🔌 pack: api-platform-pack

Lock in your public API surface before v1 GA — breaking changes after cost $$$.

Exposing a REST/GraphQL/gRPC API or webhooks as your product? GreatCTO auto-attaches api-platform-pack with OAuth 2.1 + PKCE, webhook HMAC-SHA256 + replay protection, idempotency keys, RFC 8594 Sunset deprecation, cursor pagination, and OpenAPI spec linting gates.

$ npx great-cto init All packs ↗
Auto-attach signals

Detected by CLI when:

openapi · graphql · grpc · webhook · fastify · trpc · developer portal · sdk

The pack rides on top of your base archetype (web-service, ai-system, fintech, …) — it doesn't replace it. Auto-injects reviewer agents into the pipeline + opens human gates listed below.

Reviewer agents activated

1 specialist added to the pipeline.

01 · api-platform-reviewer

Rate-limit design + OAuth 2.1 + webhook signing + idempotency + Sunset + pagination + Problem Details

Human gates introduced

1 new gate type on top of gate:plan + gate:ship.

GateOwnerTrigger
gate:api-contractarchitect + DX-leadbefore v1 GA — sign-off on public surface
Required artefacts before senior-dev claims tasks

9 concrete deliverables.

EVAL suite required

4 golden-set scenarios shipped as templates.

Each EVAL has ≥5 test cases, pass threshold, regression interpretation, cross-refs to TM + gates. Run via your existing test framework.

Regulatory surface covered

5 standards / regulations addressed.

OAuth 2.1 (IETF draft) RFC 8594 Sunset RFC 9457 Problem Details RFC 9239 RateLimit Fields Stripe API versioning model
Real-world examples

30 companies in this space.

Twilio
Communications APIs
publicUS
Rev.ai
Speech recognition API
subsidiaryUS
SendGrid (Twilio)
Email delivery API
subsidiaryUS
Kong
API gateway + service connectivity
growthUS
Plaid
Financial data API
growthUS
Postman
API development platform
growthUS
Stripe
Payments infrastructure for the internet
growthUS
Vercel
Frontend cloud + AI SDK
series-eUS
Hugging Face
AI platform + open-source hub
series-dUS
Deepgram
Speech-to-text API for developers
series-cUS
ElevenLabs
Most realistic text-to-speech AI
series-bGB
Patch
Climate solutions API
series-bUS
Phenix
Real-time audio + video streaming
series-bUS
Speechmatics
Speech-to-text for 50+ languages
series-bGB
Tyk
Open-source API gateway
series-bGB
Deep Origin
Compute platform for biotech
series-aUS
Fern
SDK + docs generator for APIs
series-aUS
Hookdeck
Webhook infrastructure + reliability
series-aCA
LiveKit
Realtime voice + video infrastructure
series-aUS
Mintlify
Modern documentation for APIs
series-aUS
Moesif
API analytics + monetization
series-aUS
Resend
Email API for developers
series-aUS
Speakeasy
Best-in-class SDKs from OpenAPI
series-aUS
Stainless
SDKs that drive API revenue
series-aUS
Vapi
Voice AI infrastructure for developers
series-aUS
Vellum
LLM ops platform
series-aUS
Konfig
API SDK + portal generator
seedUS
Lamin Labs
Open-source data infrastructure for biology
seedDE
Medplum
Open-source API-first electronic health record system
seedUS
Parachute
Quality assurance infrastructure for clinical AI
seedUS

Listed companies operate in this space. Inclusion is based on publicly available product descriptions and does not imply endorsement of or by GreatCTO.

FAQ

Common questions about api-platform-pack.

When does api-platform-pack auto-attach?
When the CLI detects these signals in your repo: openapi · graphql · grpc · webhook · fastify · trpc · developer portal · sdk. Override anytime by editing packs: in PROJECT.md.
What human gates does api-platform-pack introduce?
gate:api-contract (architect + DX-lead). These layer on top of the standard plan/ship gates.
What if my project doesn't match these signals exactly?
You can manually add the pack name to PROJECT.md or run /migrate to re-run detection with updated rules.
30 seconds

Drop GreatCTO into any repo — api-platform-pack attaches automatically.

$ npx great-cto init
no signup·runs locally·pay your own API