This is a comprehensive guide for building production APIs with proper REST design, OpenAPI 3.1 specs, and OAuth2/JWT authentication. It enforces TDD with httpx tests written before implementation and includes concrete checks for OWASP API Security Top 10 vulnerabilities like BOLA (broken object level authorization). The anti-hallucination protocol is smart, requiring verification of HTTP status codes and OpenAPI fields against official specs before responding. Use this when you need to design scalable endpoints with rate limiting, implement proper pagination patterns, or secure API gateways. The workflow is opinionated but thorough, pushing you toward RFC 7807 error formats and defensive coding that catches security issues early.
npx skills add https://github.com/martinholovsky/claude-skills-generator --skill api-expert