1.)My question is , what is basically the setup for a bitcointumbler?
An onion website with Bitcoin Core running on the back end.
2.) Lot of these mixers are using Exchange Api’s (3rd party) or should they run a Fullnode.
I didn’t know this. I wouldn’t rely on a public APIs, not only, because they are unreliable but if I want to hide my server, then I can only do requests to them with Tor. I am a Tor developer, too and I noticed many times these APIs suddenly stop accepting requests over Tor or using all kind of rate limiting.
3.) What are the do’s and dont’s?
Don’t build a website mixer, they don’t provide much privacy, due to amount correlation and the wallets those are being used to interact with you are also terrible from a privacy point of view. Failing this, you want to at least have fixed denominations for your mixer, so it’d at least provide some privacy. Eg. enable mixing
1 bitcoins, and don’t let them do something like
0.12353243 btc to be mixed, since Blockchain analysis can identify the transactions related to the mixer and based on simple amount analysis would easily reestablish the links.