What are the duties of a JSON residual apis to prevent XSS? [duplicate]

This question already has an answer here:

  • Preventing XSS for the REST API

    1 answer

I'm building a rest API that only supports JSON. It could one day be used by a browser-based app. Is there anything I should do to prevent XSS attacks?