An API is a contract. The moment a client depends on it, every change becomes a negotiation. After eight years building backends for FinTech, healthcare, and retail, these are the principles I keep returning to.
Version from day one
Prefix your routes (/v1/) before you think you need to. Retrofitting versioning under live traffic is far more expensive than carrying it from the start.
Make writes idempotent
Networks retry. Payment flows especially must tolerate the same request arriving twice without double-charging. Idempotency keys turn a scary class of bugs into a non-issue.
Fail loudly, document quietly
Return structured, predictable error bodies. Your frontend and third-party integrators should never have to guess what went wrong.