You need to be able to support much larger user loads than you might envision when designing your component or predicting use patterns. All it takes is someone putting your API into a hot consumer application and, all of a sudden, you have massive traffic. Scalability and management are critical. Fortunately, cloud computing is available to support the former, and a number of API management products and services can address the latter.
Throttle responsibly. It's a fact of life that you'll need to throttle traffic in the face of DDoS attacks. However, understand that you can experience significant traffic from a single source that represents real users or a real use case, not an attack.
One of the funniest and saddest responses to this type of situation came when a company that shall go nameless throttled calls to its API and, when asked, asserted that the API was receiving "dozens of calls per second, each of which requires a custom XML response string." They viewed that as an unacceptable amount of traffic, betraying a limited understanding of real-world requirements for a service-based offering.
Plan your roadmap with its use case in mind. Keep the above constraints in mind when planning new functionality. Changing an existing API should be a last resort, not an easy way out of a design challenge.
As you can see, it's easier to talk about being a software company than actually be a software company. One well-known technical analyst tells me that his firm has many enterprises engaging him to talk about how they can operate like Netflix — with disappointment a common reaction once they learn what doing so really means.
Notwithstanding the disillusionment one confronts when considering such significant changes, it's clear that they will become the norm. After all, IDC has outlined the fate of those who don't change: Being part of the one-third of every industry that's disrupted by those leveraging the third platform.
Sign up for CIO Asia eNewsletters.