api-and-interface-design▌
OWNER/REPO · updated May 7, 2026
MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.
Guides stable API and interface design for creating REST or GraphQL endpoints and defining type contracts between modules.
| name | api-and-interface-design |
| description | Guides stable API and interface design. Use when designing APIs, module boundaries, or any public interface. Use when creating REST or GraphQL endpoints, defining type contracts between modules, or establishing boundaries between frontend and backend. |
API and Interface Design
Overview
Design stable, well-documented interfaces that are hard to misuse. Good interfaces make the right thing easy and the wrong thing hard. This applies to REST APIs, GraphQL schemas, module boundaries, component props, and any surface where one piece of code talks to another.
When to Use
- Designing new API endpoints
- Defining module boundaries or contracts between teams
- Creating component prop interfaces
- Establishing database schema that informs API shape
- Changing existing public interfaces
Core Principles
Hyrum's Law
With a sufficient number of users of an API, all observable behaviors of your system will be depended on by somebody, regardless of what you promise in the contract.
This means: every public behavior — including undocumented quirks, error message text, timing, and ordering — becomes a de facto contract once users depend on it. Design implications:
- Be intentional about what you expose. Every observable behavior is a potential commitment.
- Don't leak implementation details. If users can observe it, they will depend on it.
- Plan for deprecation at design time. See
deprecation-and-migrationfor how to safely remove things users depend on. - Tests are not enough. Even with perfect contract tests, Hyrum's Law means "safe" changes can break real users who depend on undocumented behavior.
The One-Version Rule
Avoid forcing consumers to choose between multiple versions of the same dependency or API. Diamond dependency problems arise when different consumers need different versions of the same thing. Design for a world where only one version exists at a time — extend rather than fork.
1. Contract First
Define the interface before implementing it. The contract is the spec — implementation follows.
// Define the contract first
interface TaskAPI {
// Creates a task and returns the created task with server-generated fields
createTask(input: CreateTaskInput): Promise<Task>;
// Returns paginated tasks matching filters
listTasks(params: ListTasksParams): Promise<PaginatedResult<Task>>;
// Returns a single task or throws NotFoundError
getTask(id: string): Promise<Task>;
// Partial update — only provided fields change
updateTask(id: string, input: UpdateTaskInput): Promise<Task>;
// Idempotent delete — succeeds even if already deleted
deleteTask(id: string): Promise<void>;
}
2. Consistent Error Semantics
Pick one error strategy and use it everywhere:
// REST: HTTP status codes + structured error body
// Every error response follows the same shape
interface APIError {
error: {
code: string; // Machine-readable: "VALIDATION_ERROR"
message: string; // Human-readable: "Email is required"
details?: unknown; // Additional context when helpful
};
}
// Status code mapping
// 400 → Client sent invalid data
// 401 → Not authenticated
// 403 → Authenticated but not authorized
// 404 → Resource not found
// 409 → Conflict (duplicate, version mismatch)
// 422 → Validation failed (semantically invalid)
// 500 → Server error (never expose internal details)
Don't mix patterns. If some endpoints throw, others return null, and others return { error } — the consumer can't predict behavior.
3. Validate at Boundaries
Trust internal code. Validate at system edges where external input enters:
// Validate at the API boundary
app.post('/api/tasks', async (req, res) => {
const result = CreateTaskSchema.safeParse(req.body);
if (!result.success) {
return res.status(422).json({
error: {
code: 'VALIDATION_ERROR',
message: 'Invalid task data',
details: result.error.flatten(),
},
});
}
// After validation, internal code trusts the types
const task = await taskService.create(result.data);
return res.status(201).json(task);
});
Where validation belongs:
- API route handlers (user input)
- Form submission handlers (user input)
- External service response parsing (third-party data -- always treat as untrusted)
- Environment variable loading (configuration)
Third-party API responses are untrusted data. Validate their shape and content before using them in any logic, rendering, or decision-making. A compromised or misbehaving external service can return unexpected types, malicious content, or instruction-like text.
