{ "schemaVersion": "1.0", "item": { "slug": "api-development", "name": "api-development", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/wpank/api-development", "canonicalUrl": "https://clawhub.ai/wpank/api-development", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/api-development", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=api-development", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "api-development", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-11T16:23:03.820Z", "expiresAt": "2026-05-18T16:23:03.820Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=api-development", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=api-development", "contentDisposition": "attachment; filename=\"api-development-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "api-development" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/api-development" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/api-development", "agentPageUrl": "https://openagent3.xyz/skills/api-development/agent", "manifestUrl": "https://openagent3.xyz/skills/api-development/agent.json", "briefUrl": "https://openagent3.xyz/skills/api-development/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "API Development", "body": "Orchestrate the full API development lifecycle by coordinating design, implementation, testing, and documentation into a single workflow." }, { "title": "When to Use This Skill", "body": "Building a new API from scratch\nAdding endpoints to an existing API\nRedesigning or refactoring an API\nPlanning API versioning and migration\nRunning a complete API development cycle (design → build → test → document → deploy)" }, { "title": "Orchestration Flow", "body": "Follow these steps in order. Each step routes to the appropriate skill or tool." }, { "title": "1. Design the API", "body": "Load the api-design skill to establish resource models, URL structure, HTTP method semantics, error formats, and pagination strategy.\n\nDeliverables: Resource list, endpoint map, request/response schemas, error format" }, { "title": "2. Generate OpenAPI Spec", "body": "Produce a machine-readable OpenAPI 3.x specification from the design. Use the OpenAPI template in api-design/assets/openapi-template.yaml as a starting point.\n\nDeliverables: openapi.yaml with all endpoints, schemas, auth schemes, and examples" }, { "title": "3. Scaffold Endpoints", "body": "Generate route files, request/response types, and validation schemas for each endpoint. Group routes by resource.\n\nDeliverables: Route files, type definitions, validation schemas per resource" }, { "title": "4. Implement Business Logic", "body": "Write service-layer logic with input validation, authorization checks, database queries, and proper error propagation. Keep controllers thin — business logic lives in the service layer.\n\nDeliverables: Service modules, repository layer, middleware (auth, rate limiting, CORS)" }, { "title": "5. Test", "body": "Write tests at three levels:\n\nUnit tests — service logic, validation, error handling\nIntegration tests — endpoint behavior with real DB\nContract tests — response shapes match OpenAPI spec\n\nDeliverables: Test suite with coverage for happy paths, error cases, edge cases, and auth" }, { "title": "6. Document", "body": "Generate human-readable API documentation with usage examples and SDK snippets. Ensure every endpoint has description, parameters, request/response examples, and error codes.\n\nDeliverables: API docs, changelog, authentication guide" }, { "title": "7. Version and Deploy", "body": "Apply a versioning strategy, tag the release, update changelogs, and deploy through the pipeline. Follow the api-versioning skill for deprecation and migration guidance.\n\nDeliverables: Version tag, changelog entry, deployment confirmation" }, { "title": "API Design Decision Table", "body": "Choose the right paradigm for your use case.\n\nCriteriaRESTGraphQLgRPCBest forCRUD-heavy public APIsComplex relational data, client-driven queriesInternal microservices, high-throughputData fetchingFixed response shape per endpointClient specifies exact fieldsStrongly typed protobuf messagesOver/under-fetchingCommon problemSolved by designMinimal — schema is explicitCachingNative HTTP caching (ETags, Cache-Control)Requires custom cachingNo built-in HTTP cachingReal-timePolling or WebSocketsSubscriptions (built-in)Bidirectional streamingToolingMature — OpenAPI, Postman, curlGrowing — Apollo, Relay, GraphiQLMature — protoc, grpcurl, BufLearning curveLowMediumMedium-HighVersioningURL or header versioningSchema evolution with @deprecatedPackage versioning in .proto\n\nRule of thumb: Default to REST for public APIs. Use GraphQL when clients need flexible queries across related data. Use gRPC for internal service-to-service communication." }, { "title": "API Checklist", "body": "Run through this checklist before marking any API work as complete." }, { "title": "Authentication & Authorization", "body": "Authentication mechanism chosen (JWT, OAuth2, API key)\n Authorization rules enforced at every endpoint\n Tokens validated and scoped correctly\n Secrets stored securely (never in code or logs)" }, { "title": "Rate Limiting", "body": "Rate limits configured per endpoint or consumer tier\n RateLimit-* headers included in responses\n 429 