api-integration-specialist_skill

This skill helps you build reliable API integrations with strong auth, error handling, retries, and boundary payload transformations.
  • Python

3

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill vadimcomanescu/codex-skills --skill api-integration-specialist

  • LICENSE.txt1.1 KB
  • SKILL.md1.5 KB

Overview

This skill helps build reliable third-party API integrations with correct authentication, robust error handling, rate limit safety, and clear request/response transformation. It focuses on practical patterns for REST, GraphQL, and webhook integrations and provides guidance for OAuth flows, API key management, retries, and typed errors. Use it to design maintainable API clients that are safe in production.

How this skill works

I inspect provider documentation and implement a thin boundary client that centralizes auth, timeouts, retries, and error mapping. The client transforms provider payloads into internal models at the boundary and enforces guardrails like secret handling and replay-safe webhook processing. I include test cases for happy paths and failure modes and recommend configuration via environment variables and SLAs.

When to use it

  • Integrating REST or GraphQL endpoints into backend services
  • Implementing OAuth flows or managing API keys and secret rotation
  • Creating or consuming webhooks with signature verification and idempotency
  • Building resilient clients that must handle rate limits and transient failures
  • Designing pagination, timeout, and retry strategies for high-volume traffic

Best practices

  • Centralize provider-specific logic at a single client boundary to simplify testing and replacement
  • Store secrets in environment variables or a secrets manager; never log secrets
  • Map HTTP status codes to typed errors and include sanitized response details for debugging
  • Implement exponential backoff and respect Retry-After for 429/5xx responses; limit total retry time
  • Verify webhook signatures, enforce idempotency, and design handlers to be replay-safe
  • Set sensible per-call timeouts and test for pagination edge cases to avoid unbounded loops

Example use cases

  • Build a thin Python client for a payments API with OAuth2 refresh token handling and typed error classes
  • Create a webhook consumer that verifies HMAC signatures, persists events idempotently, and supports replay protection
  • Wrap a third-party GraphQL endpoint with a boundary that normalizes response shapes and implements cursor pagination
  • Add retry and circuit-breaker logic for a rate-limited analytics ingestion endpoint
  • Design tests covering auth failure, rate limit responses, server errors, and successful pagination

FAQ

Keep secrets in environment variables or a secrets manager, automate rotation, and ensure clients can hot-reload credentials when rotated.

Which errors should trigger retries?

Retry on 429 and most 5xx server errors with exponential backoff and jitter; do not retry on 4xx client errors except when retryable semantics are documented.

How do I verify webhooks safely?

Verify signatures using the provider’s algorithm, reject mismatches, and design handlers to be idempotent and safe to replay.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational