api-validator

Validate REST API standards compliance (versioning, naming, HTTP methods, status codes, pagination, Swagger). Use when checking endpoints before deployment, reviewing API design, or ensuring documentation completeness (e.g., "Validate User API", "Check Product endpoints").

16 stars

bydiegosouzapw

View on GitHub Installation ↓

Best use case

api-validator is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using api-validator should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/api-validator/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/backend/api-validator/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/api-validator/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How api-validator Compares

Feature / Agent	api-validator	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# API Standards Validator

Validate REST API design standards compliance including versioning, naming conventions, HTTP methods, status codes, pagination, and Swagger documentation.

## What This Skill Does

Performs comprehensive API standards validation:

- **Versioning**: Checks `/v1/` prefix on all routes
- **Resource Naming**: Validates plural nouns, lowercase-with-hyphens
- **HTTP Methods**: Validates proper method usage and status codes
- **Pagination**: Ensures list endpoints support pagination
- **Swagger Docs**: Verifies complete OpenAPI documentation
- **Error Mapping**: Checks proper status code usage

## When to Use This Skill

Use when you need to:
- Validate API endpoints before deployment
- Check new endpoints for standards compliance
- Review API design during code review
- Ensure Swagger documentation completeness

Examples:
- "Validate the User API endpoints"
- "Check if Product API follows design standards"
- "Review Order API for compliance"

## API Design Standards

### Versioning Rules

All controllers MUST be prefixed with `/v1/`:

```typescript
// ✅ CORRECT
@JsonController('/v1/users')
export class UserController {}

@JsonController('/v1/sms-messages')
export class SmsMessageController {}

// ❌ WRONG
@JsonController('/users')  // Missing version
@JsonController('/api/users')  // Wrong format
```

### Resource Naming Rules

**Must be:**
- Plural nouns: `/v1/users` not `/v1/user`
- Lowercase with hyphens: `/v1/sms-messages`
- No verbs: `/v1/users` not `/v1/getUsers`

```typescript
// ✅ CORRECT
'/v1/users'
'/v1/products'
'/v1/sms-messages'
'/v1/order-items'

// ❌ WRONG
'/v1/user'          // Singular
'/v1/getUsers'      // Verb
'/v1/Users'         // Wrong casing
'/v1/sms_messages'  // Underscores
```

### HTTP Methods and Status Codes

**Expected patterns:**

- **POST** (Create) → 201 Created
- **GET** (Read) → 200 OK
- **PATCH** (Partial Update) → 200 OK
- **PUT** (Full Update) → 200 OK
- **DELETE** → 204 No Content

**Error status codes:**

- **400** Bad Request → Validation errors
- **401** Unauthorized → Authentication required
- **403** Forbidden → Permission denied
- **404** Not Found → Resource not found
- **409** Conflict → Duplicate resource
- **422** Unprocessable Entity → Business rule violation
- **500** Internal Server Error → Unexpected errors

### Pagination Requirements

List endpoints MUST support pagination with DTOs:

```typescript
// ✅ CORRECT
export class QueryEntityDto {
  @IsOptional()
  @Type(() => Number)
  @IsNumber()
  @Min(1)
  limit?: number = 20;

  @IsOptional()
  @Type(() => Number)
  @IsNumber()
  @Min(0)
  offset?: number = 0;
  sortBy: z.enum(['createdAt', 'name']).optional(),
  order: z.enum(['asc', 'desc']).default('desc'),
});

// Response format
{
  items: Entity[],
  total: number,
  limit: number,
  offset: number
}
```

### Swagger Documentation Requirements

All endpoints MUST have:

```typescript
.post('/', controller.create.bind(controller), {
  body: CreateSchema,
  detail: {
    summary: 'Create entity',          // Required
    description: 'Detailed description', // Recommended
    tags: ['Entities'],                // Required
    responses: {                        // Required
      201: { description: 'Created' },
      400: { description: 'Invalid input' },
      409: { description: 'Duplicate' },
    },
  },
})
```

## Validation Checks

### Versioning Validation

**Checks:**
- All route prefixes include `/v1/`
- No routes without versioning
- Consistent version across all endpoints

**Reports:**
```
CRITICAL: Missing API version
File: src/contexts/user/presentation/user.routes.ts:5
Issue: Route prefix '/users' lacks /v1/
Fix: Change to '/v1/users'
```