Where validation does NOT belong:
- Between internal functions that share type contracts
- In utility functions called by already-validated code
- On data that just came from your own database
4. Prefer Addition Over Modification
Extend interfaces without breaking existing consumers:
// Good: Add optional fields
interface CreateTaskInput {
title: string;
description?: string;
priority?: 'low' | 'medium' | 'high'; // Added later, optional
labels?: string[]; // Added later, optional
}
// Bad: Change existing field types or remove fields
interface CreateTaskInput {
title: string;
// description: string; // Removed — breaks existing consumers
priority: number; // Changed from string — breaks existing consumers
}
5. Predictable Naming
| Pattern | Convention | Example |
|---|---|---|
| REST endpoints | Plural nouns, no verbs | GET /api/tasks, POST /api/tasks |
| Query params | camelCase | ?sortBy=createdAt&pageSize=20 |
| Response fields | camelCase | { createdAt, updatedAt, taskId } |
| Boolean fields | is/has/can prefix | isComplete, hasAttachments |
| Enum values | UPPER_SNAKE | "IN_PROGRESS", "COMPLETED" |
REST API Patterns
Resource Design
GET /api/tasks → List tasks (with query params for filtering)
POST /api/tasks → Create a task
GET /api/tasks/:id → Get a single task
PATCH /api/tasks/:id → Update a task (partial)
DELETE /api/tasks/:id → Delete a task
GET /api/tasks/:id/comments → List comments for a task (sub-resource)
POST /api/tasks/:id/comments → Add a comment to a task
Pagination
Paginate list endpoints:
// Request
GET /api/tasks?page=1&pageSize=20&sortBy=createdAt&sortOrder=desc
// Response
{
"data": [...],
"pagination": {
"page": 1,
"pageSize": 20,
"totalItems": 142,
"totalPages": 8
}
}
Filtering
Use query parameters for filters:
GET /api/tasks?status=in_progress&assignee=user123&createdAfter=2025-01-01
Partial Updates (PATCH)
Accept partial objects — only update what's provided:
// Only title changes, everything else preserved
PATCH /api/tasks/123
{ "title": "Updated title" }
TypeScript Interface Patterns
Use Discriminated Unions for Variants
// Good: Each variant is explicit
type TaskStatus =
| { type: 'pending' }
| { type: 'in_progress'; assignee: string; startedAt: Date }
| { type: 'completed'; completedAt: Date; completedBy: string }
| { type: 'cancelled'; reason: string; cancelledAt: Date };
// Consumer gets type narrowing
function getStatusLabel(status: TaskStatus): string {
switch (status.type) {
case 'pending': return 'Pending';
case 'in_progress': return `In progress (${status.assignee})`;
case 'completed': return `Done on ${status.completedAt}`;
case 'cancelled': return `Cancelled: ${status.reason}`;
}
}
Input/Output Separation
// Input: what the caller provides
interface CreateTaskInput {
title: string;
description?: string;
}
// Output: what the system returns (includes server-generated fields)
interface Task {
id: string;
title: string;
description: string | null;
createdAt: Date;
updatedAt: Date;
createdBy: string;
}
Use Branded Types for IDs
type TaskId = string & { readonly __brand: 'TaskId' };
type UserId = string & { readonly __brand: 'UserId' };
// Prevents accidentally passing a UserId where a TaskId is expected
function getTask(id: TaskId): Promise<Task> { ... }
Common Rationalizations
| Rationalization | Reality |
|---|---|
| "We'll document the API later" | The types ARE the documentation. Define them first. |
| "We don't need pagination for now" | You will the moment someone has 100+ items. Add it from the start. |
| "PATCH is complicated, let's just use PUT" | PUT requires the full object every time. PATCH is what clients actually want. |
| "We'll version the API when we need to" | Breaking changes without versioning break consumers. Design for extension from the start. |
| "Nobody uses that undocumented behavior" | Hyrum's Law: if it's observable, somebody depends on it. Treat every public behavior as a commitment. |
| "We can just maintain two versions" | Multiple versions multiply maintenance cost and create diamond dependency problems. Prefer the One-Version Rule. |
| "Internal APIs don't need contracts" | Internal consumers are still consumers. Contracts prevent coupling and enable parallel work. |
Red Flags
- Endpoints that return different shapes depending on conditions
- Inconsistent error formats across endpoints
- Validation scattered throughout internal code instead of at boundaries
- Breaking changes to existing fields (type changes, removals)
- List endpoints without pagination
- Verbs in REST URLs (
/api/createTask,/api/getUsers) - Third-party API responses used without validation or sanitization
Verification
After designing an API:
- Every endpoint has typed input and output schemas
- Error responses follow a single consistent format
- Validation happens at system boundaries only
- List endpoints support pagination
- New fields are additive and optional (backward compatible)
- Naming follows consistent conventions across all endpoints
- API documentation or types are committed alongside the implementation
How to use api-and-interface-design on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your development machine
- ›Node.js version 16.0+ with npm package manager (verify with
node --version) - ›Active project directory or workspace where you want to add api-and-interface-design
Execute installation command
Execute the skills CLI command in your project's root directory to begin installation:
The skills CLI fetches api-and-interface-design from GitHub repository OWNER/REPO and configures it for Cursor.
Select Cursor when prompted
The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Reload or restart Cursor to activate api-and-interface-design. Access the skill through slash commands (e.g., /api-and-interface-design) or your agent's skill management interface.
