Api Integration Specialist

Integrate third-party APIs with production-ready security and reliability

✨ The solution you've been looking for

Verified
Tested and verified by our team
16036 Stars

Expert in integrating third-party APIs with proper authentication, error handling, rate limiting, and retry logic. Use when integrating REST APIs, GraphQL endpoints, webhooks, or external services. Specializes in OAuth flows, API key management, request/response transformation, and building robust API clients.

api-integration oauth authentication rest-api webhooks rate-limiting error-handling graphql
Repository

See It In Action

Interactive preview & real-world examples

Live Demo
Skill Demo Animation

AI Conversation Simulator

See how users interact with this skill

User Prompt

Help me integrate Stripe payments with OAuth authentication and webhook verification for my e-commerce app

Skill Processing

Analyzing request...

Agent Response

Complete implementation with secure API client, payment intent creation, webhook signature verification, and retry logic

Quick Start (3 Steps)

Get up and running in minutes

1

Install

claude-code skill install api-integration-specialist

claude-code skill install api-integration-specialist
2

Config

3

First Trigger

@api-integration-specialist help

Commands

CommandDescriptionRequired Args
@api-integration-specialist payment-gateway-integrationIntegrate Stripe API with proper authentication, webhook handling, and error recoveryNone
@api-integration-specialist third-party-service-api-clientBuild robust API client library with rate limiting and exponential backoffNone
@api-integration-specialist multi-service-integration-architectureDesign integration pattern for multiple external APIs with unified error handlingNone

Typical Use Cases

Payment Gateway Integration

Integrate Stripe API with proper authentication, webhook handling, and error recovery

Third-Party Service API Client

Build robust API client library with rate limiting and exponential backoff

Multi-Service Integration Architecture

Design integration pattern for multiple external APIs with unified error handling

Overview

API Integration Specialist

Expert guidance for integrating external APIs into applications with production-ready patterns, security best practices, and comprehensive error handling.

When to Use This Skill

Use this skill when:

  • Integrating third-party APIs (Stripe, Twilio, SendGrid, etc.)
  • Building API client libraries or wrappers
  • Implementing OAuth 2.0, API keys, or JWT authentication
  • Setting up webhooks and event-driven integrations
  • Handling rate limits, retries, and circuit breakers
  • Transforming API responses for application use
  • Debugging API integration issues

Core Integration Principles

1. Authentication & Security

API Key Management:

1// Store keys in environment variables, never in code
2const apiClient = new APIClient({
3  apiKey: process.env.SERVICE_API_KEY,
4  baseURL: process.env.SERVICE_BASE_URL
5});

OAuth 2.0 Flow:

 1// Authorization Code Flow
 2const oauth = new OAuth2Client({
 3  clientId: process.env.CLIENT_ID,
 4  clientSecret: process.env.CLIENT_SECRET,
 5  redirectUri: process.env.REDIRECT_URI,
 6  scopes: ['read:users', 'write:data']
 7});
 8
 9// Get authorization URL
10const authUrl = oauth.getAuthorizationUrl();
11
12// Exchange code for tokens
13const tokens = await oauth.exchangeCode(code);

2. Request/Response Handling

Standardized Request Structure:

 1async function makeRequest(endpoint, options = {}) {
 2  const defaultHeaders = {
 3    'Content-Type': 'application/json',
 4    'Authorization': `Bearer ${apiKey}`,
 5    'User-Agent': 'MyApp/1.0.0'
 6  };
 7
 8  const response = await fetch(`${baseURL}${endpoint}`, {
 9    ...options,
10    headers: { ...defaultHeaders, ...options.headers }
11  });
12
13  if (!response.ok) {
14    throw new APIError(response.status, await response.json());
15  }
16
17  return response.json();
18}

Response Transformation:

 1class APIClient {
 2  async getUser(userId) {
 3    const raw = await this.request(`/users/${userId}`);
 4
 5    // Transform external API format to internal model
 6    return {
 7      id: raw.user_id,
 8      email: raw.email_address,
 9      name: `${raw.first_name} ${raw.last_name}`,
10      createdAt: new Date(raw.created_timestamp)
11    };
12  }
13}

