Over the years I've switched my philosophy to "be paranoid about what you accept, normalize inputs, randomize outputs, and fail loud and on purpose."
Make it so that if the caller/client works at all then it must work correctly. Force them to handle errors and retry on things that might fail, values that might change, and if the result is something that must be parsed send it back in varying formats so they have to parse it.
Make it so that if the caller/client works at all then it must work correctly. Force them to handle errors and retry on things that might fail, values that might change, and if the result is something that must be parsed send it back in varying formats so they have to parse it.