Skills

expo-api-routes

Installation
Summary

API routes in Expo Router for server-side logic, secrets, and third-party integrations on EAS Hosting.

  • Create routes with +api.ts suffix in the app directory; export named functions for HTTP methods (GET, POST, PUT, DELETE)
  • Handle query parameters, headers, JSON bodies, and dynamic route segments; add CORS headers for web clients
  • Access server-side secrets via process.env; set variables locally in .env or via eas env:create for production
  • Deploy to EAS Hosting (Cloudflare Workers) with eas deploy; use cloud databases (Turso, Supabase, PlanetScale) since filesystem and Node.js modules are unavailable
  • Test locally with npx expo serve and curl; call routes from client with standard fetch to relative paths like /api/hello
SKILL.md

When to Use API Routes

Use API routes when you need:

  • Server-side secrets — API keys, database credentials, or tokens that must never reach the client
  • Database operations — Direct database queries that shouldn't be exposed
  • Third-party API proxies — Hide API keys when calling external services (OpenAI, Stripe, etc.)
  • Server-side validation — Validate data before database writes
  • Webhook endpoints — Receive callbacks from services like Stripe or GitHub
  • Rate limiting — Control access at the server level
  • Heavy computation — Offload processing that would be slow on mobile

When NOT to Use API Routes

Avoid API routes when:

  • Data is already public — Use direct fetch to public APIs instead
  • No secrets required — Static data or client-safe operations
  • Real-time updates needed — Use WebSockets or services like Supabase Realtime
Related skills

More from expo/skills

Installs
24.3K
Repository
expo/skills
GitHub Stars
1.9K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn