface Task {\n id: string;\n title: string;\n description: string | null;\n createdAt: Date;\n updatedAt: Date;\n createdBy: string;\n}\n```\n\n### Use Branded Types for IDs\n\n```typescript\ntype TaskId = string & { readonly __brand: 'TaskId' };\ntype UserId = string & { readonly __brand: 'UserId' };\n\n// Prevents accidentally passing a UserId where a TaskId is expected\nfunction getTask(id: TaskId): Promise { ... }\n```\n\n## Common Rationalizations\n\n| Rationalization | Reality |\n|---|---|\n| \"We'll document the API later\" | The types ARE the documentation. Define them first. |\n| \"We don't need pagination for now\" | You will the moment someone has 100+ items. Add it from the start. |\n| \"PATCH is complicated, let's just use PUT\" | PUT requires the full object every time. PATCH is what clients actually want. |\n| \"We'll version the API when we need to\" | Breaking changes without versioning break consumers. Design for extension from the start. |\n| \"Nobody uses that undocumented behavior\" | Hyrum's Law: if it's observable, somebody depends on it. Treat every public behavior as a commitment. |\n| \"We can just maintain two versions\" | Multiple versions multiply maintenance cost and create diamond dependency problems. Prefer the One-Version Rule. |\n| \"Internal APIs don't need contracts\" | Internal consumers are still consumers. Contracts prevent coupling and enable parallel work. |\n\n## Red Flags\n\n- Endpoints that return different shapes depending on conditions\n- Inconsistent error formats across endpoints\n- Validation scattered throughout internal code instead of at boundaries\n- Breaking changes to existing fields (type changes, removals)\n- List endpoints without pagination\n- Verbs in REST URLs (`/api/createTask`, `/api/getUsers`)\n- Third-party API responses used without validation or sanitization\n\n## Verification\n\nAfter designing an API:\n\n- [ ] Every endpoint has typed input and output schemas\n- [ ] Error responses follow a single consistent format\n- [ ] Validation happens at system boundaries only\n- [ ] List endpoints support pagination\n- [ ] New fields are additive and optional (backward compatible)\n- [ ] Naming follows consistent conventions across all endpoints\n- [ ] API documentation or types are committed alongside the implementation","tags":["api","and","interface","design","agent","skills","addyosmani"],"capabilities":["skill","source-addyosmani","category-agent-skills"],"categories":["agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/addyosmani/agent-skills/api-and-interface-design","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"install_from":"skills.sh"}},"qualityScore":"0.300","qualityRationale":"deterministic score 0.30 from registry signals: · indexed on skills.sh · published under addyosmani/agent-skills","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T11:40:30.789Z","embedding":null,"createdAt":"2026-04-18T20:31:51.183Z","updatedAt":"2026-04-22T11:40:30.789Z","lastSeenAt":"2026-04-22T11:40:30.789Z","tsv":"'-01':829,830 '/api/createtask':1179 '/api/getusers':1180 '/api/tasks':485,699,701,734,743,748,755,762,768,779,794,821 '/api/tasks/123':850 '1':270,796,807 '100':1027 '142':811 '2':354 '20':708,798,809 '201':523 '2025':828 '3':463 '4':626 '400':408 '401':413 '403':416 '404':421 '409':425 '422':430,497 '5':686 '500':435 '8':813 'accept':834 'accident':982 'across':1152,1233 'actual':1053 'ad':652,657 'add':639,781,1029 'addit':401,628,1224 'addyosmani':9 'agent':5 'alongsid':1242 'alreadi':348,614 'already-valid':613 'alway':547 'anoth':59 'api':1,10,42,65,83,102,239,482,529,558,729,1004,1059,1122,1184,1195,1236 'apierror':382 'app.post':484 'appli':39 'aris':243 'assigne':825,875 'async':486 'authent':415,417 'author':420 'avoid':226 'await':518 'backward':1227 'bad':660 'becom':137 'behavior':105,127,157,220,462,1080,1095 'belong':528,600 'bodi':373 'boolean':715 'boundari':46,69,466,483,1162,1215 'brand':964,973,979 'break':213,634,675,683,1064,1068,1163 'call':611 'caller':930 'came':621 