Reducing ambiguity and confusion in API design between API providers (people and systems implementing APIs) and consumers is a significant challenge. We've come up with a way to classify types of APIs to help with this challenge at Rapid7. The classification is based on who can use the APIs and what type of contract exists between the producers and consumers. We've found these classifications to be a boon for simplifying requirement discussions and laying the groundwork for development patterns around API authentication and monitoring/observing API usage. It has also brought about a cultural shift around the importance of our responsibility as providers to serve our consumers, both internally and especially for our external customers. I'll also briefly discuss the challenges and opportunities for applying these methods to new API approaches like GraphQL. Hopefully this will be an inspiration to create an API classification system that will provide similar benefits to you.