🔌 pack: api-platform-pack

Lock in your public API surface before v1 GA — breaking changes after cost $$$.

Exposing a REST/GraphQL/gRPC API or webhooks as your product? GreatCTO auto-attaches api-platform-pack with OAuth 2.1 + PKCE, webhook HMAC-SHA256 + replay protection, idempotency keys, RFC 8594 Sunset deprecation, cursor pagination, and OpenAPI spec linting gates.

$ npx great-cto init All packs ↗
Auto-attach signals

Detected by CLI when:

openapi · graphql · grpc · webhook · fastify · trpc · developer portal · sdk

The pack rides on top of your base archetype (web-service, ai-system, fintech, …) — it doesn't replace it. Auto-injects reviewer agents into the pipeline + opens human gates listed below.

Reviewer agents activated

1 specialist added to the pipeline.

01 · api-platform-reviewer

Rate-limit design + OAuth 2.1 + webhook signing + idempotency + Sunset + pagination + Problem Details

Human gates introduced

1 new gate type on top of gate:plan + gate:ship.

GateOwnerTrigger
gate:api-contractarchitect + DX-leadbefore v1 GA — sign-off on public surface
Required artefacts before senior-dev claims tasks

9 concrete deliverables.

EVAL suite required

4 golden-set scenarios shipped as templates.

Each EVAL has ≥5 test cases, pass threshold, regression interpretation, cross-refs to TM + gates. Run via your existing test framework.

Regulatory surface covered

5 standards / regulations addressed.

OAuth 2.1 (IETF draft) RFC 8594 Sunset RFC 9457 Problem Details RFC 9239 RateLimit Fields Stripe API versioning model
Real-world examples

30 companies in this space.

Agora
Real-time voice + video API
publicUS
Twilio
Communications APIs
publicUS
Rev.ai
Speech recognition API
subsidiaryUS
SendGrid (Twilio)
Email delivery API
subsidiaryUS
Contentful
Composable content platform
growthDE
Kong
API gateway + service connectivity
growthUS
Plaid
Financial data API
growthUS
Postman
API development platform
growthUS
Stripe
Payments infrastructure for the internet
growthUS
Vercel
Frontend cloud + AI SDK
series-eUS
Hugging Face
AI platform + open-source hub
series-dUS
Mux
Video infrastructure for developers
series-dUS
Alchemy
Web3 development platform
series-cUS
Deepgram
Speech-to-text API for developers
series-cUS
RevenueCat
Subscription infra for mobile apps
series-cUS
Sanity
Structured content + composable CMS
series-cNO
Storyblok
Headless CMS + visual editor
series-cAT
Strapi
Open-source headless CMS
series-cFR
Supabase
Open-source Firebase alternative
series-cUS
100ms
Live video infrastructure
series-bIN
Daily
Real-time video API
series-bUS
ElevenLabs
Most realistic text-to-speech AI
series-bGB
Patch
Climate solutions API
series-bUS
Phenix
Real-time audio + video streaming
series-bUS
Speechmatics
Speech-to-text for 50+ languages
series-bGB
Tyk
Open-source API gateway
series-bGB
Deep Origin
Compute platform for biotech
series-aUS
Fern
SDK + docs generator for APIs
series-aUS
Hookdeck
Webhook infrastructure + reliability
series-aCA
LiveKit
Realtime voice + video infrastructure
series-aUS

Listed companies operate in this space. Inclusion is based on publicly available product descriptions and does not imply endorsement of or by GreatCTO.

FAQ

Common questions about api-platform-pack.

When does api-platform-pack auto-attach?
When the CLI detects these signals in your repo: openapi · graphql · grpc · webhook · fastify · trpc · developer portal · sdk. Override anytime by editing packs: in PROJECT.md.
What human gates does api-platform-pack introduce?
gate:api-contract (architect + DX-lead). These layer on top of the standard plan/ship gates.
What if my project doesn't match these signals exactly?
You can manually add the pack name to PROJECT.md or run /migrate to re-run detection with updated rules.
30 seconds

Drop GreatCTO into any repo — api-platform-pack attaches automatically.

$ npx great-cto init
no signup·runs locally·pay your own API