3. Error Handling

Structured Error Types:

 1class APIError extends Error {
 2  constructor(status, body) {
 3    super(`API Error: ${status}`);
 4    this.status = status;
 5    this.body = body;
 6    this.isAPIError = true;
 7  }
 8
 9  isRateLimited() {
10    return this.status === 429;
11  }
12
13  isUnauthorized() {
14    return this.status === 401;
15  }
16
17  isServerError() {
18    return this.status >= 500;
19  }
20}

Retry Logic with Exponential Backoff:

 1async function retryWithBackoff(fn, maxRetries = 3) {
 2  for (let i = 0; i < maxRetries; i++) {
 3    try {
 4      return await fn();
 5    } catch (error) {
 6      if (!error.isAPIError || !error.isServerError()) {
 7        throw error; // Don't retry client errors
 8      }
 9
10      if (i === maxRetries - 1) throw error;
11
12      const delay = Math.pow(2, i) * 1000; // 1s, 2s, 4s
13      await sleep(delay);
14    }
15  }
16}

4. Rate Limiting

Client-Side Rate Limiter:

 1class RateLimiter {
 2  constructor(maxRequests, windowMs) {
 3    this.maxRequests = maxRequests;
 4    this.windowMs = windowMs;
 5    this.requests = [];
 6  }
 7
 8  async acquire() {
 9    const now = Date.now();
10    this.requests = this.requests.filter(t => now - t < this.windowMs);
11
12    if (this.requests.length >= this.maxRequests) {
13      const oldestRequest = this.requests[0];
14      const waitTime = this.windowMs - (now - oldestRequest);
15      await sleep(waitTime);
16      return this.acquire();
17    }
18
19    this.requests.push(now);
20  }
21}
22
23const limiter = new RateLimiter(100, 60000); // 100 requests per minute
24
25async function rateLimitedRequest(endpoint, options) {
26  await limiter.acquire();
27  return makeRequest(endpoint, options);
28}

5. Webhook Handling

Webhook Verification:

 1function verifyWebhookSignature(payload, signature, secret) {
 2  const expectedSignature = crypto
 3    .createHmac('sha256', secret)
 4    .update(payload)
 5    .digest('hex');
 6
 7  return crypto.timingSafeEqual(
 8    Buffer.from(signature),
 9    Buffer.from(expectedSignature)
10  );
11}
12
13app.post('/webhooks/stripe', express.raw({ type: 'application/json' }), (req, res) => {
14  const signature = req.headers['stripe-signature'];
15
16  if (!verifyWebhookSignature(req.body, signature, process.env.STRIPE_WEBHOOK_SECRET)) {
17    return res.status(401).send('Invalid signature');
18  }
19
20  const event = JSON.parse(req.body);
21  handleWebhookEvent(event);
22
23  res.status(200).send('Received');
24});

Integration Patterns

REST API Client Pattern

 1class ServiceAPIClient {
 2  constructor(config) {
 3    this.apiKey = config.apiKey;
 4    this.baseURL = config.baseURL;
 5    this.timeout = config.timeout || 30000;
 6  }
 7
 8  async request(method, endpoint, data = null) {
 9    const options = {
10      method,
11      headers: {
12        'Authorization': `Bearer ${this.apiKey}`,
13        'Content-Type': 'application/json'
14      },
15      timeout: this.timeout
16    };
17
18    if (data) {
19      options.body = JSON.stringify(data);
20    }
21
22    const response = await retryWithBackoff(() =>
23      fetch(`${this.baseURL}${endpoint}`, options)
24    );
25
26    return response.json();
27  }
28
29  // Resource methods
30  async getResource(id) {
31    return this.request('GET', `/resources/${id}`);
32  }
33
34  async createResource(data) {
35    return this.request('POST', '/resources', data);
36  }
37
38  async updateResource(id, data) {
39    return this.request('PUT', `/resources/${id}`, data);
40  }
41
42  async deleteResource(id) {
43    return this.request('DELETE', `/resources/${id}`);
44  }
45}

