Microservicessystem_design~25 mins

REST API between services in Microservices - System Design Exercise

Choose your learning style9 modes available

Learn Why Deep Arch Practice Challenge Design Recall Scale

Design: REST API Communication Between Microservices

Design focuses on REST API communication between microservices including security, reliability, and scalability. Out of scope are the internal business logic of services and UI design.

Functional Requirements

FR1: Enable communication between multiple microservices using REST APIs

FR2: Support synchronous request-response interactions

FR3: Ensure secure communication with authentication and authorization

FR4: Handle failures gracefully with retries and timeouts

FR5: Allow versioning of APIs for backward compatibility

FR6: Support monitoring and logging of API calls

Non-Functional Requirements

NFR1: Handle up to 10,000 requests per second between services

NFR2: API response latency p99 under 200ms

NFR3: 99.9% availability for inter-service communication

NFR4: Use stateless REST APIs

NFR5: Support JSON as data format

Think Before You Design

Questions to Ask

❓ Question 1

❓ Question 2

❓ Question 3

❓ Question 4

❓ Question 5

❓ Question 6

Key Components

API Gateway or Service Mesh for routing and security

Authentication and Authorization service (e.g., OAuth2, JWT)

Load balancers for service endpoints

Retry and timeout mechanisms in client libraries

Centralized logging and monitoring system

API versioning strategy

Design Patterns

Circuit Breaker pattern to handle failures

Retry pattern with exponential backoff

API Gateway pattern for routing and security

Bulkhead pattern to isolate failures

Versioning strategies: URI versioning, header versioning

Reference Architecture

Client Service A  --->  API Gateway  --->  Service B
                     |                  |
                     |                  --->  Service C
                     |
                     --->  Authentication Service

Monitoring & Logging System <--- All Services

Components

API Gateway

Kong / NGINX / Envoy

Routes requests between services, enforces security policies, and handles API versioning

Service A, B, C

Any microservice framework (Spring Boot, Express.js, etc.)

Business logic providers communicating via REST APIs

Authentication Service

OAuth2 Server / JWT Provider

Issues and validates tokens for secure inter-service communication

Load Balancer

AWS ELB / HAProxy

Distributes incoming requests evenly across service instances

Monitoring & Logging

Prometheus, Grafana, ELK Stack

Collects metrics and logs for observability of API calls

Request Flow

1. 1. Service A wants to call Service B's API.

2. 2. Service A obtains a valid JWT token from Authentication Service.

3. 3. Service A sends REST API request with JWT token to API Gateway.

4. 4. API Gateway authenticates the token and routes the request to Service B.

5. 5. Service B processes the request and sends response back to API Gateway.

6. 6. API Gateway forwards the response to Service A.

7. 7. All API calls and responses are logged and monitored.

Database Schema

Not applicable as this design focuses on API communication between services rather than data storage.

Scaling Discussion

Bottlenecks

API Gateway becoming a single point of failure or bottleneck under high load

Authentication Service latency affecting request throughput

Network latency between services impacting response times

Logging and monitoring systems overwhelmed by high volume of API calls

Solutions

Deploy API Gateway in a highly available cluster with autoscaling

Cache authentication tokens locally to reduce calls to Authentication Service

Use service mesh with sidecar proxies to optimize communication and retries

Implement sampling and aggregation in logging to reduce volume

Use CDN or edge caching for static API responses where possible

Interview Tips

Time: Spend 10 minutes clarifying requirements and constraints, 20 minutes designing the architecture and data flow, 10 minutes discussing scaling and trade-offs, and 5 minutes summarizing.

Explain the choice of REST APIs for synchronous communication

Discuss security with JWT and OAuth2 tokens

Highlight the role of API Gateway in routing and versioning

Describe failure handling with retries and circuit breakers

Mention monitoring and logging importance for observability

Address scaling challenges and solutions clearly