When Your App and the Gateway Disagree: Orphan Cleanup and State Reconciliation

Anyone who manages an external system from a Laravel app eventually hits the same uncomfortable truth: your database thinks one thing, the external system thinks another, and nobody told either of them they'd drifted apart. Today I spent most of my time on the unglamorous-but-essential side of running an API gateway from Laravel — making the app's view of the world and the gateway's actual state agree, and giving myself safe tools to fix it when they don't.

Two themes came out of it that are worth writing down: orphan cleanup (objects that exist on the gateway but nothing in my app tracks anymore) and key-material sync (keeping JWKS in step with the credentials the app issued). Both are really the same problem wearing different hats — reconciliation across a boundary you don't fully control.

Why drift happens at all

When you provision a service, route, or consumer on a gateway, you're doing a write on two systems: your own database row, and the gateway's config via its admin API. The moment those two writes aren't atomic — and across a network they never are — you have a window where they can disagree.

A few normal, blameless ways it happens: