API Integration
Connect to third-party APIs and external services. Use this skill when integration with services like Stripe, Supabase, SendGrid, or other external APIs is requested.
Best use case
API Integration is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Connect to third-party APIs and external services. Use this skill when integration with services like Stripe, Supabase, SendGrid, or other external APIs is requested.
Teams using API Integration should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/api-integration/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How API Integration Compares
| Feature / Agent | API Integration | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Connect to third-party APIs and external services. Use this skill when integration with services like Stripe, Supabase, SendGrid, or other external APIs is requested.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Skill: API Integration ## Metadata | Field | Value | |-------|-------| | **Skill ID** | SKL-0010 | | **Version** | 1.0 | | **Owner** | builder | | **Inputs** | Task description, DECISIONS.md, .env.example, existing integrations | | **Outputs** | Integration files, .env.example updated, STATE.md updated | | **Triggers** | `INTEGRATION_REQUESTED` | --- ## Purpose Connect the app to third-party services (payments, auth, notifications, external APIs, webhooks) safely and reliably. Every integration is documented, every key is in an env var, every webhook is verified. --- ## Integration Defaults | Type | Default | Why | |------|---------|-----| | Payments | Stripe | Best docs, widest adoption, excellent test mode | | Auth | Supabase Auth | Free tier, open source | | Email | SendGrid | Reliable delivery, simple API | | SMS | Twilio | Industry standard | | Push (mobile) | Expo Notifications | Built into Expo stack | | File storage | Supabase Storage | Pairs with Supabase Auth | | Realtime/DB | Supabase | Free tier, Postgres-based | --- ## Procedure 1. **Research the integration** — check RESEARCH.md and DECISIONS.md for prior choices. Scan existing integration files. Read official docs for the chosen service. 2. **Set up credentials safely:** - All keys via environment variables — never hardcoded - Add new vars to `.env.example` with placeholders - Never commit `.env` — only `.env.example` 3. **Build the integration** by type: - **Payments:** Use official SDK, handle payment intents server-side, implement webhooks, test with test cards, never store card data - **Auth:** Use official client, handle session persistence, implement all auth states, protect routes - **Email:** Use official library, create templates, include unsubscribe links, handle bounces - **SMS:** Use official SDK, validate phone format, handle delivery webhooks, require opt-in - **Push:** Request permission, handle denial gracefully, test on real devices - **Webhooks (receiving):** Verify signatures, return 200 immediately, process async, handle duplicates idempotently - **External APIs:** Cache responses, handle rate limits, never expose keys to frontend, have fallback for unavailability 4. **Write integration tests** using the service's sandbox/test mode. 5. **Document in DECISIONS.md** — service chosen, env vars required, webhook endpoints, gotchas. 6. **Update .env.example** with all new variables. 7. **Update STATE.md.** --- ## Constraints - Never hardcodes API keys, tokens, or credentials - Never calls payment APIs from the frontend - Never stores raw card data or passwords - Never sends notifications without user opt-in - Never processes webhooks without verifying signatures - Always uses official SDKs over raw HTTP calls - Always tests in sandbox mode first - Never commits .env files --- ## Primary Agent builder --- ## Definition of Done - [ ] Service choice confirmed from DECISIONS.md or researched - [ ] Official SDK used - [ ] All credentials in environment variables - [ ] .env.example updated - [ ] Webhook signatures verified (if applicable) - [ ] Error handling and fallback implemented - [ ] Integration tested in sandbox mode - [ ] Integration documented in DECISIONS.md - [ ] STATE.md updated ## Output Contract | Field | Value | |-------|-------| | **Artifacts** | Integration service files, webhook handlers, `.env.example` (updated) | | **State Update** | `.claude/project/STATE.md` — mark task complete, log files modified | | **Decision Log** | `.claude/project/knowledge/DECISIONS.md` — service chosen, env vars, webhook endpoints | | **Handoff Event** | `TASK_COMPLETED` (integration connected) |
Related Skills
Supply Chain Audit
Audit the dependency supply chain for security risks beyond what `npm audit` or `pip audit` catches. Analyzes dependency health, maintainer trust signals, typosquatting risk, and transitive dependency exposure.
SEO Audit
Audit web pages for search engine optimization: meta tags, heading hierarchy, structured data, image optimization, mobile-friendliness, and content quality. Complements SKL-0013 (Growth & Distribution) by validating what was built.
Pitch Deck
Create a structured pitch deck outline for investors, stakeholders, or partners. Covers problem, solution, market, traction, team, and ask. Natural output after PRD + Problem Stress Test validation.
Launch Checklist
Pre-launch validation covering everything deployment (SKL-0021) doesn't: analytics, error tracking, social meta, legal pages, email setup, DNS, SSL, and go-live readiness. Produces a launch readiness report with pass/fail checklist. Use this skill before going live on any project.
Insecure Defaults Detection
Detect insecure default configurations, hardcoded credentials, fail-open security patterns, and dangerous default values in application code and configuration files. Complements SKL-0015 (Security Audit) by focusing on configuration-level vulnerabilities that dependency scanners miss.
Differential Security Review
Security-focused review of code changes using git diff analysis. Identifies security implications of recent modifications — new attack surfaces, removed protections, changed auth logic, and risky refactors. Complements SKL-0016 (Code Review) with a security lens on diffs.
Copywriting
Write conversion-focused copy using proven frameworks (AIDA, PAS, BAB). Produces headlines, CTAs, landing page copy, email sequences, and micro-copy. Ensures copy matches brand voice and target audience.
Competitor Analysis
Structured competitor research: features, pricing, positioning, gaps, and differentiation strategy. Feeds into PRD Writing (SKL-0004) and Problem Stress Test (SKL-0027) with better market context.
UX Design
Design user experiences including wireframes, flows, and interaction patterns. Use this skill when UX design work is requested, including onboarding flows and interface layouts.
User Acceptance Testing
Structured QA testing with four modes: diff-aware (auto-scoped to branch changes), full (systematic exploration), quick (30-second smoke test), and regression (compare against baseline). Produces health score, structured reports, and actionable bug lists. Use this skill when UAT is requested or a feature is ready for acceptance testing.
Token Audit
Audit the current project for token waste patterns. Produces a Token Health Report with scored findings and actionable fixes. Use this skill when token usage feels high, sessions are hitting limits, or before optimizing costs.
Test Writing
Write automated tests for existing or new functionality. Use this skill when tests are requested, including unit tests, integration tests, and end-to-end tests.