1. Pagination: Don’t show all data to in one call, use pagination instead.
2. Versioning: Whenever there is a change in APIs instead of adding a change in currently stable APIs go for creating another version of APIs. Like if previously you have version 1 (v1) of APIs. Then now you should have version 2 (v2).
3. Authentication: Your APIs endpoints should be secure and should not be available for public access.
4. Rate Limiting & Throttling: Limit your APIs endpoints hits per user/token. So that no one can exploit your server resources.
5. HTTP Caching: Conditional GET:
6. CORS Requests:
7. Hypermedia:
8. Respond Handling: Different types of responses should be handled properly including success, error, validations, etc.
9. Documentation: is a necessary part for all stakeholders, who can get a quick understanding of using APIs documentation.