← Back to All Questions
Hard~50 minInfrastructure

Design API Gateway

AmazonKongGoogleMicrosoftStripe

📝 Problem Description

Design an API Gateway that serves as the single entry point for all API requests. Handle routing, authentication, rate limiting, request transformation, and observability.

👤 Use Cases

1.
Client wants to sends API request so that routed to appropriate service
2.
Gateway wants to validates JWT token so that request authenticated
3.
Gateway wants to exceeds rate limit so that returns 429 response
4.
Gateway wants to aggregates responses so that returns combined response to client

✅ Functional Requirements

  • Request routing based on path/headers
  • Authentication (API keys, JWT, OAuth)
  • Rate limiting per client/API
  • Request/response transformation
  • Load balancing across backends
  • Circuit breaker for failing services
  • Request logging and metrics

⚡ Non-Functional Requirements

  • Latency overhead < 10ms
  • Handle 1M requests/sec
  • 99.99% availability
  • Zero-downtime deployments

⚠️ Constraints & Assumptions

  • Must not become bottleneck
  • Config changes without restart
  • Handle heterogeneous backends

📊 Capacity Estimation

👥 Users
10K backend services, 1M requests/sec
💾 Storage
100GB (configs, rate limit state)
⚡ QPS
1M requests/sec
📐 Assumptions
  • 1M requests per second peak
  • 10K different API endpoints
  • Average request size: 1KB
  • Average response size: 10KB
  • 100K unique API clients
  • Gateway overhead budget: < 10ms

💡 Key Concepts

CRITICAL
Request Pipeline
Chain of middleware: auth → rate limit → transform → route → response.
CRITICAL
Token Bucket Rate Limiting
Per-client bucket fills at rate R, max burst B.
HIGH
Circuit Breaker
Stop calling failing backends, return fast failure.
HIGH
Service Discovery
Dynamic backend registration and health checking.

💡 Interview Tips

  • 💡Start with the core responsibilities: routing, auth, rate limiting
  • 💡Discuss the middleware/plugin architecture
  • 💡Emphasize observability and monitoring
  • 💡Be prepared to discuss rate limiting algorithms
  • 💡Know the difference between gateway and reverse proxy
  • 💡Understand circuit breaker and retry patterns