⚠️

重要前提

安装AI Skills的关键前提是：必须科学上网，且开启TUN模式，这一点至关重要，直接决定安装能否顺利完成，在此郑重提醒三遍：科学上网，科学上网，科学上网。查看完整安装教程 →

JSON:API 规范合规性指南：核心规则、HTTP状态码与Django DRF集成

jsonapi by prowler-cloud/prowler

55 周安装量

13,400 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/prowler-cloud/prowler --skill jsonapi

开发代码规范 API

🇨🇳中文介绍

与 django-drf 配合使用

本技能侧重于规范合规性。对于实现模式（ViewSets、Serializers、Filters），请将 django-drf 技能与此技能结合使用。

技能	侧重点
`jsonapi`	规范要求的内容（MUST/MUST NOT 规则）
`django-drf`	如何在 DRF 中实现它（代码模式）

创建/修改端点时，请同时调用这两个技能。

在实现/审查之前

在创建或修改端点之前，务必根据最新规范进行验证：

选项 1：Context7 MCP（首选）

如果 Context7 MCP 可用，直接查询 JSON:API 规范：

mcp_context7_resolve-library-id(query="jsonapi specification")
mcp_context7_query-docs(libraryId="<resolved-id>", query="[specific topic: relationships, errors, etc.]")

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

FlyClaw：零登录航班聚合查询工具，Python实现多源航班信息与价格搜索

4,000,000 周安装

find-skills 技能搜索工具 - Vercel Labs 开源智能体技能包管理器

949,000 周安装

Vercel React 最佳实践指南 | 58条Next.js性能优化规则与代码重构

302,300 周安装

Vercel Web界面规范检查工具 - 自动检测代码是否符合Web设计指南

242,900 周安装

切勿在同一响应中同时包含 data 和 errors
必须至少包含以下一项：data、errors、meta
在资源对象中必须使用 type 和 id（字符串）
创建资源时切勿包含 id（由服务器生成）

id 必须使用字符串（即使是 UUID）
type 必须使用小写短横线命名法
切勿将 id 或 type 放在 attributes 内部
切勿在 attributes 中包含外键 - 使用 relationships

必须将错误作为数组返回：{"errors": [...]}
必须将 status 作为字符串包含（例如 "400"，而不是 400）
对于特定字段的错误，必须包含 source.pointer

操作	成功	异步	冲突	未找到	禁止	错误请求
GET	`200`	-	-	`404`	`403`	`400`
POST	`201`	`202`	`409`	`404`	`403`	`400`
PATCH	`200`	`202`	`409`	`404`	`403`	`400`
DELETE	`200`/`204`	`202`	-	`404`	`403`	-

状态码	使用场景
`200 OK`	成功的 GET、带有响应体的 PATCH、带有响应的 DELETE
`201 Created`	POST 创建资源（必须包含 `Location` 头）
`202 Accepted`	异步操作已启动（返回任务引用）
`204 No Content`	成功的 DELETE、没有响应体的 PATCH
`400 Bad Request`	无效的查询参数、格式错误的请求、未知字段
`403 Forbidden`	认证通过但无权限，客户端生成的 ID 被拒绝
`404 Not Found`	资源不存在或 RLS 隐藏了它（切勿透露是哪种情况）
`409 Conflict`	重复的 ID、类型不匹配、关联关系冲突
`415 Unsupported`	错误的 Content-Type 头

类别	格式	示例
`page`	`page[number]`, `page[size]`	`?page[number]=2&page[size]=25`
`filter`	`filter[field]`, `filter[field__op]`	`?filter[status]=FAIL`
`sort`	逗号分隔，`-` 表示降序	`?sort=-inserted_at,name`
`fields`	`fields[type]`	`?fields[providers]=id,alias`
`include`	逗号分隔的路径	`?include=provider,scan.task`

对于不支持的查询参数，必须返回 400
对于不支持的 include 路径，必须返回 400
对于不支持的 sort 字段，必须返回 400
当指定了 fields[type] 时，不得包含额外字段