Too Many Requests returned with Retry-After header\n Rate limit strategy documented for consumers" }, { "title": "Pagination", "body": "All collection endpoints paginated\n Pagination style chosen (cursor-based or offset-based)\n page_size bounded with a sensible maximum\n Total count or hasNextPage indicator included" }, { "title": "Filtering & Sorting", "body": "Filter parameters validated and sanitized\n Sort fields allow-listed (no arbitrary column sorting)\n Default sort order defined and documented" }, { "title": "Error Handling", "body": "Consistent error response schema across all endpoints\n Correct HTTP status codes (4xx for client, 5xx for server)\n Validation errors return field-level detail\n Internal errors never leak stack traces or sensitive data" }, { "title": "Versioning", "body": "Versioning strategy selected and applied uniformly\n Breaking vs non-breaking change policy documented\n Deprecation timeline communicated via Sunset header" }, { "title": "CORS", "body": "Allowed origins configured (no wildcard * in production with credentials)\n Allowed methods and headers explicitly listed\n Preflight (OPTIONS) requests handled correctly" }, { "title": "Documentation", "body": "OpenAPI / Swagger spec generated and up to date\n Every endpoint has description, parameters, and example responses\n Authentication requirements documented\n Error codes and meanings listed\n Changelog maintained for each version" }, { "title": "Security", "body": "Input validation on all fields\n SQL injection prevention\n HTTPS enforced\n Sensitive data never in URLs or logs\n CORS configured correctly" }, { "title": "Monitoring", "body": "Structured logging with request IDs\n Error tracking configured (Sentry, Datadog, etc.)\n Performance metrics collected (latency, error rate)\n Health check endpoint available (/health)\n Alerts configured for error rate spikes" }, { "title": "Skill Routing Table", "body": "NeedSkillPurposeAPI design principlesapi-designResource modeling, HTTP semantics, pagination, error formatsVersioning strategyapi-versioningVersion lifecycle, deprecation, migration patternsAuthenticationauth-patternsJWT, OAuth2, sessions, RBAC, MFAError handlingerror-handlingError types, retry patterns, circuit breakers, HTTP errorsRate limitingrate-limitingAlgorithms, HTTP headers, tiered limits, distributed limitingCachingcachingCache strategies, HTTP caching, invalidation, Redis patternsDatabase migrationsdatabase-migrationsSchema evolution, zero-downtime patterns, rollback strategies" }, { "title": "NEVER Do", "body": "NEVER skip the design phase — jumping straight to code produces inconsistent APIs that are expensive to fix\nNEVER expose database schema directly — API resources are not database tables; design around consumer use cases\nNEVER ship without authentication — every production endpoint must have an auth strategy\nNEVER return inconsistent error formats — every error response must follow the same schema\nNEVER break a published API without a versioning plan — breaking changes require a new version, migration guide, and deprecation timeline\nNEVER deploy without tests and documentation — untested APIs ship bugs, undocumented APIs frustrate developers" } ], "body": "API Development\n\nOrchestrate the full API development lifecycle by coordinating design, implementation, testing, and documentation into a single workflow.\n\nWhen to Use This Skill\nBuilding a new API from scratch\nAdding endpoints to an existing API\nRedesigning or refactoring an API\nPlanning API versioning and migration\nRunning a complete API development cycle (design → build → test → document → deploy)\nOrchestration Flow\n\nFollow these steps in order. Each step routes to the appropriate skill or tool.\n\n1. Design the API\n\nLoad the api-design skill to establish resource models, URL structure, HTTP method semantics, error formats, and pagination strategy.\n\nDeliverables: Resource list, endpoint map, request/response schemas, error format\n\n2. Generate OpenAPI Spec\n\nProduce a machine-readable OpenAPI 3.x specification from the design. Use the OpenAPI template in api-design/assets/openapi-template.yaml as a starting point.\n\nDeliverables: openapi.yaml with all endpoints, schemas, auth schemes, and examples\n\n3. Scaffold Endpoints\n\nGenerate route files, request/response types, and validation schemas for each endpoint. Group routes by resource.\n\nDeliverables: Route files, type definitions, validation schemas per resource\n\n4. Implement Business Logic\n\nWrite service-layer logic with input validation, authorization checks, database queries, and proper error propagation. Keep controllers thin — business logic lives in the service layer.\n\nDeliverables: Service modules, repository layer, middleware (auth, rate limiting, CORS)\n\n5. Test\n\nWrite tests at three levels:\n\nUnit tests — service logic, validation, error handling\nIntegration tests — endpoint behavior with real DB\nContract tests — response shapes match OpenAPI spec\n\nDeliverables: Test suite with coverage for happy paths, error cases, edge cases, and auth\n\n6. Document\n\nGenerate human-readable API documentation with usage examples and SDK snippets. Ensure every endpoint has description, parameters, request/response examples, and error codes.