Skill API Basics — לא-מפתחים ל-Claude

מתי להשתמש

"API", "REST", "JSON", "Authentication", "OAuth", "Rate limit", "API call".

הוראות עבודה

1. API = Application Programming Interface

"How software talks to other software."

Real-life Analogy

• Restaurant: Menu = API. Waiter = takes orders to kitchen, brings food.
• You don't need to cook (build everything) — you ask via the API (menu).

2. REST API — The Standard

Methods (Verbs)

• GET — Read data ("Show me my contacts").
• POST — Create new ("Add a new contact").
• PUT — Update existing ("Update contact #123").
• PATCH — Partial update.
• DELETE — Remove.

URLs

https://api.example.com/v1/contacts           ← GET (list all)
https://api.example.com/v1/contacts/123       ← GET (specific contact)
https://api.example.com/v1/contacts           ← POST (create)
https://api.example.com/v1/contacts/123       ← PUT (update)
https://api.example.com/v1/contacts/123       ← DELETE

3. JSON Format

{
  "name": "Dana Cohen",
  "email": "dana@example.com",
  "tags": ["customer", "vip"],
  "company": {
    "name": "Acme Ltd",
    "size": 50
  }
}

• Keys + Values.
• Strings, Numbers, Booleans, Arrays, Objects.
• Universal format for APIs.

4. Authentication Types

א. API Key

• Long string in header / URL.
• Simplest.

Header: X-API-Key: abc123xyz...

ב. OAuth 2.0

• Token-based, more secure.
• "Login with Google" pattern.
• Refresh tokens for long-lived access.

ג. JWT (JSON Web Token)

• Encrypted token with claims.
• Self-contained.

Header: Authorization: Bearer eyJhbGc...

ד. Basic Auth

• Username + Password (Base64).
• Insecure unless HTTPS.

5. Status Codes

6. Rate Limits

What

• Max requests per time period.
• Common: 100/minute, 10K/day.

Headers

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 47
X-RateLimit-Reset: 1234567890

Strategies

• Throttle — slow down.
• Backoff — exponentially wait if 429.
• Cache — don't request same data twice.

7. Pagination

Why

• 100K records — can't return all in one call.

Patterns

• Offset/Limit: ?limit=100&offset=200
• Cursor: ?after=cursor_xyz
• Page: ?page=3&per_page=100

8. API Documentation — Reading

Look for

• Endpoint URL.
• Method (GET/POST).
• Authentication required.
• Parameters (required vs optional).
• Request body example.
• Response example.
• Error codes.

Tools

• Postman — test APIs visually.
• Insomnia — alternative.
• curl — command-line.

9. Using APIs in No-Code

Zapier / Make / n8n

• Many APIs pre-built.
• For custom: HTTP Request action.
• Provide URL, method, headers, body.

Example: Custom API call in Make

HTTP Module:
URL: https://api.example.com/v1/contacts
Method: POST
Headers:
  Authorization: Bearer {token}
  Content-Type: application/json
Body:
  {
    "name": "{{1.first_name}} {{1.last_name}}",
    "email": "{{1.email}}"
  }

10. Webhooks (related)

• Reverse API — they call you when event happens.
• Faster than polling.
• See webhooks skill.

11. Common Errors

401 Unauthorized

• API key wrong / expired.
• OAuth token expired (refresh).

403 Forbidden

• Authenticated but no permission for resource.

429 Rate Limited

• Too many requests. Wait and retry.

500 Server Error

• Their problem. Retry with backoff.

12. אסיים בהמלצה.

קלט נדרש

פלט צפוי

דגלים אדומים

• 🚨 API key in URL (instead of header) — leaks in logs.
• 🚨 No rate limit handling — burned by 429.
• 🚨 Hardcoded credentials — security risk.
• ⚠️ No pagination — only first 100 records.

הערות חשובות

• Postman collection — share API examples with team.
• API versioning — providers update; pin version.
• Webhooks > Polling when available.

פרומפט לדוגמה

Connect to HubSpot API to fetch all contacts. איך?

429 Rate Limited error. מה לעשות?

OAuth 2.0 flow ב-Make.com. הסבר.

© 2026 Automation Expert Pro | גרסה 1.0.0