### Resource Naming Validation

**Checks:**
- Resources are plural nouns
- Lowercase with hyphens (not underscores or camelCase)
- No verbs in resource names
- Proper REST conventions

**Reports:**
```
CRITICAL: Singular resource name
File: src/contexts/user/presentation/user.routes.ts:5
Issue: Resource '/v1/user' is singular
Fix: Change to '/v1/users'

CRITICAL: Verb in resource name
File: src/contexts/user/presentation/user.routes.ts:10
Issue: Resource '/v1/getUsers' contains verb
Fix: Use '/v1/users' with GET method
```

### HTTP Method Validation

**Checks:**
- GET for reads (200 OK)
- POST for creates (201 Created)
- PATCH/PUT for updates (200 OK)
- DELETE for deletions (204 No Content)
- Swagger responses match expected codes

**Reports:**
```
CRITICAL: Wrong status code for POST
File: src/contexts/user/presentation/user.routes.ts:15
Issue: POST endpoint documents 200, should be 201
Fix: Change response code to 201 in Swagger detail
```

### Error Mapping Validation

**Checks:**
- Controllers map domain errors to HTTP exceptions
- Correct status codes used:
  - EntityNotFoundError → 404
  - DuplicateError → 409
  - ValidationError → 400
  - UnauthorizedError → 401
  - ForbiddenError → 403
  - BusinessRuleViolation → 422

**Reports:**
```
WARNING: Missing error mapping
File: src/contexts/user/presentation/user.controller.ts:20
Issue: EntityNotFoundError not mapped to HttpException
Fix: Add error mapping:
  if (error instanceof EntityNotFoundError) {
    throw new HttpException(404, error.message, error.code);
  }
```

### Pagination Validation

**Checks:**
- List endpoints have `limit` parameter
- List endpoints have `offset` parameter
- Defaults defined for pagination
- Response includes total count

**Reports:**
```
CRITICAL: Missing pagination
File: src/contexts/user/presentation/schemas/query-user.schema.ts
Issue: Query schema lacks limit and offset
Fix: Add pagination fields:
  limit: z.coerce.number().min(1).max(100).default(10),
  offset: z.coerce.number().min(0).default(0),
```

### Swagger Documentation Validation

**Checks:**
- All endpoints have `detail` object
- `summary` field present
- `tags` array present
- `responses` object with status codes
- Response descriptions provided

**Reports:**
```
WARNING: Incomplete Swagger documentation
File: src/contexts/user/presentation/user.routes.ts:15
Issue: POST endpoint missing 'responses' in detail
Fix: Add responses object:
  responses: {
    201: { description: 'User created' },
    400: { description: 'Invalid input' },
    409: { description: 'Email exists' },
  }
```

### Controller Binding Validation

**Checks:**
- Controller methods use `.bind(controller)`
- Controller resolved from DI container

**Reports:**
```
CRITICAL: Controller method not bound
File: src/contexts/user/presentation/user.routes.ts:12
Issue: .post('/', controller.create) missing .bind()
Fix: Add .bind(controller): .post('/', controller.create.bind(controller))
```

## Common Violations

### Missing Versioning
```typescript
// ❌ WRONG
new Elysia({ prefix: '/users' })

// ✅ CORRECT
new Elysia({ prefix: '/v1/users' })
```

### Wrong Resource Naming
```typescript
// ❌ WRONG - Singular
new Elysia({ prefix: '/v1/user' })

// ❌ WRONG - Verb
.get('/getUser', ...)

// ✅ CORRECT
new Elysia({ prefix: '/v1/users' })
.get('/:id', ...)
```

### Wrong Status Code
```typescript
// ❌ WRONG
.post('/', ..., {
  detail: {
    responses: {
      200: {} // Should be 201 for POST
    }
  }
})

// ✅ CORRECT
.post('/', ..., {
  detail: {
    responses: {
      201: { description: 'Created' }
    }
  }
})
```

### Missing Pagination
```typescript
// ❌ WRONG
export const QuerySchema = z.object({
  search: z.string().optional(),
});

// ✅ CORRECT
export const QuerySchema = z.object({
  limit: z.coerce.number().min(1).max(100).default(10),
  offset: z.coerce.number().min(0).default(0),
  search: z.string().optional(),
});
```

