API Design is a process of making informed decision on what kind of API paradigm you will be using, how you will expose data, in what format etc. based on the information you have.
A common practice for APIs is to have a rate limiter in front of it to avoid too many requests or to block attacks. It is also a common practice to setup cors so only dedicated domains can access resources.