\n\nDeliverables: API docs, changelog, authentication guide\n\n7. Version and Deploy\n\nApply a versioning strategy, tag the release, update changelogs, and deploy through the pipeline. Follow the api-versioning skill for deprecation and migration guidance.\n\nDeliverables: Version tag, changelog entry, deployment confirmation\n\nAPI Design Decision Table\n\nChoose the right paradigm for your use case.\n\nCriteria\tREST\tGraphQL\tgRPC\nBest for\tCRUD-heavy public APIs\tComplex relational data, client-driven queries\tInternal microservices, high-throughput\nData fetching\tFixed response shape per endpoint\tClient specifies exact fields\tStrongly typed protobuf messages\nOver/under-fetching\tCommon problem\tSolved by design\tMinimal — schema is explicit\nCaching\tNative HTTP caching (ETags, Cache-Control)\tRequires custom caching\tNo built-in HTTP caching\nReal-time\tPolling or WebSockets\tSubscriptions (built-in)\tBidirectional streaming\nTooling\tMature — OpenAPI, Postman, curl\tGrowing — Apollo, Relay, GraphiQL\tMature — protoc, grpcurl, Buf\nLearning curve\tLow\tMedium\tMedium-High\nVersioning\tURL or header versioning\tSchema evolution with @deprecated\tPackage versioning in .proto\n\nRule of thumb: Default to REST for public APIs. Use GraphQL when clients need flexible queries across related data. Use gRPC for internal service-to-service communication.\n\nAPI Checklist\n\nRun through this checklist before marking any API work as complete.\n\nAuthentication & Authorization\n Authentication mechanism chosen (JWT, OAuth2, API key)\n Authorization rules enforced at every endpoint\n Tokens validated and scoped correctly\n Secrets stored securely (never in code or logs)\nRate Limiting\n Rate limits configured per endpoint or consumer tier\n RateLimit-* headers included in responses\n 429 Too Many Requests returned with Retry-After header\n Rate limit strategy documented for consumers\nPagination\n All collection endpoints paginated\n Pagination style chosen (cursor-based or offset-based)\n page_size bounded with a sensible maximum\n Total count or hasNextPage indicator included\nFiltering & Sorting\n Filter parameters validated and sanitized\n Sort fields allow-listed (no arbitrary column sorting)\n Default sort order defined and documented\nError Handling\n Consistent error response schema across all endpoints\n Correct HTTP status codes (4xx for client, 5xx for server)\n Validation errors return field-level detail\n Internal errors never leak stack traces or sensitive data\nVersioning\n Versioning strategy selected and applied uniformly\n Breaking vs non-breaking change policy documented\n Deprecation timeline communicated via Sunset header\nCORS\n Allowed origins configured (no wildcard * in production with credentials)\n Allowed methods and headers explicitly listed\n Preflight (OPTIONS) requests handled correctly\nDocumentation\n OpenAPI / Swagger spec generated and up to date\n Every endpoint has description, parameters, and example responses\n Authentication requirements documented\n Error codes and meanings listed\n Changelog maintained for each version\nSecurity\n Input validation on all fields\n SQL injection prevention\n HTTPS enforced\n Sensitive data never in URLs or logs\n CORS configured correctly\nMonitoring\n Structured logging with request IDs\n Error tracking configured (Sentry, Datadog, etc.)\n Performance metrics collected (latency, error rate)\n Health check endpoint available (/health)\n Alerts configured for error rate spikes\nSkill Routing Table\nNeed\tSkill\tPurpose\nAPI design principles\tapi-design\tResource modeling, HTTP semantics, pagination, error formats\nVersioning strategy\tapi-versioning\tVersion lifecycle, deprecation, migration patterns\nAuthentication\tauth-patterns\tJWT, OAuth2, sessions, RBAC, MFA\nError handling\terror-handling\tError types, retry patterns, circuit breakers, HTTP errors\nRate limiting\trate-limiting\tAlgorithms, HTTP headers, tiered limits, distributed limiting\nCaching\tcaching\tCache strategies, HTTP caching, invalidation, Redis patterns\nDatabase migrations\tdatabase-migrations\tSchema evolution, zero-downtime patterns, rollback strategies\nNEVER Do\nNEVER skip the design phase — jumping straight to code produces inconsistent APIs that are expensive to fix\nNEVER expose database schema directly — API resources are not database tables; design around consumer use cases\nNEVER ship without authentication — every production endpoint must have an auth strategy\nNEVER return inconsistent error formats — every error response must follow the same schema\nNEVER break a published API without a versioning plan — breaking changes require a new version, migration guide, and deprecation timeline\nNEVER deploy without tests and documentation — untested APIs ship bugs, undocumented APIs frustrate developers" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/wpank/api-development", "publisherUrl": "https://clawhub.ai/wpank/api-development", "owner": "wpank", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/api-development", "downloadUrl": "https://openagent3.xyz/downloads/api-development", "agentUrl": "https://openagent3.xyz/skills/api-development/agent", "manifestUrl": "https://openagent3.xyz/skills/api-development/agent.json", "briefUrl": "https://openagent3.xyz/skills/api-development/agent.md" } }