You need to design a system to store and validate API keys for millions of users in a microservices environment. Which architectural choice best supports fast validation and scalability?
Think about latency and load on the database when validating keys for every request.
Using a distributed in-memory cache like Redis allows fast lookups with low latency and supports scalability by reducing load on the database.
What is the best practice for rotating API keys to maintain security without disrupting service?
Consider how to avoid downtime during key rotation.
Allowing a grace period where both old and new keys are valid ensures smooth transition without service disruption.
Your API gateway validates API keys for millions of requests per second. Which approach best reduces latency and avoids bottlenecks?
Think about reducing network calls and avoiding single points of failure.
Using a local cache on each gateway instance reduces latency and avoids bottlenecks by minimizing calls to central storage.
Longer API keys increase security but reduce usability. What is the best tradeoff approach?
Consider balancing security and user experience.
Moderate key length with transport security and rate limiting balances security and usability effectively.
You expect 10 million active API keys, each 40 characters long. Each key record stores the key, user ID (8 bytes), creation timestamp (8 bytes), and status (1 byte). Estimate the approximate storage needed in gigabytes (GB) for all keys, assuming UTF-8 encoding (1 byte per character) and ignoring database overhead.
Calculate total bytes per record and multiply by number of keys, then convert to GB (1 GB = 1,073,741,824 bytes).
Each key: 40 bytes (characters) + 8 bytes (user ID) + 8 bytes (timestamp) + 1 byte (status) = 57 bytes per record.
10 million keys × 57 bytes = 570 million bytes ≈ 543 MB ≈ 0.5 GB.