'camelcas':704,711 'cancel':886,920,922 'cancelledat':889 'case':902,906,913,919 'category-agent-skills' 'chang':85,211,336,661,680,845,1065,1164,1169 'choos':230 'client':409,1052 'code':56,370,384,406,469,500,512,616,1158 'comment':771,783 'commit':161,1098,1241 'common':996 'compat':1228 'complet':727,880,914 'completedat':881 'completedbi':883 'complic':1036 'compon':47,75 'compromis':580 'condit':1148 'configur':554 'conflict':426 'consist':355,1209,1231 'const':489,516 'consum':228,246,458,636,677,685,891,1069,1128,1131 'content':567,590 'context':402 'contract':71,122,141,204,271,280,289,607,1126,1132 'convent':690,1232 'core':89 'cost':1109 'coupl':1134 'creat':74,293,299,744,1111 'createdaft':827 'createdat':706,712,800,957 'createdbi':961 'createtask':306 'createtaskinput':308,643,669,933 'createtaskschema.safeparse':491 'data':412,506,546,562,618,804 'databas':79,625 'date':878,882,890,958,960 'de':139 'decis':577 'decision-mak':576 'defin':67,273,287,1011 'delet':344,349,761,764 'deletetask':350 'depend':111,144,174,195,217,237,241,1089,1113,1146 'deprec':179,185 'deprecation-and-migr':184 'desc':802 'descript':646,672,936,954 'design':4,13,15,63,147,181,254,732,1070,1193 'detail':166,399,441,507 'diamond':240,1112 'differ':245,248,1144 'discrimin':858 'document':19,1002,1010,1237 'done':916 'duplic':427 'easi':32 'edg':473 'els':847 'email':396 'enabl':1136 'endpoint':66,448,693,790,1141,1153,1172,1197,1218,1235 'enough':200 'enter':477 'enum':721 'environ':551 'error':131,356,360,372,375,383,390,437,456,499,502,1150,1204 'establish':78 'even':201,346 'everi':125,155,374,1047,1093,1196 'everyth':846 'everywher':365 'exampl':691 'exist':86,262,635,662,676,684,1166 'expect':990 'explicit':867 'expos':154,439 'extend':266,631 'extens':1072 'extern':475,539,583 'facto':140 'fail':432 'field':305,335,641,663,667,710,716,947,1167,1222 'filter':314,741,814,819 'first':272,290,1013 'flag':1140 'follow':285,377,1206,1230 'forc':227 'fork':269 'form':534 'format':1151,1210 'found':424 'full':1045 'function':603,610,895,991 'generat':304,946 'get':698,733,747,750,767,793,820,892 'getstatuslabel':896 'gettask':327,992 'good':26,638,863 'graphql':43 'handler':531,536 'happen':1212 'hard':23,37 'hasattach':720 'help':404 'high':651 'http':368 'human':394 'human-read':393 'hyrum':91,206,1081 'id':328,338,351,749,756,763,950,967,993 'id/comments':769,780 'idempot':343 'implement':165,277,284,1244 'implic':148 'includ':128,943 'inconsist':1149 'inform':82 'input':307,340,476,533,538,927,1200 'input/output':924 'instead':1159 'instruct':593 'instruction-lik':592 'intent':150 'interfac':3,12,20,27,77,88,275,291,381,632,642,668,855,932,948 'intern':440,468,511,602,1121,1127,1157 'invalid':411,434,504 'is/has/can':717 'iscomplet':719 'item':1028 'json':498,524 'label':655 'later':653,658,1005 'law':93,208,1083 'leak':164 'let':1037 'like':594 'list':735,770,789,1171,1217 'listtask':315 'listtasksparam':317 'll':1001,1056 'load':553 'logic':573 'low':649 'machin':387 'machine-read':386 'maintain':1102 'mainten':1108 'make':28,578 'malici':589 'map':407 'match':313 'mean':124,209 'medium':650 'messag':132,391,503 'migrat':187 'misbehav':582 'mismatch':429 'misus':25 'mix':444 'modif':630 'modul':45,68 'moment':1024 'multipl':232,1105 'multipli':1107 'name':688,1229 'narrow':894 'need':247,1017,1062,1125 'never':438 'new':64,1221 'nobodi':1076 'notfounderror':326 'noun':695 'null':452,956 'number':97,679 'object':836,1046 'observ':104,156,170,1087 'one':53,223,260,359,1118 'one-vers':222,1117 'option':640,654,659,1226 'order':136 'other':450,454 'output':938,1202 'overview':14 'page':795,806 'pages':707,797,808 'pagin':311,787,788,805,1018,1174,1220 'paginatedresult':319 'parallel':1137 'param':316,703,739 'paramet':817 'pars':542 'parti':545,557,1183 'partial':331,760,831,835 'pass':983 'patch':754,833,849,1034,1049 'pattern':445,689,730,856 'pend':871,903,905 'perfect':203 'pick':358 'piec':54 'plan':177 'plural':694 'post':700,742,778 'potenti':160 'predict':461,687 