> laravel-api
Build REST endpoints with API Resources, Sanctum authentication, and versioned route groups in Laravel. Use when creating JsonResource classes, adding token-based auth, or defining rate-limited API routes. (triggers: routes/api.php, app/Http/Resources/**/*.php, resource, collection, sanctum, passport, cors)
curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/laravel-api?format=md"Laravel API
Priority: P1 (HIGH)
Workflow: Create a New API Endpoint
- Generate resource —
php artisan make:resource UserResource. - Define toArray() — Specify exact output fields; never return raw models.
- Add route — Register in
routes/api.phpwith version prefix and throttle middleware. - Secure with Sanctum — Apply
auth:sanctummiddleware to protected routes. - Return proper status codes — 201 for Created, 422 for Validation, 204 for No Content.
API Resource Example
See implementation examples for a complete API Resource with collection usage.
Implementation Guidelines
API Resources & Transformation
- API Resources: Always use
ApiResourceclasses extendingJsonResourcefor data transformation. - Collections: Use
UserResource::collection($users)for lists. Never useresponse()->json($model)or return raw models directly. - Data Definition: Implement
toArray($request)to define specific output fields and prevent sensitive data leakage. - Generation: Use
php artisan make:resource UserResourceto scaffold new resources.
Authentication & Security
- Sanctum: Use
auth:sanctummiddleware inroutes/api.phpfor SPAs or mobile app authentication. - Traits: Add the
HasApiTokenstrait to yourUsermodel to enable token-based authentication. - Token Management: Issue tokens using
$user->createToken('token-name')->plainTextToken. - OAuth2: Use Passport only if standard OAuth2 flows or client grants are required.
Routing & Performance
- Versioning: Group routes with
Route::prefix('v1')->group(...)and use versioned namespaces (e.g.,App\Http\Controllers\Api\V1). - Rate Limiting: Define
RateLimiter::for('api', ...)usingLimit::perMinute(60)inAppServiceProvider. - Middleware: Apply the
throttle:apimiddleware to route groups inroutes/api.php. - Status Codes: Return 201 for Created, 422 for Validation errors, and 204 for No Content.
Anti-Patterns
- No raw model returns: Use API Resources; prevents data leakage.
- No
response()->json(): Use API Resource classes instead. - No session auth for APIs: Use Sanctum or Passport tokens.
- No static URLs in JSON: Use route names or HATEOAS links.
References
> related_skills --same-repo
> common-store-changelog
Generate user-facing release notes for the Apple App Store and Google Play Store by collecting git history, triaging user-impacting changes, and drafting store-compliant changelogs. Enforces character limits (App Store ≤4000, Google Play ≤500), tone, and bullet format. Use when generating release notes, app store changelog, play store release, what's new, or version release notes for any mobile app. (triggers: generate changelog, app store notes, play store release, what's new, release notes, ve
> golang-tooling
Go developer toolchain — gopls LSP diagnostics, linting, formatting, and vet. Use when setting up Go tooling, running linters, or integrating gopls with Claude Code. (triggers: gopls, golangci-lint, golangci.yml, go vet, goimports, staticcheck, go tooling, go lint)
> common-ui-design
Design distinctive, production-grade frontend UI with bold aesthetic choices. Use when building web components, pages, interfaces, dashboards, or applications in any framework (React, Next.js, Angular, Vue, HTML/CSS). (triggers: build a page, create a component, design a dashboard, landing page, UI for, build a layout, make it look good, improve the design, build UI, create interface, design screen)
> common-owasp
OWASP Top 10 audit checklist for Web Applications (2021) and APIs (2023). Load during any security review, PR review, or codebase audit touching web, mobile backend, or API code. (triggers: security review, OWASP, broken access control, IDOR, BOLA, injection, broken auth, API review, authorization, access control)