Backend Developer Interview Questions

REST uses fixed endpoints where each endpoint returns a predefined data structure, while GraphQL exposes a single endpoint and lets clients query exactly the fields they need. GraphQL reduces over-fetching and under-fetching but adds complexity; REST is simpler and more cacheable by default.

HTTP status codes indicate the result of a request. 2xx means success (200 OK, 201 Created), 4xx means client error (400 Bad Request, 401 Unauthorized, 404 Not Found), and 5xx means server error (500 Internal Server Error, 503 Service Unavailable).

SQL databases are relational, schema-based, and use structured query language — good for complex joins and ACID transactions (e.g., PostgreSQL, MySQL). NoSQL databases are schema-flexible and optimized for scale or specific data models like documents, key-value, graph, or column-family (e.g., MongoDB, Redis, Cassandra).

An index is a data structure (commonly a B-tree) that speeds up read queries by allowing the database to locate rows without a full table scan. You add indexes on columns frequently used in WHERE, JOIN, or ORDER BY clauses, but they slow down writes and consume extra storage, so they should be used selectively.

Authentication verifies who you are (e.g., logging in with a username and password or a JWT token). Authorization determines what you are allowed to do after being authenticated (e.g., checking if a user has admin privileges to access a resource).

A RESTful API is a web service following REST architectural constraints: statelessness, client-server separation, uniform interface, layered system, cacheability, and optionally code-on-demand. Statelessness is the most critical — each request must contain all information needed to process it, with no server-side session dependency.

Normalization organizes a database to reduce redundancy and improve integrity. 1NF requires atomic column values with no repeating groups. 2NF requires every non-key attribute to depend on the entire primary key (no partial dependency). 3NF requires every non-key attribute to depend only on the primary key (no transitive dependency).

A JWT is a compact, self-contained token with three Base64URL-encoded parts separated by dots: Header (algorithm and token type), Payload (claims/data), and Signature (HMAC or RSA hash of header+payload using a secret). The server validates the signature on each request without needing a session store, making it stateless.

Caching stores frequently accessed data in fast storage (e.g., Redis, Memcached) to reduce latency and database load. Common strategies include cache-aside (app checks cache before DB), write-through (write to cache and DB simultaneously), and write-behind (write to cache first, async to DB). Cache invalidation and TTL policies are critical to prevent stale data.

The N+1 problem occurs when fetching a list of N records triggers N additional queries for each record's related data (e.g., fetching 100 users then querying each user's posts separately). It is fixed using eager loading (JOIN or ORM includes), data loaders (batching), or denormalization for read-heavy paths.

Vertical scaling (scale up) means adding more resources (CPU, RAM) to a single server — simple but has a ceiling and single point of failure. Horizontal scaling (scale out) means adding more server instances behind a load balancer — more resilient and theoretically unlimited but requires stateless services and distributed data management.

A message queue (e.g., RabbitMQ, Kafka, SQS) decouples producers and consumers by holding messages asynchronously. You use them for background jobs, event-driven processing, rate-limiting spiky traffic, or ensuring reliable delivery between services — preventing one slow service from blocking another.

ACID stands for Atomicity (all-or-nothing operations), Consistency (data remains valid after a transaction), Isolation (concurrent transactions don't interfere), and Durability (committed data survives failures). These properties guarantee reliable database transactions and are fundamental in relational databases like PostgreSQL.

A connection pool maintains a set of pre-established database connections that are reused across requests, avoiding the overhead of creating a new connection per query. Without pooling, high-traffic applications exhaust database connections, leading to latency spikes or connection refusals. Libraries like PgBouncer or built-in ORM pools manage this.

CAP theorem states that a distributed system can guarantee only two of three: Consistency (all nodes see the same data), Availability (every request gets a response), and Partition Tolerance (system works despite network splits). Since network partitions are unavoidable, systems must choose between CP (e.g., HBase, Zookeeper) or AP (e.g., Cassandra, DynamoDB) behavior during a partition.

Strong consistency guarantees that after a write, all subsequent reads immediately return the updated value. Eventual consistency allows temporary stale reads, guaranteeing only that all nodes will converge to the same value eventually. Eventual consistency enables higher availability and lower latency but requires the application to handle stale data scenarios.

A common approach uses a sliding window or token bucket algorithm backed by Redis. For each client (identified by API key or IP), you store a counter in Redis with an expiry window and increment it per request, rejecting with 429 Too Many Requests when the limit is exceeded. For distributed setups, Redis handles atomic increments across multiple API server instances.

Pessimistic locking acquires a lock on a record before reading or modifying it (e.g., SELECT FOR UPDATE), preventing concurrent modifications but reducing throughput. Optimistic locking does not lock the row but checks a version field at update time, rolling back if the version changed since the read — better for low-contention scenarios with higher concurrency.

A distributed transaction spans multiple services or databases, making ACID guarantees hard to achieve. Common patterns include the Saga pattern (a sequence of local transactions with compensating rollbacks on failure) and Two-Phase Commit (2PC), which coordinates a global commit but introduces blocking and latency. Sagas are preferred in microservices for resilience.

Core components: a hash/encode function (Base62 of an auto-incremented ID) to generate short codes, a key-value store (Redis or DynamoDB) mapping short code to long URL for O(1) reads, and a relational DB for persistence and analytics. At scale, add a CDN or in-memory cache for hot URLs, rate limiting, and a distributed ID generator (e.g., Snowflake) to avoid collisions across nodes.