v1.0.0
Reviews REST API design for consistency, correctness, and security — covering endpoint naming, input validation, HTTP status codes, pagination, and rate limiting. Poorly designed APIs create integration headaches that compound with every new consumer.
A review skill for HTTP API endpoints that checks design consistency, input handling, and error communication.
Run this when building or modifying API endpoints, especially before publishing APIs that external consumers will depend on.
Validate and sanitize all request input (body, query params, headers) before processing. Unvalidated input is the root cause of injection attacks, data corruption, and crashes from malformed data.
Apply rate limiting to all public-facing API endpoints. Without rate limits, a single attacker can overwhelm your server, exhaust your database connections, or brute-force authentication — taking down the service for all users.
BeforeMerge scans your pull requests against all 4 API Design Review rules automatically. Get actionable feedback before code ships.