Slides and Recording From My APISEC|Con 2024 Talk on API Sprawl

Bill Doerrfeld | May 22, 2024

What Is API Sprawl, And What Can You Do About It?


You may think your API portfolio looks well-maintained, like a pristine city. Well, think again — welcome to the desert of the real... a land full of zombie APIs and shadow endpoints...


Today, I presented at APIsec University's online conference, API|SEC CON 2024, which had over 1,700 people join to talk all things API security. In my session, What Is API Sprawl, And What Can You Do About It?, I went through some statistics about the state of API adoption and spotlighted some indications that API sprawl conditions are emerging. I ended with some ideas on how to avoid API sprawl. All with references to The Matrix, of course.


Thank you for inviting me to speak, it was a pleasure to be a part of the event!


Here are some of the resources I mentioned in my talk:


- APIFutures: API Sprawl to Be a Pressing Concern in 2024

- API Futures project

- Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy, F5 report, 2021.

- Why CIOs back API governance to avoid tech sprawl

- The 2022 API Security Trends Report, S&P Global Market Intelligence, 2022.

- The Nordic APIs blog and digest

- OWASP API Security Top 10 2023


Follow me on LinkedIn or X for updates about my articles and upcoming research into API governance!


Download the slides here:




Download Slides
Making developer productivity metrics actionable LeadDev DirectorPlus
By Bill Doerrfeld April 25, 2025
Developer productivity metrics are useless if they're just sitting in dashboards. So, how can we use them to direct positive, real-world action?
New study reveals what really drives revenue per engineer
By Bill Doerrfeld April 10, 2025
What leads to a higher revenue per engineer? New benchmarking from DX reveals how areas like R&D spend, org size, and growth rate move the needle.
LLMs can now cite their sources
By Bill Doerrfeld April 9, 2025
My latest post on The New Stack reveals how researchers pinpoint the exact sources behind chatbot responses.
Exploring alternative managed Kubernetes platforms
By Bill Doerrfeld March 31, 2025
The Kubernetes ecosystem has exploded with managed platforms tailored to multi-cloud, edge, on-prem, and regional deployments.
Bringing internal engineering gems into the light
By Bill Doerrfeld March 28, 2025
Some internal projects are too good to stay hidden. For DirectorPlus, Spotify's Pia Nilsson shares how to identify and externalize internal platforms — like they did with Backstage.
Why AI-generated code is not enough
By Bill Doerrfeld March 17, 2025
My latest feature for InfoWorld looks into the gaps surrounding AI-generated code and what leaders believe we need to improve the status quo.
Can LLMs accelerate requirements engineering?
By Bill Doerrfeld March 6, 2025
New research shows LLMs outperform humans in software requirements engineering, reducing weeks of work to seconds while improving completeness by 10.2%.
Infoworld feature on ebpf and container networking
By Bill Doerrfeld March 3, 2025
Containers are designed to be isolated—that's great for security but tricky for networking. My feature with InfoWorld explores how eBPF is evolving container networking.
Agentic AI DirectorPlus New Relic
By Bill Doerrfeld February 28, 2025
I recently synced with Camden Swita, Head of AI and ML Innovation at New Relic, to see how software engineers are implementing agentic AI in practice.
Study reveals growing technical debt in AI age
By Bill Doerrfeld February 19, 2025
The 2nd annual code quality report from GitClear found 10x more duplicated code than two years ago and fewer signs of code reuse than ever before.
More Posts