API Design
api-design
System Design
REST API Design & Best Practices
REST (Representational State Transfer) is the dominant architectural style for building web APIs. Nearly every system you design in an interview will have a REST API as the interface between clients and servers. This lesson covers REST principles, URL design conventions, request/response patterns, pagination, versioning, error handling, and the trade-offs that separate a good API from a bad one.
gRPC, GraphQL & API Gateway Patterns
REST is the default API style, but it is not always the best fit. gRPC excels at internal microservice communication with its binary protocol, strong typing, and streaming support. GraphQL solves the over-fetching and under-fetching problems of REST by letting clients request exactly the data they need. API Gateways unify multiple backend services behind a single entry point. This lesson covers when and why to use each technology, how they work at a protocol level, and how to combine them in a real-world architecture.
Community
RBAC vs ABAC vs ReBAC, Explained
RBAC, ABAC, and ReBAC are different shapes for different rules, not stages of maturity. Pick by the shape of your access policy, and most real systems end up a thoughtful hybrid.
gRPC vs REST Tradeoff Quiz
A 4-question reference set comparing gRPC and REST on the dimensions that matter at interview time: latency overhead, call types, schema evolution, and observability. Pick the right tool for the workload.
Pagination Strategies: Offset, Cursor, and Keyset
Offset is the default that breaks under load. Keyset is what you want for most lists. Cursor is keyset wearing a public costume. Pick deliberately, not by ORM defaults.
Rate Limiting on the Edge with a Redis Token Bucket
Token bucket as a single Redis Lua script, evaluated atomically, deployed near the edge. The implementation, the failure modes, and what I would actually ship today.
API Gateway vs BFF vs Reverse Proxy
Three terms, three distinct concerns, three different owners. Most teams collapse them and end up with one thing pretending to be all three.
Rate Limiting: Token Bucket vs Sliding Window
Token bucket is the right default. Sliding window log is correct but expensive. Fixed window is the algorithm I would not ship.
REST vs GraphQL vs RPC: Pick the Fit, Not the Trend
Three protocols, three call shapes. The wrong choice is fixable, indecision is not. Pick by caller, dominant call shape, and how much HTTP caching matters.
Error Handling in REST APIs: The Shape I Settled On
RFC 7807 plus a code, requestId, errors array, and documentationUrl. The eight fields earning their keep, the status codes everyone confuses, and what changed my mind across four APIs.
Idempotency Keys: The Pattern Stripe Taught Everyone
The key itself is the trivial part. The lifecycle, the storage, the body fingerprint, and the TTL are where production teams trip.
Express vs NestJS Middleware Quiz
Four questions comparing Express middleware to NestJS guards, interceptors, and pipes. Aimed at devs who came up on Express and keep reaching for `app.use()` when Nest already gives them a better seam.
Webhook Design: Retries, Signatures, and Replay Protection
Sign requests. Dedupe by event id. Apply idempotently by resource id. Ack fast, process async. Tolerate out-of-order. Five concerns that turn a webhook into critical infrastructure.
Shopify Senior Engineer Loop: Take-Home Plus Architecture
A Shopify senior backend loop centered on a take-home, an architecture deep dive on what I built, and a Life Story round.
API Versioning Strategies Without the Pain
Pick a versioning strategy on the day you ship the first version. URI versioning is the safe default, calendar dating is the gold standard, and your first release IS a contract.
