We're a small startup company in the web security space. In a nutshell, we have developed a unique approach to scan and detect web threats. After much consideration, we have decided to welcome the SaaS (Security-as-a-Service) model, mostly due to ease of integration at the client's end and downgrade the overhead of managing a product.
That said, we were left with many unanswered questions regarding API business model that I hope to find an answer here (BTW I have read API and business models ).
I don't have a Security-as-a-Service business model, but do have a Platform-as-a-Service model.
Having seen the follow approach work with many other start ups, I would recommend you build a very basic version or your product and run it as a Beta (even paid).
From that you will get real numbers on usage, costs and upkeep. Many times it's hard to price it using those calculators (I have tried many times).
Once you get a nice spread of users, you will have good numbers to make much bigger decisions on. Good luck.