“Good APIs are boring. An API that’s interesting is a bad API.”
The wisdom here is hard-won. Never break userspace. Version only as a last resort. Support long-lived API keys because not everyone is a professional engineer. Use idempotency keys for anything involving money. Rate limit everything. Cursor pagination over offsets. Make expensive fields optional. GraphQL is usually more trouble than it’s worth. The best API design is invisible design. Boring is the goal.