I've been building APIs for a long time now and it is becoming ever more common for server-side developer thanks to the rise of front-end JavaScript frameworks, iPhone applications and generally API-centric architectures. On one hand you're just grabbing stuff from a data source and shoving it out as JSON, but surviving changes in business logic, database schema updates, new or deprecated etc gets super difficult. This talk will outline the common pitfalls developers get trapped in when building APIs and outline methods to avoid them, including naming stuff badly then having to rename everything, when and how to use POST/PUT/PATCH, data structures, DDoSing yourself because pagination, picking your authentication system and all sorts of other stuff.