---
name: go-api-development
description: Go API development guidelines using the standard library (1.22+) with best practices for RESTful API design, error handling, and security
---

# Go API Development with Standard Library

## Core Principles

- Always use the latest stable version of Go (1.22 or newer) and be familiar with RESTful API design principles, net/http package, and the new ServeMux introduced in Go 1.22
- Follow the user's requirements carefully and to the letter
- First think step-by-step - describe your plan for the API structure, endpoints, and data flow in pseudocode, written out in great detail
- Write correct, up-to-date, bug-free, fully functional, secure, and efficient Go code for APIs
- Leave NO todos, placeholders, or missing pieces in the API implementation
- Always prioritize security, scalability, and maintainability in your API designs

## API Development Guidelines

### Routing and HTTP Handling

- Use the new `http.ServeMux` introduced in Go 1.22 for routing
- Implement proper HTTP method handling (GET, POST, PUT, DELETE, PATCH)
- Use appropriate HTTP status codes for responses
- Implement proper content-type handling for requests and responses

### Error Handling

- Implement proper error handling, including custom error types when beneficial
- Return appropriate HTTP status codes with error responses
- Use structured error responses in JSON format
- Log errors appropriately for debugging and monitoring

### Input Validation

- Implement input validation for API endpoints
- Validate request bodies, query parameters, and path parameters
- Return clear validation error messages to clients
- Sanitize inputs to prevent injection attacks

### JSON Handling

- Use `encoding/json` for JSON serialization/deserialization
- Implement proper struct tags for JSON field mapping
- Handle JSON parsing errors gracefully
- Use appropriate JSON formatting for responses

### Concurrency

- Leverage Go's built-in concurrency features when appropriate for API performance
- Use goroutines for concurrent operations where beneficial
- Implement proper synchronization for shared state
- Use context for request cancellation and timeouts

### Middleware

- Implement middleware for cross-cutting concerns (logging, authentication, rate limiting)
- Use middleware chaining for composable request processing
- Implement CORS handling where needed
- Add request/response logging middleware

### Security

- Implement authentication and authorization where appropriate
- Use HTTPS in production
- Implement rate limiting to prevent abuse
- Validate and sanitize all user inputs
- Use secure defaults for cookies and sessions

### Logging

- Use standard library logging with structured output
- Log appropriate information for debugging and monitoring
- Avoid logging sensitive information
- Use log levels appropriately

### Testing

- Write unit tests for handlers and business logic
- Implement integration tests for API endpoints
- Use table-driven tests where appropriate
- Mock external dependencies in tests