All IoT devices can have one shadow and one shadow only.

Not all devices have a shadow. But they can have one.

What the heel does that mean?

A device shadow is a JSON file that is used to store the reported state and desired state for a device. The file sits in the cloud, every IoT cloud provider supports this function. It's also sometimes called a twin. Shadow sounds cooler, though.

Each device has only one shadow.

The synchronization is bi-directional, either from the shadow to the device or from the device to the shadow.

There are a couple of possible scenarios.

Scenario 1: unstable network

Let's consider the case of an application that has to read the state of the device. If it were to read the state from the device directly, but the network is down, the request will fail. But if we are using a shadow, the device updates the shadow in the cloud every time it comes online. The application requests data from the shadow which is always online, thus the request never fails.

Scenario 2: high load due to multiple requests

If there is only one request, the load on the device will be manageable. But if you have multiple applications requesting data at the same time, the device can be become overloaded, especially these tiny board with limited resources.

If we add the shadow in this scenarios, we can scale to any number of requests, because they all hit the cloud platform, not the device itself. The cloud platform works like a cache.

Scenario 3: device offline

Even with the best Quality of Service, devices can go offline. When this happens, commands coming from an application will fail and they will need to be retried. The shadow solves this problem, by caching all incoming commands and sending them over to the time once it comes online again.

Scenario 4: Control from anywhere

Without a shadow and IoT platform, it is difficult to implement a way to contorl the device from anywhere in the world. You would have to expose it to the Internet directly via a DNS service. In this case, security becomes a major concern. By using an IoT platform, your device is not exposed to the Internet directly and can also receive commands that were validated by the IoT platform than can perform token validations on the requests and only let valid requests pass-through.

I hope this helps you see the advantages in using a shadow for your device.