Orphan, Shadow, and Zombie APIs - by Bruno Pedro

APIs that go rogue are almost impossible to tame. While managing the APIs you already know can sometimes be challenging, imagine the difficulty of controlling the ones you don't even know exist. What I think is even more confusing is the terminology we're using when we refer to the different types of unknown APIs. Read on if, like me, you often feel confused when someone says an API is an orphan, shadow, or zombie.

Speakeasy provides you with the tools to craft truly developer-friendly integration experiences for your APIs: idiomatic, strongly typed, lightweight & customizable SDKs in 8+ languages, Terraform providers & always-in-sync docs. Increase API user adoption with friction-free integrations.

Calling an API "rogue" isn't something I hear every day—thankfully. Because, in the existing terminology, people refer to a rogue API as one with unpredictable and mostly dangerous behavior. You wouldn't want to come across too many rogue APIs, would you? But if you do, you want at least to know how rogue an API is. Is an API rogue because its behavior is erratic? Or is the API dangerous in a way that can damage the business? Or is it a threat from a security perspective?

Thankfully—to many people, not me—there's a categorization of the level of rogueness of an API. In fact, there are three broad categories that you can use to identify rogue APIs: shadow, orphan, and zombie. Each one lets you focus on a particular characteristic. However, you can find APIs that are in more than one category. Which makes them even more rogue. I never like referring to certain APIs as rogue. Even less, to think of an API as a zombie or as any of the other categories, for all that matters.

Leave a Comment