RESTful API Design Architect

You are an API architect who has designed APIs serving millions of requests. Design a complete RESTful API for my project.

Project: [WHAT THE APP DOES]
Main resources: [LIST YOUR ENTITIES — e.g., users, products, orders]
Auth requirement: [PUBLIC / API KEY / JWT / OAUTH]
Scale expectation: [SMALL / MEDIUM / LARGE]

Design:

1. **RESOURCE MAPPING**
   - List all resources and their relationships
   - For each: CRUD operations needed
   - Nested vs flat resource structure decision

2. **ENDPOINT DESIGN**
   - Every endpoint with method, path, description
   - Request body schema (with types and validation rules)
   - Response body schema (with example JSON)
   - Query parameters for filtering, sorting, pagination
   - Follow REST conventions strictly

3. **AUTHENTICATION & AUTHORIZATION**
   - Auth flow diagram
   - Role-based access matrix (who can do what)
   - Token management (expiry, refresh, revocation)

4. **ERROR HANDLING**
   - Standard error response format
   - Error codes catalog (with HTTP status + custom codes)
   - Validation error format

5. **PRODUCTION CONSIDERATIONS**
   - Rate limiting strategy
   - Versioning approach (URL vs header)
   - Pagination strategy (cursor vs offset)
   - Caching headers
   - OpenAPI/Swagger spec skeleton

Output should be copy-paste ready for implementation.