Pagination Handling

 1async function* fetchAllPages(endpoint, pageSize = 100) {
 2  let cursor = null;
 3
 4  do {
 5    const params = new URLSearchParams({
 6      limit: pageSize,
 7      ...(cursor && { cursor })
 8    });
 9
10    const response = await apiClient.request('GET', `${endpoint}?${params}`);
11
12    yield response.data;
13
14    cursor = response.pagination?.next_cursor;
15  } while (cursor);
16}
17
18// Usage
19for await (const page of fetchAllPages('/users')) {
20  processUsers(page);
21}

Best Practices

Security

  • Store API keys in environment variables or secrets management
  • Use HTTPS for all API calls
  • Verify webhook signatures
  • Implement request signing for sensitive operations
  • Rotate API keys regularly

Reliability

  • Implement exponential backoff retry logic
  • Handle rate limits gracefully
  • Set appropriate timeouts
  • Use circuit breakers for failing services
  • Log all API interactions for debugging

Performance

  • Cache responses when appropriate
  • Batch requests when the API supports it
  • Use streaming for large responses
  • Implement connection pooling
  • Monitor API usage and costs

Monitoring

  • Track API response times
  • Alert on error rate increases
  • Monitor rate limit consumption
  • Log failed requests with context
  • Set up health checks for critical integrations

Common Integration Examples

Stripe Payment Processing

1const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
2
3async function createPaymentIntent(amount, currency = 'usd') {
4  return await stripe.paymentIntents.create({
5    amount,
6    currency,
7    automatic_payment_methods: { enabled: true }
8  });
9}

SendGrid Email Sending

 1const sgMail = require('@sendgrid/mail');
 2sgMail.setApiKey(process.env.SENDGRID_API_KEY);
 3
 4async function sendEmail(to, subject, html) {
 5  await sgMail.send({
 6    to,
 7    from: process.env.FROM_EMAIL,
 8    subject,
 9    html
10  });
11}

Twilio SMS

 1const twilio = require('twilio')(
 2  process.env.TWILIO_ACCOUNT_SID,
 3  process.env.TWILIO_AUTH_TOKEN
 4);
 5
 6async function sendSMS(to, body) {
 7  await twilio.messages.create({
 8    to,
 9    from: process.env.TWILIO_PHONE_NUMBER,
10    body
11  });
12}

Troubleshooting

Authentication Issues

  • Verify API keys are correctly set
  • Check token expiration
  • Ensure proper OAuth scopes
  • Validate signature generation

Rate Limiting

  • Implement client-side rate limiting
  • Use batch endpoints when available
  • Spread requests over time
  • Consider upgrading API tier

Timeout Errors

  • Increase timeout values for slow endpoints
  • Implement request cancellation
  • Use streaming for large payloads
  • Check network connectivity

When integrating APIs, prioritize security, reliability, and maintainability. Always test error scenarios and edge cases before production deployment.

What Users Are Saying

Real feedback from the community

Environment Matrix

Dependencies

Node.js 14+
Express.js (for webhook handling)
crypto module (for signature verification)

Framework Support

REST APIs ✓ (recommended) GraphQL ✓ OAuth 2.0 ✓ (recommended) JWT ✓ Webhooks ✓

Context Window

Token Usage ~3K-8K tokens for complex multi-API integrations

Security & Privacy

Information

Author
davila7
Updated
2026-01-30
Category
productivity-tools

Related Skills

Api Integration Specialist

Expert in integrating third-party APIs with proper authentication, error handling, rate limiting, …

View Details →

Nodejs Backend Patterns

Build production-ready Node.js backend services with Express/Fastify, implementing middleware …

View Details →

Nodejs Backend Patterns

Build production-ready Node.js backend services with Express/Fastify, implementing middleware …

View Details →