Backend Developer Interview Help: APIs, Databases, and Architecture Questions

What Backend Interviews Focus On

Backend interviews test your ability to design, build, and scale server-side systems. You will face questions about API design, database selection and optimization, caching strategies, authentication, message queues, and distributed system patterns. The key differentiator at senior levels is not whether you know these topics — it is how deep you can go.

API Design Questions

1. REST vs GraphQL vs gRPC — when do you use each?

REST: standard web APIs, resource-oriented, widely understood. GraphQL: complex data requirements, mobile apps with bandwidth concerns, flexible queries. gRPC: internal microservice communication, high performance, streaming needs.

2. How do you design a RESTful API?

Resource-based URLs (nouns, not verbs), proper HTTP methods (GET/POST/PUT/PATCH/DELETE), status codes, pagination, filtering, versioning strategy, HATEOAS for discoverability, consistent error format.

3. How do you handle API versioning?

URL versioning (/v1/users), header versioning (Accept: application/vnd.api.v1+json), query parameter (?version=1). URL versioning is most common and explicit. Plan deprecation strategy from the start.

4. What is rate limiting and how do you implement it?

Preventing API abuse by limiting requests per time window. Algorithms: token bucket, sliding window, fixed window. Implementation: Redis-based counters, API gateway built-in (Kong, AWS API Gateway). Return 429 with Retry-After header.

5. How do you design an API for pagination?

Offset-based (page/limit — simple but slow for deep pages), cursor-based (next_cursor — consistent, performant), keyset (WHERE id > last_id — best for sorted data). Cursor-based is preferred for most modern APIs.

Database Questions

6. SQL vs NoSQL — how do you decide?

SQL: structured data, complex queries, ACID requirements, relational data. NoSQL: flexible schema, horizontal scaling, high write throughput, document/key-value/graph data models. Often use both in the same system.

7. Explain database indexing — types, trade-offs, strategies.

B-tree indexes for range queries, hash indexes for equality, composite indexes for multi-column queries, partial indexes for filtered data. Trade-off: faster reads, slower writes, more storage. Index columns in WHERE, JOIN, ORDER BY clauses.

8. What is database sharding?

Splitting data across multiple database instances by a shard key. Horizontal partitioning. Challenges: cross-shard queries, rebalancing, choosing the right shard key. Alternatives: read replicas, vertical partitioning, caching before sharding.

9. Explain ACID properties.

Atomicity: transactions are all-or-nothing. Consistency: database moves between valid states. Isolation: concurrent transactions don't interfere. Durability: committed data survives crashes. Different isolation levels trade consistency for performance.

10. How do you optimize a slow database query?

EXPLAIN plan analysis, add missing indexes, rewrite subqueries as JOINs, denormalize for read-heavy paths, caching layer, connection pooling, query result pagination, avoid N+1 queries.

Caching and Performance

11. Explain caching strategies — cache-aside, write-through, write-behind.

Cache-aside: application checks cache first, fetches from DB on miss. Write-through: write to cache and DB simultaneously. Write-behind: write to cache, async write to DB. Each has different consistency and performance characteristics.

12. How do you handle cache invalidation?

TTL-based expiration, event-driven invalidation (publish on data change), versioned cache keys, cache tags for group invalidation. "There are only two hard things in computer science: cache invalidation and naming things."

13. When do you use Redis vs Memcached?

Redis: data structures (lists, sets, sorted sets), persistence, pub/sub, clustering. Memcached: simple key-value, multi-threaded, slightly faster for simple caching. Redis is the default choice in most modern architectures.

Architecture and System Design

14. Explain microservices vs monolith trade-offs.

Monolith: simpler development, easier debugging, lower operational overhead. Microservices: independent deployment, team autonomy, technology flexibility, but adds network complexity, distributed debugging, eventual consistency challenges.

15. How do you implement authentication and authorization?

Authentication: verify identity (JWT tokens, OAuth 2.0, session-based). Authorization: verify permissions (RBAC, ABAC, policy engines). JWT for stateless APIs, sessions for web apps, OAuth for third-party access.

16. Explain the saga pattern for distributed transactions.

Each service performs its local transaction and publishes an event. If any step fails, compensating transactions undo previous steps. Two types: choreography (event-driven) and orchestration (central coordinator).

17. How do you handle asynchronous processing?

Message queues (RabbitMQ, SQS), event streaming (Kafka), background job processors (Sidekiq, Celery). Patterns: pub/sub, work queues, dead letter queues for failed messages, idempotent consumers.

18. What is the circuit breaker pattern?

Prevents cascading failures. States: closed (normal), open (failing fast), half-open (testing recovery). When a service fails repeatedly, the circuit opens and returns errors immediately instead of waiting for timeouts.

Security Questions

19. How do you prevent common security vulnerabilities?

SQL injection: parameterized queries. XSS: output encoding, CSP headers. CSRF: tokens, SameSite cookies. Auth: bcrypt for passwords, secure token storage, rate limiting on login.

20. How do you secure microservice communication?

mTLS between services, JWT for service identity, API gateway for edge security, network policies (Kubernetes), service mesh (Istio) for automatic mTLS, secret management (Vault).

AI-Powered Backend Interview Prep

Backend interviews cover databases, APIs, caching, security, and distributed systems. The depth expected at senior levels means you need to recall specifics about isolation levels, consistency models, and algorithm trade-offs — details you reference documentation for in daily work.

Craqly's AI assistant provides those details in real time during your interview. Focus on demonstrating your architectural thinking while the AI handles recall of specific technical details.