Shadow APIs are endpoints that exist but aren't documented, monitored, or maintained — legacy endpoints from previous versions, debug endpoints left in production, internal APIs accidentally exposed externally, or APIs created by individual developers outside the formal process. Discovery involves traffic analysis, JavaScript file scanning, mobile app reverse engineering, and systematic endpoint enumeration. Shadow APIs often lack the security controls applied to documented endpoints, making them high-value targets.
Technical
Shadow API Discovery: Finding the APIs Your Organisation Doesn't Know About — 中国企业指南
Shadow APIs — undocumented, forgotten, or unofficial endpoints — create unmonitored attack surface. How to discover and test them. Guidance for ZH market.