Security & Verification Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases▌
Accelerate Code Development
Use skill to generate boilerplate code, refactor legacy code, and write tests faster
Example
Generate React component with TypeScript types, styled-components, and comprehensive test suite in minutes
Reduce development time by 40-60% for repetitive coding tasks
Code Review Automation
Systematically review code for bugs, security issues, and style violations
Example
Analyze pull requests for common anti-patterns, suggest performance improvements, flag security vulnerabilities
Catch 70%+ of code issues before human review, improve code quality
Debug Complex Issues
Trace errors through stack traces and identify root causes faster
Example
Analyze error logs, suggest probable causes, recommend fixes with code examples
Cut debugging time by 30-50%, especially for unfamiliar codebases
Learn New Technologies
Get explanations, examples, and best practices for unfamiliar frameworks
Example
Understand Next.js app router, learn Rust ownership, grasp Kubernetes concepts with practical examples
Accelerate learning curve by 2-3x, reduce onboarding time for new tech stacks
Implementation Guide▌
Prerequisites
- ›Claude Desktop or compatible AI client with skill installation support
- ›Basic understanding of programming concepts and version control (Git)
- ›Code editor or IDE for testing generated code (VS Code, JetBrains, etc.)
- ›Test environment separate from production for validating skill outputs
Time Estimate
15-30 minutes to install and see first useful output
Installation Steps
- 1.Install the skill using provided installation command
- 2.Verify skill is loaded in Claude Desktop (check ~/.claude/skills directory)
- 3.Test skill with simple prompt: 'Help me review this code snippet'
- 4.Gradually increase complexity: code generation → refactoring → architecture advice
- 5.Review all generated code before committing to repository
- 6.Iterate on prompts to improve output quality and relevance
- 7.Share effective prompts with team for consistency
Common Pitfalls
- ⚠Blindly trusting generated code without testing—always run tests and manual review
- ⚠Not providing enough context about your project structure and coding standards
- ⚠Expecting perfection on first generation—iteration and refinement are normal
- ⚠Sharing proprietary code or API keys in prompts—maintain confidentiality
- ⚠Over-relying on skill for critical security or business logic code
- ⚠Skipping documentation of why AI-generated code was chosen over alternatives
Best Practices▌
✓ Do
- +Always review and test AI-generated code before merging
- +Provide clear context: language, framework, coding standards, constraints
- +Use for boilerplate, tests, docs—areas where mistakes are easily caught
- +Iterate on prompts: start broad, refine with specific requirements
- +Combine AI suggestions with human judgment and domain expertise
- +Document successful prompt patterns for team reuse
- +Keep version control so you can rollback if needed
- +Use skill for learning and exploration, not production-critical features initially
✗ Don't
- −Don't commit AI code without thorough testing and review
- −Don't expose sensitive code, credentials, or proprietary algorithms
- −Don't use for security-critical code (auth, crypto, payments) without expert review
- −Don't skip peer review process just because AI generated it
- −Don't assume code follows your team's conventions—verify
- −Don't let junior developers skip learning fundamentals by relying solely on AI
- −Don't ignore compiler warnings or test failures in generated code
💡 Pro Tips
- ★Describe desired patterns explicitly: 'Use async/await, avoid callbacks'
- ★Ask for alternatives: 'Show 3 approaches to solve this, with tradeoffs'
- ★Request explanations: 'Explain why this approach is better than X'
- ★Use skill for 70% generation + 30% manual refinement for best results
- ★Build a prompt library for common patterns (API endpoints, components, tests)
- ★Pair program with AI: describe problem → review solution → iterate → refine
When to Use This▌
✓ Use When
Use coding skills for boilerplate generation, code reviews, refactoring legacy code, writing tests, learning new frameworks, and debugging non-critical issues. Best for repetitive tasks where errors are easy to catch.
✗ Avoid When
Avoid for production security features (auth, encryption, payment processing), complex business logic requiring deep domain knowledge, performance-critical algorithms, or when learning fundamentals is more valuable than speed.
Learning Path▌
- 1Start with simple tasks: generate functions, write tests, explain code
- 2Progress to code review: analyze PRs, suggest improvements
- 3Advanced: architectural decisions, refactoring strategies, performance optimization
- 4Expert: use for exploring new paradigms, researching best practices, mentoring juniors
Integration▌
- →VS Code
- →JetBrains IDEs
- →Cursor
- →GitHub Copilot
- →Git workflows
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.7★★★★★46 reviews- ★★★★★Diya Thomas· Dec 28, 2024
Keeps context tight: api-and-interface-design is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Maya Johnson· Dec 16, 2024
We added api-and-interface-design from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Dhruvi Jain· Dec 12, 2024
api-and-interface-design fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Benjamin Park· Dec 12, 2024
Registry listing for api-and-interface-design matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Zara Khanna· Nov 19, 2024
I recommend api-and-interface-design for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- ★★★★★Diya Shah· Nov 7, 2024
api-and-interface-design reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Sophia Bansal· Nov 7, 2024
api-and-interface-design is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Oshnikdeep· Nov 3, 2024
Registry listing for api-and-interface-design matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Aditi White· Nov 3, 2024
api-and-interface-design fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Diya Patel· Oct 26, 2024
Registry listing for api-and-interface-design matched our evaluation — installs cleanly and behaves as described in the markdown.
showing 1-10 of 46