Software Architecture (System Design)

Basic

  • HTTP vs HTTPS
  • REST vs SOAP
  • HTTP status codes
    • 200, 201, 400, 401, 402, 403, 404, 500, 502
    • 100–199 = informational
    • 200–299 = success
    • 300–399 = redirection
    • 400–499 = client-side errors
    • 500–599 = server-side errors
  • POST vs PUT vs PATCH?
  • Can we use POST for Delete? If not, why?
  • Why does the browser send OPTIONS requests before POST/GET requests?
  • How do you do authentication and authorization?
  • JWT – how does it work? Which encryption algorithm do you use (HS256 / RS256)?
    • Ref
    • What are its advantages over others?

  • HS256 / RS256

    • HS256
      • HMAC using SHA-256
      • HMAC = Hash-based Message Authentication Code
      • Uses symmetric key (same secret for sign & verify)
    • RS256
      • RSA using SHA-256
      • RSA = Rivest–Shamir–Adleman
      • Uses asymmetric keys (private key sign, public key verify)
  • What do you use for authentication and authorization? [JWT]
  • How do you maintain the session on the server side? [Redis Cache or other]
  • Which type of API Gateway is being used in your project?
  • CORS?
  • CSRF?
  • Where do you handle exceptions in MVC if an exception comes in the service layer? [Controller or Service?]
  • Multi-tenant architecture?
  • What are microservices?
  • What is an API Gateway in microservices? Types? Which one is used in your app?
  • How do your microservices interact with each other? [JWT token & allowed IPs]
  • How do you do user authentication in different microservices? [JWT & OAuth-OpenID]
  • Circuit breaker in microservices?
  • How do you implement pagination in your API?
  • Do you send images/large data in normal GET APIs? If not, how
    • [Image access links]
  • REST API maturity levels? [Maturity Model]
  • Swagger for documentation & OpenAPI specifications
  • Did you use third-party authentication? [Google OAuth, AWS Cognito]
  • Serverless programming? [AWS Lambda, Firebase Functions]
  • Where do you store large files and images? [AWS S3]
  • How do you manage DB transactions? When to use?
    • Transaction management, ACID principles
  • How do you maintain user sessions on the server side?
    • RedisCache / request session / Cookie
  • How do you set a limit for number of API requests?
    • Store IP & request counts in cache
  • How do you make sure only one client uses a JWT token?
    • Restrict sharing by validating IP address stored in session or JWT
  • Why do we use a particular database?
  • Redis Cache – when to use?
  • Elasticsearch – why do we need it?
  • How do you deploy your application?
  • Which version control/source management tools do you use?
    • GIT
  • How do you use CI/CD?
  • What do you look for in code reviews?
    • Best Practices
  • in Saga design pattern….one service executed 5 steps out of 7 & failed. How to handle this
  • How to pass dynamic values to CI pipelines
    • secrets & config
    • atrifact information

Medium

  • Functional Programming
  • Object-Oriented Programming
    • Principles
    • SOLID
  • How HTTP, HTTPS, SSL/TLS work
  • HTTP/1, HTTP/1.1, HTTP/2
  • REST vs GraphQl vs gRPC

Security

  • Authentication & Authorization
    • OAuth2?
      • Access Token & Id Token, Refresh Token
    • OpenID?
    • SSO

Advanced

  • When to use Queues vs Multi-threading
  • Pub/Sub usage
  • System Design

Case Studies / Implementations

  • Snake-Ladder Game (Multi-player)
    • How to design tables?
    • Failure checks
    • User activity/status
    • Multi-player concurrency
    • Handling disconnects:
      • Can the user rejoin?
      • Timeout & rejoin strategy
  • URL Shortener Implementation
  • Parking Lot Design
  • WhatsApp Design
  • Amazon (E-Commerce) Design
  • Netflix Design
  • Instagram Design

System Design Questions

  1. URL Shortener
  2. YouTube Design
  3. LMS Design
  4. WhatsApp
  5. Parking Lot
  6. Instagram Design
  7. Payment Gateway – VISA (or any)
  8. Load Balancer
  9. Rate Limit
  10. Cache
  11. Message Queue
  12. Teams App

Extra References

  • Circuit Breaker in Microservices
  • Clean Architecture Tutorial: Design for enterprise-scale apps
  • Backend strategy for massive traffic
  • Microservices Questions
  • Designing a user notification system
  • Distributed transaction management in microservices
  • Important Software Architecture Principles
  • Algorithms for system design interviews
  • 5 Software Architecture Patterns
  • 15 REST API design tips
  • Software Architecture Chronicles
  • Slack System Architecture
  • Design Patterns
  • OOAD Interview Questions & Problems
  • System Design Interview Qs
  • Vending Machine
  • Trade Position Aggregator / Risk Engine
  • Kafka
  • Build Your Own X
  • Database Sharding

  • Distributed Systems

  • Stateful vs Stateless Architecture
  • Microservices Communication (Queues, Topics, Streams)
  • Fundamental Software Architectural Patterns
  • Event Sourcing in Microservices

Design Patterns

References:

  • Microservice Design Patterns
  • JavaScript & Node.js Design Patterns