API services are becoming a more and more critical part of the overall world economy, and attacks on API services is on the rise. Whether your services are targeted for fun, profit, or political reasons, it's important to know how to protect your assets (and those of your customers). Mitigating the technological and economic effects of a DoS on your internet-based resources is critical to the success of your company's platform.
Using techniques like IP whitelisting and blacklisting, upstream filtering, rate limiting, and good programming practices is your best defense against would-be attackers. It's important to keep abreast of changes in the security landscape and to make performance and load testing a part of your everyday software delivery practices. Whenever possible, offload the responsibility to companies that specialize in those practices so that you can focus on delivering value to your customers.
Overall, build great stuff... and be careful out there!