'prefer':627,1115 'prefix':718 'preserv':848 'prevent':981,1133 'principl':90 'prioriti':648,678 'problem':242,1114 'progress':726,824,874,908,911 'promis':119,309,318,330,342,353,995 'prop':48,76 'provid':334,841,931 'public':87,126,1094 'put':1041,1042 'queri':702,738,816 'quirk':130 'rather':267 'ration':997,998 'readabl':388,395 'readon':972,978 'real':214 'realiti':999 'reason':887 'red':1139 'regardless':115 'remov':192,666,674,1170 'render':574 'req':487 'req.body':492 'request':792 'requir':398,1043 'res':488 'res.status':496,522 'resourc':422,731,777 'respons':376,541,559,709,803,1185,1205 'rest':41,367,692,728,1177 'result':490 'result.data':520 'result.error.flatten':508 'result.success':494 'return':297,310,320,451,455,495,521,586,904,909,915,921,942,1143 'right':30 'rout':530 'rule':225,1120 'safe':191,210 'sanit':1190 'scatter':1155 'schema':44,80,1203 'see':183 'semant':357,433 'sent':410 'separ':925 'server':303,436,945 'server-gener':302,944 'servic':540,584 'shape':84,380,565,1145 'share':605 'singl':322,752,1208 'skill':6,7 'snake':724 'somebodi':114,1088 'someon':1025 'sortbi':705,799 'sortord':801 'source-addyosmani' 'spec':283 'stabl':16 'start':1033,1075 'startedat':877 'status':369,405,822,897 'status.assignee':912 'status.completedat':918 'status.reason':923 'status.type':901 'still':1130 'strategi':361 'string':329,339,352,385,392,645,647,656,671,673,682,876,884,888,899,935,937,951,953,955,962,971,977 'structur':371 'sub':776 'sub-resourc':775 'submiss':535 'succeed':345 'suffici':96 'support':1219 'surfac':51 'switch':900 'system':108,472,941,1214 'talk':57 'task':295,300,312,323,505,517,525,736,746,753,759,766,774,786,949 'taskapi':292 'taskid':714,970,974,988,994 'taskservice.create':519 'taskstatus':869,898 'team':73 'test':197,205 'text':133,595 'thing':31,36,193,253 'third':544,556,1182 'third-parti':543,555,1181 'throughout':1156 'throw':325,449 'time':134,182,265,1048 'titl':644,670,844,851,853,934,952 'totalitem':810 'totalpag':812 'treat':548,1092 'trust':467,513 'two':1103 'type':515,588,606,664,868,870,872,879,885,893,965,969,975,1007,1168,1199,1239 'typescript':286,366,478,637,791,842,854,862,926,968 'undocu':129,219,1079 'unexpect':587 'union':859 'unknown':400 'untrust':550,561 'updat':332,757,832,838,852 'updatedat':713,959 'updatetask':337 'updatetaskinput':341 'upper':723 'url':1178 'use':62,363,569,815,857,963,1040,1077,1186 'user':99,143,168,194,215,532,537 'user123':826 'userid':976,980,985 'util':609 'valid':389,431,464,470,479,501,510,527,563,597,615,1154,1188,1211 'valu':722 'variabl':552 'variant':861,865 'verb':697,1175 'verif':1191 'version':224,233,249,261,428,1057,1067,1104,1106,1119 'want':1054 'well':18 'well-docu':17 'without':633,1066,1173,1187 'work':1138 'world':257 'wrong':35","prices":[{"id":"a472bc28-6036-4f79-bbc9-22e5c670f6ae","listingId":"52eb9cc9-25ba-4614-90b8-549141994244","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"addyosmani","category":"agent-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T20:31:51.183Z"}],"sources":[{"listingId":"52eb9cc9-25ba-4614-90b8-549141994244","source":"github","sourceId":"addyosmani/agent-skills/api-and-interface-design","sourceUrl":"https://github.com/addyosmani/agent-skills/tree/main/skills/api-and-interface-design","isPrimary":false,"firstSeenAt":"2026-04-18T21:52:53.753Z","lastSeenAt":"2026-04-22T06:52:41.705Z"},{"listingId":"52eb9cc9-25ba-4614-90b8-549141994244","source":"skills_sh","sourceId":"addyosmani/agent-skills/api-and-interface-design","sourceUrl":"https://skills.sh/addyosmani/agent-skills/api-and-interface-design","isPrimary":true,"firstSeenAt":"2026-04-18T20:31:51.183Z","lastSeenAt":"2026-04-22T11:40:30.789Z"}],"details":{"listingId":"52eb9cc9-25ba-4614-90b8-549141994244","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"addyosmani","slug":"api-and-interface-design","source":"skills_sh","category":"agent-skills","skills_sh_url":"https://skills.sh/addyosmani/agent-skills/api-and-interface-design"},"updatedAt":"2026-04-22T11:40:30.789Z"}}