HTTP API design involves several common pitfalls that developers should be cautious of to ensure APIs are intuitive, standard, and secure. Key issues include mixing query and body parameters, which can lead to confusion, and sending private API keys in query strings, potentially exposing sensitive information in server logs. Choosing the incorrect HTTP method, such as using GET for actions that should be handled by POST, PUT, or PATCH, can disrupt the expected functionality of an API. Additionally, embedding verbs within URLs instead of using appropriate HTTP methods, accepting multiple object types on a single endpoint, and reinventing existing header functionalities like content negotiation can complicate API use and maintenance. While REST/HTTP provides flexibility, adhering to best practices enhances the usability and security of APIs.