API Developer (Integration & API Layer) – CRM Platform (Supabase-backed)

We are building a custom CRM platform and are looking for an API Developer to design and implement the API layer used by the frontend and integrations. You will work closely with a Backend Developer responsible for core services and the Supabase/Postgres data layer.

Your focus is to build a clean, secure, and well-documented API surface: request/response contracts, versioning, pagination, filtering, rate limits, and integration-ready endpoints.

Responsibilities
• Design and implement the API layer
• Build REST endpoints and/or GraphQL schema (depending on our chosen approach)
• Define request/response contracts, consistent error formats, and API conventions
• API security & access control
• Enforce authentication/authorization at the API boundary
• Implement scoped access tokens, role-aware endpoint protections, and safe defaults
• Protect against common API threats (OWASP API Security basics)
• API performance & developer experience
• Pagination, filtering, sorting, partial responses
• Caching strategies where relevant (ETags, server-side caching)
• Clear documentation (OpenAPI/Swagger or GraphQL docs), examples, and changelogs
• Integration readiness
• Webhooks (event design, retries, signatures)
• Idempotency for write endpoints, rate limits, and robust error handling
• API lifecycle management
• Versioning strategy, backwards compatibility, deprecation process
• Contract tests and CI validation for breaking changes
• Collaboration with core backend
• Consume domain services and data rules provided by the Backend/Core role
• Translate business requirements into stable API capabilities without leaking internals

Requirements
• Strong experience building production APIs (REST and/or GraphQL)
• Deep understanding of API design patterns: versioning, pagination, error models, idempotency
• Solid knowledge of authentication/authorization concepts at the API boundary
• Comfort working with a Supabase/Postgres-backed system (even if you don’t own schema design)
• Experience writing tests for APIs (integration/contract tests) and maintaining docs

Nice to have
• Experience designing webhook ecosystems and third-party integrations
• Familiarity with OpenAPI tooling, API gateways, rate limiting solutions
• Observability for APIs: structured logs, tracing, performance metrics

Collaboration / Interfaces
• Works closely with the Backend Developer (Core/Data), ensuring:
• API reflects domain rules correctly
• Clean separation between domain internals and external contracts
• Shared approach to errors, logging, and security