Built as working context, not shelfware.
This resource is meant to be useful inside the tools where product work now happens: your codebase, your notes, and your AI-assisted workflow.
01
Paste the markdown into Claude, ChatGPT, Cursor, Codex, Gemini, or another AI agent as reusable project context.
02
Use it before a planning, implementation, review, or audit session so the agent has constraints, criteria, and working structure up front.
03
Adapt the sections to your product, team, or repo before asking the agent to execute against it.
Markdown previewpostman-api-review-checklist.md
# Postman API Review Checklist Use this checklist to review an API collection before sharing it with teammates, partners, or AI agents. ## 1. Collection Structure - [ ] Collection name matches the product or API domain. - [ ] Folders follow user or resource workflows. - [ ] Requests are ordered from setup to common usage. - [ ] Deprecated endpoints are separated or removed. - [ ] Descriptions explain when and why to use each request. - [ ] Examples are included for important success and error cases. ## 2. Authentication - [ ] Auth type is documented. - [ ] Token setup is explained. - [ ] Environment variables are named clearly. - [ ] Secrets are not committed or exported. - [ ] Expired, missing, or invalid token behavior is documented. - [ ] Permission scopes are listed. ## 3. Request Quality - [ ] Paths are consistent. - [ ] Query parameters are documented. - [ ] Required and optional body fields are clear. - [ ] Example bodies use realistic data. - [ ] Idempotent and destructive requests are labeled. - [ ] Pagination, filtering, and sorting are represented. ## 4. Response Quality - [ ] Success responses include realistic examples. - [ ] Error responses include common failure modes. - [ ] Status codes are consistent. - [ ] Response fields are documented or inferable. - [ ] Empty-list responses are represented. - [ ] Rate-limit responses are represented where relevant. ## 5. Tests - [ ] Core requests assert expected status codes. - [ ] Tests validate critical response fields. - [ ] Tests avoid brittle assertions on unstable data. - [ ] Setup requests store IDs or tokens for later requests. - [ ] Negative tests cover missing auth and invalid input. - [ ] Collection runs in a clean environment. ## 6. Agent-Ready Review - [ ] Endpoint names are literal and predictable. - [ ] Descriptions explain intent, not just mechanics. - [ ] Examples include complete request and response pairs. - [ ] Ambiguous fields have notes. - [ ] Side effects are clearly labeled. - [ ] Destructive actions have safe examples. - [ ] Rate limits and retry behavior are documented. ## 7. Handoff - [ ] Environment template is included. - [ ] Base URL variables are clear for local, staging, and production. - [ ] Collection can be run by a new teammate without tribal knowledge. - [ ] Known limitations are documented. - [ ] API docs and OpenAPI spec links are included. - [ ] Owner and support path are named.