backend
API, database, server logic, webhooks. Auto-use for any API/DB work.
Best use case
backend is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
API, database, server logic, webhooks. Auto-use for any API/DB work.
Teams using backend should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/backend/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How backend Compares
| Feature / Agent | backend | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
API, database, server logic, webhooks. Auto-use for any API/DB work.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Backend
**Auto-use when:** API, route, endpoint, database, Supabase, schema, migration, webhook, server action
**Works with:** `frontend` for UI, `security` for auth patterns
---
## Auto-Apply Rules
### 1. Every Endpoint Must Have
```typescript
export async function POST(request: Request) {
// 1. AUTH (required)
const { userId } = await auth()
if (!userId) return Response.json({ error: 'Unauthorized' }, { status: 401 })
// 2. VALIDATION (required)
const body = await request.json()
const result = Schema.safeParse(body)
if (!result.success) {
return Response.json({ error: 'Invalid', details: result.error.flatten() }, { status: 400 })
}
// 3. OWNERSHIP (if accessing resource)
const resource = await db.findUnique({ where: { id: result.data.id } })
if (resource?.userId !== userId) {
return Response.json({ error: 'Not found' }, { status: 404 })
}
// 4. EXECUTE with try/catch
try {
const data = await db.create({ data: result.data })
return Response.json(data, { status: 201 })
} catch (error) {
console.error('Error:', error)
return Response.json({ error: 'Failed' }, { status: 500 })
}
}
```
### 2. Server Actions
```typescript
'use server'
import { auth } from '@/lib/auth'
import { db } from '@/lib/db'
import { revalidatePath } from 'next/cache'
import { z } from 'zod'
const Schema = z.object({
title: z.string().min(1).max(200),
})
export async function createPost(input: unknown) {
const { userId } = await auth()
if (!userId) return { error: 'Unauthorized' }
const result = Schema.safeParse(input)
if (!result.success) return { error: 'Invalid', details: result.error.flatten() }
try {
const post = await db.post.create({
data: { ...result.data, authorId: userId }
})
revalidatePath('/posts')
return { data: post }
} catch (error) {
console.error('Error:', error)
return { error: 'Failed' }
}
}
```
### 3. Database Patterns
```typescript
// N+1 Prevention - ALWAYS use includes
const posts = await db.post.findMany({
include: { author: true } // NOT separate query
})
// Pagination - ALWAYS paginate lists
const posts = await db.post.findMany({
skip: (page - 1) * limit,
take: limit,
orderBy: { createdAt: 'desc' }
})
// Correct types
// IDs: BIGINT (not INT)
// Timestamps: TIMESTAMPTZ (not TIMESTAMP)
// Money: DECIMAL (not FLOAT)
```
### 4. Webhooks
```typescript
export async function POST(request: Request) {
const body = await request.text()
const signature = headers().get('stripe-signature')!
// 1. Verify signature
let event
try {
event = stripe.webhooks.constructEvent(body, signature, secret)
} catch {
return new Response('Invalid signature', { status: 400 })
}
// 2. Idempotency check
const exists = await db.webhookEvent.findUnique({ where: { eventId: event.id } })
if (exists) return new Response('Already processed')
// 3. Process
switch (event.type) {
case 'checkout.session.completed':
await handleCheckout(event.data.object)
break
}
// 4. Mark processed
await db.webhookEvent.create({ data: { eventId: event.id } })
return new Response('OK')
}
```
---
## Quick Reference
### API Route
```
app/api/users/route.ts -> GET /api/users, POST /api/users
app/api/users/[id]/route.ts -> GET/PATCH/DELETE /api/users/:id
```
### Server Action vs API Route
```
Form submission, mutations -> Server Action (preferred)
External API access needed -> API Route
Webhooks -> API Route
```
### Supabase with RLS
```typescript
// RLS handles authorization automatically
const { data } = await supabase
.from('posts')
.select('*') // Only returns user's posts due to RLS
```
---
## Security Checklist
```
[] Auth check at start
[] Zod validation on all input
[] Ownership check on resource access
[] Generic errors to client
[] Detailed errors to logs
[] No secrets in code
[] Webhook signature verification
```
---
## Red Flags (STOP)
| If You See | Fix |
|------------|-----|
| No `await auth()` | Add auth check |
| `Schema.parse(body)` without try | Use safeParse |
| No ownership check | Add authorization |
| `return { error: error.message }` | Generic error |
| `db.query(\`...${input}\`)` | Use parameterized |
| No pagination | Add pagination |Related Skills
web-backend-builder
Scaffold backend API, data models, ORM setup, and endpoint inventory with OpenAPI output.
python-backend-expert
Python backend expert including Django, FastAPI, Flask, SQLAlchemy, and async patterns
platform-backend
Server-side architecture and security patterns. Extends core-coding-standards with API, error handling, and security rules. Use when building APIs or server logic.
nodejs-backend-patterns
Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when...
moai-domain-backend
Backend development specialist covering API design, database integration, microservices architecture, and modern backend patterns
jikime-domain-backend
Backend development specialist covering API design, database integration, microservices architecture, and modern backend patterns
go-backend-scalability-cursorrules-prompt-file-cursorrules
Apply for go-backend-scalability-cursorrules-prompt-file. --- description: General rule for backend development expertise across the project. globs: **/*
dotnet-backend
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
cc-skill-backend-patterns
Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.
backend-tester
Activate when user needs API or backend testing - REST/GraphQL validation, integration tests, database verification. Activate when the backend-tester skill is requested or work requires backend quality assurance.
backend-skills
Master Node.js, Express, PHP, Laravel, Java, Spring Boot, API design, and database integration. Build scalable APIs and server applications.
backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.