api-validation
Apply when validating API request inputs: body, query params, path params, and headers. This skill covers Zod v4 patterns.
Best use case
api-validation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Apply when validating API request inputs: body, query params, path params, and headers. This skill covers Zod v4 patterns.
Teams using api-validation should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/api-validation/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How api-validation Compares
| Feature / Agent | api-validation | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Apply when validating API request inputs: body, query params, path params, and headers. This skill covers Zod v4 patterns.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
## When to Use
Apply when validating API request inputs: body, query params, path params, and headers. This skill covers Zod v4 patterns.
## Patterns
### Pattern 1: Zod Schema Validation (v4)
```typescript
// Source: https://zod.dev/
import { z } from 'zod';
const CreateUserSchema = z.object({
email: z.string().email('Invalid email'),
password: z.string().min(8, 'Min 8 characters'),
name: z.string().min(1, 'Name required').max(100),
role: z.enum(['user', 'admin']).default('user'),
});
type CreateUserDto = z.infer<typeof CreateUserSchema>;
```
### Pattern 2: Request Handler with Validation
```typescript
// Source: https://zod.dev/
export async function POST(request: NextRequest) {
const body = await request.json();
const result = CreateUserSchema.safeParse(body);
if (!result.success) {
return NextResponse.json({
error: {
code: 'VALIDATION_ERROR',
message: 'Invalid request body',
details: result.error.issues.map(issue => ({
field: issue.path.join('.'),
message: issue.message,
})),
},
}, { status: 400 });
}
// result.data is fully typed
const user = await createUser(result.data);
return NextResponse.json(user, { status: 201 });
}
```
### Pattern 3: Query Params Validation
```typescript
// Source: https://zod.dev/
const ListQuerySchema = z.object({
page: z.coerce.number().int().positive().default(1),
limit: z.coerce.number().int().min(1).max(100).default(20),
sort: z.enum(['asc', 'desc']).default('desc'),
search: z.string().optional(),
});
export async function GET(request: NextRequest) {
const params = Object.fromEntries(request.nextUrl.searchParams);
const result = ListQuerySchema.safeParse(params);
if (!result.success) {
return NextResponse.json({ error: 'Invalid query params' }, { status: 400 });
}
const { page, limit, sort, search } = result.data;
// ...
}
```
### Pattern 4: Reusable Validators (Zod v4)
```typescript
// Source: https://zod.dev/
// Common field schemas - Zod v4 format validators
const EmailSchema = z.string().email();
const UUIDSchema = z.string().uuid();
const DateStringSchema = z.string().datetime();
const PaginationSchema = z.object({
page: z.coerce.number().int().positive().default(1),
limit: z.coerce.number().int().min(1).max(100).default(20),
});
// Compose schemas
const GetUserSchema = z.object({
params: z.object({ id: UUIDSchema }),
});
const ListUsersSchema = z.object({
query: PaginationSchema.extend({
status: z.enum(['active', 'inactive']).optional(),
}),
});
```
### Pattern 5: Validation Middleware
```typescript
// Source: Best practice pattern
function validate<T extends z.ZodSchema>(schema: T) {
return async (req: Request, res: Response, next: NextFunction) => {
const result = schema.safeParse({
body: req.body,
query: req.query,
params: req.params,
});
if (!result.success) {
return res.status(400).json({
error: {
code: 'VALIDATION_ERROR',
details: result.error.issues,
},
});
}
req.validated = result.data;
next();
};
}
// Usage
app.post('/users', validate(CreateUserSchema), createUserHandler);
```
## Zod v4 Migration Notes
**Breaking Changes from v3:**
- String format validators: `z.string().email()` patterns still work in v4
- Error messages: More descriptive (e.g., "Invalid input: expected string, received undefined")
- `.nonempty()` behavior: Now identical to `.min(1)`, inferred type is `string[]` not `[string, ...string[]]`
- Error API: `error.errors` is now `error.issues` (both work in v4 for compatibility)
**Recommendation:** The patterns in this skill use v4-compatible syntax that works in both v3 and v4.
## Anti-Patterns
- **No validation** - Always validate external input
- **Client-only validation** - Server must validate too
- **Trusting type assertions** - Use runtime validation
- **Vague error messages** - Tell user what's wrong
## Verification Checklist
- [ ] All endpoints validate input
- [ ] Schemas use Zod for runtime + types
- [ ] Error response includes field-level details
- [ ] Query params coerced to correct types
- [ ] Default values for optional fieldsRelated Skills
bio-alignment-validation
Validate alignment quality with insert size distribution, proper pairing rates, GC bias, strand balance, and other post-alignment metrics. Use when verifying alignment data quality before variant calling or quantification.
date-validation
Use when editing Planning Hubs, timelines, calendars, or any file with day-name + date combinations (Wed Nov 12), relative dates (tomorrow), or countdowns (18 days until) - validates day-of-week accuracy, relative date calculations, and countdown math with two-source ground truth verification before allowing edits
spring-validation
Bean Validation (Jakarta Validation) with Spring Boot. Custom validators, validation groups, cross-field validation, and internationalized error messages.
fullstack-validation
Comprehensive validation methodology for multi-component applications including backend, frontend, database, and infrastructure
api-request-validation
A skill for implementing robust API request validation in Python web frameworks like FastAPI using Pydantic. Covers Pydantic models, custom validators (email, password), field-level and cross-field validation, query/file validation, and structured error responses. Use when you need to validate incoming API requests.
api-contracts-and-zod-validation
Generate Zod schemas and TypeScript types for forms, API routes, and Server Actions with runtime validation. Use this skill when creating API contracts, validating request/response payloads, generating form schemas, adding input validation to Server Actions or route handlers, or ensuring type safety across client-server boundaries. Trigger terms include zod, schema, validation, API contract, form validation, type inference, runtime validation, parse, safeParse, input validation, request validation, Server Action validation.
api-contracts-and-validation
Define and validate API contracts using Zod
api-contract-validation
Detect breaking changes in API contracts (OpenAPI/Swagger specs)
android-playstore-api-validation
Create and run validation script to test Play Store API connection
agent-ops-validation
Pre-commit and pre-merge validation checks. Use before committing changes or declaring work complete to ensure all quality gates pass.
bgo
Automates the complete Blender build-go workflow, from building and packaging your extension/add-on to removing old versions, installing, enabling, and launching Blender for quick testing and iteration.
large-data-with-dask
Specific optimization strategies for Python scripts working with larger-than-memory datasets via Dask.