违规行为	错误示例	正确示例
ID 为整数	`"id": 123`	`"id": "123"`
类型使用驼峰命名法	`"type": "providerGroup"`	`"type": "provider-groups"`
外键放在属性中	`"tenant_id": "..."`	`"relationships": {"tenant": {...}}`
错误不是数组	`{"error": "..."}`	`{"errors": [{"detail": "..."}]}`
状态码为数字	`"status": 400`	`"status": "400"`
同时包含数据和错误	`{"data": ..., "errors": ...}`	只能包含其中之一
缺少指针	`{"detail": "Invalid"}`	`{"detail": "...", "source": {"pointer": "..."}}`

操作	方法	请求体
替换所有	PATCH	`{"data": [{...}, {...}]}`
添加成员	POST	`{"data": [{...}]}`
移除成员	DELETE	`{"data": [{...}]}`

🇺🇸English

Use With django-drf

This skill focuses on spec compliance. For implementation patterns (ViewSets, Serializers, Filters), use django-drf skill together with this one.

Skill	Focus
`jsonapi`	What the spec requires (MUST/MUST NOT rules)
`django-drf`	How to implement it in DRF (code patterns)

When creating/modifying endpoints, invoke BOTH skills.

Before Implementing/Reviewing

ALWAYS validate against the latest spec before creating or modifying endpoints:

Option 1: Context7 MCP (Preferred)

If Context7 MCP is available, query the JSON:API spec directly:

mcp_context7_resolve-library-id(query="jsonapi specification")
mcp_context7_query-docs(libraryId="<resolved-id>", query="[specific topic: relationships, errors, etc.]")

Option 2: WebFetch (Fallback)

If Context7 is not available, fetch from the official spec:

WebFetch(url="https://jsonapi.org/format/", prompt="Extract rules for [specific topic]")

This ensures compliance with the latest JSON:API version, even after spec updates.

Critical Rules (NEVER Break)

Document Structure

NEVER include both data and errors in the same response
ALWAYS include at least one of: data, errors, meta
ALWAYS use type and id (string) in resource objects
NEVER include id when creating resources (server generates it)

Content-Type

ALWAYS use Content-Type: application/vnd.api+json
ALWAYS use Accept: application/vnd.api+json
NEVER add parameters to media type without ext/profile

Resource Objects

ALWAYS use string for id (even if UUID)
ALWAYS use lowercase kebab-case for type
NEVER put id or type inside attributes
NEVER include foreign keys in attributes - use relationships

Relationships

ALWAYS include at least one of: links, data, or meta
ALWAYS use resource linkage format: {"type": "...", "id": "..."}
NEVER use raw IDs in relationships - always use linkage objects

Error Objects

ALWAYS return errors as array: {"errors": [...]}
ALWAYS include status as string (e.g., "400", not 400)
ALWAYS include source.pointer for field-specific errors

HTTP Status Codes (Mandatory)

Operation	Success	Async	Conflict	Not Found	Forbidden	Bad Request
GET	`200`	-	-	`404`	`403`	`400`
POST	`201`	`202`

When to Use Each

Code	Use When
`200 OK`	Successful GET, PATCH with response body, DELETE with response
`201 Created`	POST created resource (MUST include `Location` header)
`202 Accepted`	Async operation started (return task reference)
`204 No Content`	Successful DELETE, PATCH with no response body
`400 Bad Request`	Invalid query params, malformed request, unknown fields

Document Structure

Success Response (Single)

{
  "data": {
    "type": "providers",
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "attributes": {
      "alias": "Production",
      "connected": true
    },
    "relationships": {
      "tenant": {
        "data": {"type": "tenants", "id": "..."}
      }
    },
    "links": {
      "self": "/api/v1/providers/550e8400-..."
    }
  },
  "links": {
    "self": "/api/v1/providers/550e8400-..."
  }
}

Success Response (List)

