Need to Discover and Govern Shadow API Gateways
Riley has an accurate central API inventory but cannot account for APIs on teams' own AWS API Gateways.
Take Control Of Your Signals — Become a Naftiko Design Partner Today!
Persona Story:
Riley, the head of APIs, has an accurate inventory of centrally-managed APIs but cannot account for APIs deployed on individual teams’ own AWS API Gateways outside the central catalog.
Problem Context
- Central API catalog is finally accurate after a year of cleanup effort
- However, individuals and teams own their own AWS API Gateways that are not accounted for
- These shadow gateways represent unknown API surface area outside governance
Problem Impact
- Incomplete picture of the organization’s total API footprint
- Shadow APIs create security, compliance, and cost blind spots
- Governance investment is undermined by ungoverned shadow infrastructure
Naftiko Today
- Executable YAML capability specs provide a standardized way to register and describe any API endpoint, giving shadow APIs a governed declaration format
- Backstage Integration (Fleet) offers a centralized catalog UI where teams can scaffold and register capabilities, creating a single pane of glass for API discovery
- JSON Schema validation and Spectral ruleset enforce governance rules on every declared capability, ensuring shadow APIs meet organizational standards once registered
- Multi-source consumption with unique namespaces lets teams bring existing shadow gateway APIs under a single governed framework without rebuilding them
Naftiko Tomorrow
- Naftiko Shipyard MVP (Fleet Second Alpha) would provide a centralized discovery registry where all capabilities, including those on shadow gateways, become visible
- OpenAPI-to-Naftiko import (Second Alpha) would allow bulk onboarding of existing shadow gateway APIs into governed capability specs
- K8s operator + Argo CD (Fleet Second Alpha) would enable automated discovery and deployment governance across cloud infrastructure where shadow gateways live
- Fabric capability discovery (v1.1) would provide cross-organization capability search, surfacing shadow APIs that match existing governed capabilities