API Integration

Connect to third-party APIs and external services. Use this skill when integration with services like Stripe, Supabase, SendGrid, or other external APIs is requested.

5 stars

Best use case

API Integration is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Connect to third-party APIs and external services. Use this skill when integration with services like Stripe, Supabase, SendGrid, or other external APIs is requested.

Teams using API Integration should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/api-integration/SKILL.md --create-dirs "https://raw.githubusercontent.com/BasharAmso/Bashi/main/.claude/skills/api-integration/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/api-integration/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How API Integration Compares

Feature / AgentAPI IntegrationStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Connect to third-party APIs and external services. Use this skill when integration with services like Stripe, Supabase, SendGrid, or other external APIs is requested.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Skill: API Integration

## Metadata

| Field | Value |
|-------|-------|
| **Skill ID** | SKL-0010 |
| **Version** | 1.0 |
| **Owner** | builder |
| **Inputs** | Task description, DECISIONS.md, .env.example, existing integrations |
| **Outputs** | Integration files, .env.example updated, STATE.md updated |
| **Triggers** | `INTEGRATION_REQUESTED` |

---

## Purpose

Connect the app to third-party services (payments, auth, notifications, external APIs, webhooks) safely and reliably. Every integration is documented, every key is in an env var, every webhook is verified.

---

## Integration Defaults

| Type | Default | Why |
|------|---------|-----|
| Payments | Stripe | Best docs, widest adoption, excellent test mode |
| Auth | Supabase Auth | Free tier, open source |
| Email | SendGrid | Reliable delivery, simple API |
| SMS | Twilio | Industry standard |
| Push (mobile) | Expo Notifications | Built into Expo stack |
| File storage | Supabase Storage | Pairs with Supabase Auth |
| Realtime/DB | Supabase | Free tier, Postgres-based |

---

## Procedure

1. **Research the integration** — check RESEARCH.md and DECISIONS.md for prior choices. Scan existing integration files. Read official docs for the chosen service.
2. **Set up credentials safely:**
   - All keys via environment variables — never hardcoded
   - Add new vars to `.env.example` with placeholders
   - Never commit `.env` — only `.env.example`
3. **Build the integration** by type:
   - **Payments:** Use official SDK, handle payment intents server-side, implement webhooks, test with test cards, never store card data
   - **Auth:** Use official client, handle session persistence, implement all auth states, protect routes
   - **Email:** Use official library, create templates, include unsubscribe links, handle bounces
   - **SMS:** Use official SDK, validate phone format, handle delivery webhooks, require opt-in
   - **Push:** Request permission, handle denial gracefully, test on real devices
   - **Webhooks (receiving):** Verify signatures, return 200 immediately, process async, handle duplicates idempotently
   - **External APIs:** Cache responses, handle rate limits, never expose keys to frontend, have fallback for unavailability
4. **Write integration tests** using the service's sandbox/test mode.
5. **Document in DECISIONS.md** — service chosen, env vars required, webhook endpoints, gotchas.
6. **Update .env.example** with all new variables.
7. **Update STATE.md.**

---

## Constraints

- Never hardcodes API keys, tokens, or credentials
- Never calls payment APIs from the frontend
- Never stores raw card data or passwords
- Never sends notifications without user opt-in
- Never processes webhooks without verifying signatures
- Always uses official SDKs over raw HTTP calls
- Always tests in sandbox mode first
- Never commits .env files

---

## Primary Agent

builder

---

## Definition of Done

- [ ] Service choice confirmed from DECISIONS.md or researched
- [ ] Official SDK used
- [ ] All credentials in environment variables
- [ ] .env.example updated
- [ ] Webhook signatures verified (if applicable)
- [ ] Error handling and fallback implemented
- [ ] Integration tested in sandbox mode
- [ ] Integration documented in DECISIONS.md
- [ ] STATE.md updated

## Output Contract

| Field | Value |
|-------|-------|
| **Artifacts** | Integration service files, webhook handlers, `.env.example` (updated) |
| **State Update** | `.claude/project/STATE.md` — mark task complete, log files modified |
| **Decision Log** | `.claude/project/knowledge/DECISIONS.md` — service chosen, env vars, webhook endpoints |
| **Handoff Event** | `TASK_COMPLETED` (integration connected) |

Related Skills

Supply Chain Audit

5
from BasharAmso/Bashi

Audit the dependency supply chain for security risks beyond what `npm audit` or `pip audit` catches. Analyzes dependency health, maintainer trust signals, typosquatting risk, and transitive dependency exposure.

SEO Audit

5
from BasharAmso/Bashi

Audit web pages for search engine optimization: meta tags, heading hierarchy, structured data, image optimization, mobile-friendliness, and content quality. Complements SKL-0013 (Growth & Distribution) by validating what was built.

Pitch Deck

5
from BasharAmso/Bashi

Create a structured pitch deck outline for investors, stakeholders, or partners. Covers problem, solution, market, traction, team, and ask. Natural output after PRD + Problem Stress Test validation.

Launch Checklist

5
from BasharAmso/Bashi

Pre-launch validation covering everything deployment (SKL-0021) doesn't: analytics, error tracking, social meta, legal pages, email setup, DNS, SSL, and go-live readiness. Produces a launch readiness report with pass/fail checklist. Use this skill before going live on any project.

Insecure Defaults Detection

5
from BasharAmso/Bashi

Detect insecure default configurations, hardcoded credentials, fail-open security patterns, and dangerous default values in application code and configuration files. Complements SKL-0015 (Security Audit) by focusing on configuration-level vulnerabilities that dependency scanners miss.

Differential Security Review

5
from BasharAmso/Bashi

Security-focused review of code changes using git diff analysis. Identifies security implications of recent modifications — new attack surfaces, removed protections, changed auth logic, and risky refactors. Complements SKL-0016 (Code Review) with a security lens on diffs.

Copywriting

5
from BasharAmso/Bashi

Write conversion-focused copy using proven frameworks (AIDA, PAS, BAB). Produces headlines, CTAs, landing page copy, email sequences, and micro-copy. Ensures copy matches brand voice and target audience.

Competitor Analysis

5
from BasharAmso/Bashi

Structured competitor research: features, pricing, positioning, gaps, and differentiation strategy. Feeds into PRD Writing (SKL-0004) and Problem Stress Test (SKL-0027) with better market context.

UX Design

5
from BasharAmso/Bashi

Design user experiences including wireframes, flows, and interaction patterns. Use this skill when UX design work is requested, including onboarding flows and interface layouts.

User Acceptance Testing

5
from BasharAmso/Bashi

Structured QA testing with four modes: diff-aware (auto-scoped to branch changes), full (systematic exploration), quick (30-second smoke test), and regression (compare against baseline). Produces health score, structured reports, and actionable bug lists. Use this skill when UAT is requested or a feature is ready for acceptance testing.

Token Audit

5
from BasharAmso/Bashi

Audit the current project for token waste patterns. Produces a Token Health Report with scored findings and actionable fixes. Use this skill when token usage feels high, sessions are hitting limits, or before optimizing costs.

Test Writing

5
from BasharAmso/Bashi

Write automated tests for existing or new functionality. Use this skill when tests are requested, including unit tests, integration tests, and end-to-end tests.