{
  "data": [
    {"type": "providers", "id": "...", "attributes": {...}},
    {"type": "providers", "id": "...", "attributes": {...}}
  ],
  "links": {
    "self": "/api/v1/providers?page[number]=1",
    "first": "/api/v1/providers?page[number]=1",
    "last": "/api/v1/providers?page[number]=5",
    "prev": null,
    "next": "/api/v1/providers?page[number]=2"
  },
  "meta": {
    "pagination": {"count": 100, "pages": 5}
  }
}

Error Response

{
  "errors": [
    {
      "status": "400",
      "code": "invalid",
      "title": "Invalid attribute",
      "detail": "UID must be 12 digits for AWS accounts",
      "source": {"pointer": "/data/attributes/uid"}
    }
  ]
}

Query Parameters

Family	Format	Example
`page`	`page[number]`, `page[size]`	`?page[number]=2&page[size]=25`
`filter`	`filter[field]`, `filter[field__op]`	`?filter[status]=FAIL`

Rules

MUST return 400 for unsupported query parameters
MUST return 400 for unsupported include paths
MUST return 400 for unsupported sort fields
MUST NOT include extra fields when fields[type] is specified

Common Violations (AVOID)

Violation	Wrong	Correct
ID as integer	`"id": 123`	`"id": "123"`
Type as camelCase	`"type": "providerGroup"`	`"type": "provider-groups"`
FK in attributes	`"tenant_id": "..."`	`"relationships": {"tenant": {...}}`
Errors not array

Relationship Updates

To-One Relationship

PATCH /api/v1/providers/123/relationships/tenant
Content-Type: application/vnd.api+json

{"data": {"type": "tenants", "id": "456"}}

To clear: {"data": null}

To-Many Relationship

Operation	Method	Body
Replace all	PATCH	`{"data": [{...}, {...}]}`
Add members	POST	`{"data": [{...}]}`
Remove members	DELETE	`{"data": [{...}]}`

Compound Documents (`include`)

When using ?include=provider:

{
  "data": {
    "type": "scans",
    "id": "...",
    "relationships": {
      "provider": {
        "data": {"type": "providers", "id": "prov-123"}
      }
    }
  },
  "included": [
    {
      "type": "providers",
      "id": "prov-123",
      "attributes": {"alias": "Production"}
    }
  ]
}

Rules

Every included resource MUST be reachable via relationship chain from primary data
MUST NOT include orphan resources
MUST NOT duplicate resources (same type+id)

Spec Reference

Full Specification : https://jsonapi.org/format/
Implementation : Use django-drf skill for DRF-specific patterns
Testing : Use prowler-test-api skill for test patterns

Weekly Installs

Repository

prowler-cloud/prowler

GitHub Stars

13.4K

First Seen

Jan 23, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

codex53

opencode51

github-copilot50

gemini-cli49

cursor49

claude-code48

JSON:API 规范合规性指南：核心规则、HTTP状态码与Django DRF集成

🇨🇳中文介绍

与 django-drf 配合使用

在实现/审查之前

选项 1：Context7 MCP（首选）

相关 Skills

选项 2：WebFetch（备用）

关键规则（切勿违反）

文档结构

Content-Type

资源对象

关联关系

错误对象

HTTP 状态码（强制）

何时使用

文档结构

成功响应（单个）

成功响应（列表）

错误响应

查询参数

规则

常见违规行为（避免）

关联关系更新

一对一关联关系

一对多关联关系

复合文档（include）

规则

规范参考

🇺🇸English

Use With django-drf

Before Implementing/Reviewing

Option 1: Context7 MCP (Preferred)

Option 2: WebFetch (Fallback)

Critical Rules (NEVER Break)

Document Structure

Content-Type

Resource Objects

Relationships

Error Objects

HTTP Status Codes (Mandatory)

When to Use Each

Document Structure

Success Response (Single)

Success Response (List)

Error Response

Query Parameters

Rules

Common Violations (AVOID)

Relationship Updates

To-One Relationship

To-Many Relationship

Compound Documents (include)

Rules

Spec Reference

最新 Skills

复合文档（`include`）

Compound Documents (`include`)