### Incomplete Swagger
```typescript
// ❌ WRONG
.post('/', controller.create.bind(controller), {
  body: CreateSchema,
})

// ✅ CORRECT
.post('/', controller.create.bind(controller), {
  body: CreateSchema,
  detail: {
    summary: 'Create user',
    tags: ['Users'],
    responses: {
      201: { description: 'User created' },
      400: { description: 'Invalid input' },
    },
  },
})
```

## Report Format

1. **Summary**: Endpoints validated
2. **Endpoint Inventory**: List all found endpoints
3. **Critical Issues**: Must fix immediately
4. **Warnings**: Should fix before deployment
5. **Suggestions**: Nice-to-have improvements
6. **Compliance Score**: Percentage of standards met

## Integration

The validator is read-only - it never modifies code. After review:

1. Fix critical issues (versioning, naming)
2. Address warnings (Swagger docs, pagination)
3. Consider suggestions (additional docs)
4. Re-run validator to verify compliance

## Related Skills

- **ddd-validator**: Validate DDD architecture
- **ddd-api-generator**: Generate compliant APIs
- **di-helper**: Check DI setup

Related Skills

doc-ctr-validator

from diegosouzapw/awesome-omni-skill

Validate Data Contracts (CTR) documents against Layer 8 schema standards

conductor-validator

from diegosouzapw/awesome-omni-skill

Validates Conductor project artifacts for completeness, consistency, and correctness. Use after setup, when diagnosing issues, or before implementation to verify project context.

api-contract-validator

from diegosouzapw/awesome-omni-skill

Validates type contracts between TypeScript interfaces and Pydantic models. Detects field mismatches and type inconsistencies. Related: frontend-backend-mapper for endpoint discovery.

advanced-oscal-validator

from diegosouzapw/awesome-omni-skill

Perform comprehensive OSCAL validation using community-inspired patterns including JSON schema validation, business rule validation, cross-reference checking, and best practices from IBM Trestle, oscal-pydantic, and Lula. Use for thorough document quality assurance.

ado-resource-validator

from diegosouzapw/awesome-omni-skill

Validates Azure DevOps projects, area paths, and teams exist with auto-creation of missing resources. Use when setting up ADO integration, configuring .env variables, or troubleshooting missing project errors. Supports project-per-team, area-path-based, and team-based strategies.

amcs-validator

from diegosouzapw/awesome-omni-skill

Score composed artifacts against blueprint rubric. Evaluates hook density, singability, rhyme tightness, section completeness, and profanity compliance. Returns scores and issues list to determine if fix loop is needed. Use after COMPOSE to validate artifacts before rendering.

agent-config-validator

from diegosouzapw/awesome-omni-skill

Validate AgentConfig definitions for the Agent Framework. Use when creating or modifying agent configurations to ensure correct structure, valid tool references, and proper sub-agent composition. Validates TypeScript interfaces and Python Pydantic models.

bgo

from diegosouzapw/awesome-omni-skill

Automates the complete Blender build-go workflow, from building and packaging your extension/add-on to removing old versions, installing, enabling, and launching Blender for quick testing and iteration.

Coding & Development

large-data-with-dask

from diegosouzapw/awesome-omni-skill

Specific optimization strategies for Python scripts working with larger-than-memory datasets via Dask.

langsmith-fetch

from diegosouzapw/awesome-omni-skill

Debug LangChain and LangGraph agents by fetching execution traces from LangSmith Studio. Use when debugging agent behavior, investigating errors, analyzing tool calls, checking memory operations, or examining agent performance. Automatically fetches recent traces and analyzes execution patterns. Requires langsmith-fetch CLI installed.

langchain-tool-calling

from diegosouzapw/awesome-omni-skill

How chat models call tools - includes bind_tools, tool choice strategies, parallel tool calling, and tool message handling

langchain-notes

from diegosouzapw/awesome-omni-skill

LangChain 框架学习笔记 - 快速查找概念、代码示例和最佳实践。包含 Core components、Middleware、Advanced usage、Multi-agent patterns、RAG retrieval、Long-term memory 等主题。当用户询问 LangChain、Agent、RAG、向量存储、工具使用、记忆系统时使用此 Skill。