LET'S TALK
← All work
RFC 8594RFC 9745SemVer 2.0.0SOC2 CC8.1API LifecycleDeep Prototype

DeprecationCalendar — RFC 8594 Sunset Rollout

24 deprecated items (APIs, endpoints, fields, OAuth scopes, SDK versions, formats). Per item: announce date, sunset date, replacement, RFC 8594 Sunset header status, customer migration progress, 7-day traffic on the old path. Surfaces 4 items past sunset still receiving traffic, including the v1 PAN-storage endpoint that triggers a PCI-DSS Req 3.5 finding.

DeprecationCalendar — RFC 8594 Sunset Rollout preview
Open live →

What it is

The shape behind every API-platform deprecation register — Stripe Changelog, GitHub API Migrations, AWS Service Deprecations. Per-item announce → migration window → sunset, with the RFC 8594 Sunset HTTP header rolled out to clients.

What’s in it

  • 24 deprecations spanning the surface:
    • endpoint — POST /v1/refunds, GET /v1/orders (offset paging), POST /v1/login (cleartext password), GET /v1/exports (synchronous response), POST /v1/admin/legacy-export (no replacement)
    • field — customer.full_name → first/last, payment.card_number → processor_token, order.legacy_id (int) → ULID, customer.address (string) → object
    • auth — API key v1 → v2, OAuth implicit grant → Authorization Code + PKCE
    • oauth-scopeapi:* → granular api:read / api:write (links to ScopeCreep)
    • webhook — HMAC-MD5 → HMAC-SHA-256, payload v1 → v2 envelope, customer.changed → granular events
    • format — XML response → JSON, form-encoded → JSON
    • sdk — iOS 2.x, Android 1.x, Python 1.x
    • endpoint-family — entire /api/v0/*
  • Per-item shape: announced-N-days-ago, sunset-in-N-days, replacement, RFC 8594 Sunset header status, customer-migration %, 7-day traffic on the old path.
  • 4 worst-offender findings:
    • DEP-007payment.card_number PAST SUNSET 30 days, still 88 requests/week. PCI-DSS Req 3.5 violation.
    • DEP-008 — XML responses past sunset 90 days; 1 customer client still requesting Accept: application/xml. Sunset header was not sent — RFC 8594 violation.
    • DEP-010 — HMAC-MD5 webhook signature past sunset 180 days, 0.2% partner traffic still using.
    • DEP-014 — Android SDK 1.x past sunset, 12% Android user base still on it.
  • Per-item RFC 8594 + RFC 9745 header preview — copy-pasteable Sunset / Deprecation / Link headers with successor-version + deprecation-page links.

Why this shape

RFC 8594 (Sunset HTTP header) + RFC 9745 (Deprecation header) are the standardized way to communicate API lifecycle to clients. SOC2 CC8.1 demands change-management hygiene. SemVer 2.0.0 demands intentional version bumps. The hardest finding: items past sunset still receiving traffic — every one is a customer who needs targeted outreach, and DeprecationCalendar surfaces them in a single sorted list.

How it ships

Single HTML file, ~21KB. Zero dependencies. 24 items × type/status filters + RFC 8594 header generator + timeline renderer in 220 lines of vanilla JavaScript.

Open the tool →