System Design: APIs, Caching & Scalability

What is REST API and how does it work

REST constraints, statelessness, client-server model, uniform interface, HTTP verbs, resource naming

REST API versioning strategies explained

URI versioning, header versioning, query param versioning, backward compatibility, versioning trade-offs, deprecation strategy

HTTP status codes every backend developer must know

2xx success codes, 4xx client errors, 5xx server errors, 201 vs 200, 400 vs 422, 401 vs 403, idempotency signals

How to design API error responses

error response schema, problem details RFC 7807, machine-readable errors, error codes vs status codes, validation error format, developer experience

API authentication: API keys vs JWT vs OAuth2

API key authentication, JWT structure, OAuth2 flows, bearer tokens, token expiry, refresh tokens, stateless vs stateful auth

What is caching and why does it matter for performance

cache definition, cache hit vs miss, cache hit ratio, latency reduction, origin offloading, cost reduction, when not to cache

Cache eviction policies: LRU, LFU, and TTL explained

LRU eviction, LFU eviction, TTL-based expiry, cache size limits, eviction vs expiration, Redis maxmemory-policy, choosing the right policy

Cache invalidation strategies: how to handle stale data

cache invalidation problem, write-through, write-behind, cache-aside, invalidation on write, event-driven invalidation, cache stampede

HTTP caching with Cache-Control headers

Cache-Control header, max-age directive, no-cache vs no-store, ETag and conditional requests, stale-while-revalidate, CDN caching, browser caching

Redis as a cache: patterns and best practices

Redis data structures, key naming conventions, TTL management, Redis Cluster, connection pooling, avoiding hot keys, Redis vs Memcached

Horizontal vs vertical scaling: when to use each

vertical scaling limits, horizontal scaling, shared nothing architecture, stateless services, scaling trade-offs, cost comparison, cloud elasticity

How load balancers work: algorithms and types

round-robin, least connections, IP hash, layer 4 vs layer 7 load balancing, health checks, sticky sessions, load balancer as SPOF

Database scaling: read replicas and sharding explained

read replicas, replication lag, write path vs read path, horizontal sharding, shard key selection, cross-shard queries, consistent hashing

What is a CDN and how does it reduce latency

CDN edge nodes, Points of Presence, origin server, cache-control for CDN, CDN invalidation, dynamic vs static content, CDN for API responses

Stateless vs stateful services: design trade-offs

stateless service definition, stateful service risks, session externalization, sticky sessions as anti-pattern, idempotent operations, twelve-factor app principles

Why APIs need rate limiting and how it works

rate limiting definition, abuse prevention, DDoS mitigation, fair usage, cost control, rate limiting vs throttling, 429 status code

Fixed window vs sliding window rate limiting algorithms

fixed window algorithm, sliding window log algorithm, sliding window counter, boundary spike problem, memory trade-offs, algorithm selection

Token bucket and leaky bucket rate limiting explained

token bucket algorithm, burst capacity, refill rate, leaky bucket algorithm, smooth output rate, API burst allowance, traffic shaping

Distributed rate limiting with Redis across multiple servers

distributed rate limiting, Redis atomic operations, MULTI/EXEC, Lua scripts in Redis, race conditions in distributed systems, consistency trade-offs

API gateway rate limiting vs application-level rate limiting

API gateway rate limiting, Kong rate limiting plugin, application middleware, latency impact, centralized vs distributed enforcement, per-route limits

Why use a message queue: sync vs async API patterns

synchronous request problems, async decoupling, message queue definition, producer consumer model, durability, back-pressure, use cases for queues

Message queue guarantees: at-least-once vs exactly-once delivery

at-most-once delivery, at-least-once delivery, exactly-once delivery, idempotent consumers, message acknowledgment, dead letter queue, duplicate handling

How BullMQ and Redis-backed job queues work

BullMQ architecture, job states, worker concurrency, job priority, scheduled jobs, job events, Redis Streams, failed job handling

Event-driven architecture: pub/sub pattern explained

pub/sub model, event topics, fan-out, loose coupling, Redis Pub/Sub, event ordering, pub/sub vs message queue, real-time use cases

Job status polling vs webhook callbacks for async APIs

polling pattern, webhook callbacks, 202 Accepted pattern, job status endpoint, webhook security, HMAC signatures, polling vs push trade-offs

How to approach a system design interview question

requirements gathering, capacity estimation, API design first, component selection, trade-off articulation, back-of-envelope calculation, iterative design

Designing a URL shortener system end-to-end

URL shortener architecture, base62 encoding, hash collision handling, redirect performance, read vs write path optimization, analytics counting, database choice

Designing a notification system that scales to millions

notification system architecture, fan-out on write vs read, push vs pull delivery, user preference service, notification templates, delivery receipts, rate limiting notifications

CAP theorem and consistency trade-offs in distributed systems

CAP theorem, consistency, availability, partition tolerance, CP vs AP systems, eventual consistency, strong consistency, PACELC model, practical examples

Observability in production: metrics, logging, and tracing

observability pillars, structured logging, distributed tracing, metrics vs logs, SLO and SLA, alerting on symptoms not causes, correlation IDs, OpenTelemetry