expo-api-routes_skill

This skill guides building Expo Router API routes securely with EAS hosting, covering secrets handling, validation, proxies, and deployment workflows.
  • JavaScript

716

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill expo/skills --skill expo-api-routes

  • SKILL.md8.5 KB

Overview

This skill provides practical guidelines for building API routes in Expo Router and deploying them to EAS Hosting. It covers file structure, request handling, environment variables, CORS, error handling, and Cloudflare Workers runtime constraints. Use it to create secure, server-side endpoints for mobile and web apps built with Expo.

How this skill works

API routes live under the app directory with +api.ts suffix and export functions named for HTTP methods (GET, POST, PUT, DELETE, OPTIONS). Routes run on EAS Hosting using Cloudflare Workers, so you use Web APIs (Request, Response, fetch, crypto) and process.env for secrets. The skill shows patterns for dynamic routes, parsing query params/headers/json bodies, CORS, error handling, and connecting to cloud databases.

When to use it

  • When you must keep server-side secrets (API keys, database credentials) off the client
  • To perform direct database operations or server-side validation before writes
  • To proxy third-party APIs and hide keys (OpenAI, Stripe, etc.)
  • For webhook endpoints and rate limiting at the server level
  • To offload heavy computation that would be slow on mobile

Best practices

  • Never expose secrets to client code; use process.env and EAS env:create for production
  • Validate and sanitize all input; return proper HTTP status codes for errors
  • Keep each API route focused on a single responsibility
  • Handle errors with try/catch and log server-side for debugging
  • Prefer Web APIs and polyfills; avoid Node-only modules and filesystem usage

Example use cases

  • Create /api/users to handle CRUD operations with a cloud database (Turso, PlanetScale, Supabase)
  • Proxy OpenAI requests server-side to protect API keys and transform responses
  • Implement a webhook endpoint for Stripe or GitHub with signature verification
  • Expose a rate-limited endpoint for resource-intensive image processing
  • Provide an auth-protected /api/protected route using a requireAuth middleware

FAQ

Use eas env:create or the Expo dashboard to create secrets for production; never commit .env files.

Can I use Node.js modules like fs or native crypto?

No. EAS Hosting runs on Cloudflare Workers which lack Node filesystem and native modules; use Web Crypto and web-friendly libraries.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational