I don't have an understanding of many of the design patterns and standards that might apply, but what I think of is the following concept:
Build your application's functionality in a modular way, so that the individual features (to an extent) may be added / taken out without breaking a dependency chain. That way you can simply not include a few modules to limit the features. This would essentially mean you build the application once, but distribute in two separate packages. Full version as is, limited version by simply omitting the feature modules.
If you're building a web application, quite simply provide a limited interface to the API, and authenticate users so that they cannot just call the "off-limits" API methods.
EDIT
In your API you would have user roles of some sort (to distinguish full-access and limited-access users), and any call made to the API is authenticated and routed accordingly. Your interface client-side could be handled multiple ways. If you're using a framework like Angular it could be as easy as binding the visibility of certain areas of your interface to whether or not the current user has access. Don't worry about whether or not it's possible for a user to make an API call for the full-version features, because anybody can POST to your API. Just make sure in general the features are either not displayed or are disabled, and authenticate the users when they do make API calls.