Correctness · money · durable delivery · limits
API contracts that survive failure.
Design, defend, and debug APIs when clients retry, webhooks duplicate, limits trip, and money must not double-count. Mechanism + math + debug — not “use REST.” Full course below; start on the CMD spine if you want the production path.
CMD start path spine first
Same niche as the sister systems guide: correctness · money · durability at the API plane. Full map: docs/CMD-BRIDGE.md. Calibration plan: docs/REVIEW-5-API-DESIGN.md.
SLIs / SLOs
Error budgets before features.
A2Idempotency
Retries without double effects.
A3Webhooks
At-least-once outbound contracts.
A4Webhook system
Durable delivery pipeline.
B1Idempotency practice
Pay button, lost response, keys.
B2Payments at scale
Ledger, state machine, limits.
B3Stripe case study
Money API design in the wild.
B4Saga checkout
Compensate multi-step flows.
C1Rate limiting
Five algorithms + distributed.
C2API gateway
Front door policies & failure.
C3Circuit breaker
Fail fast under dependency death.
C4Consistency & CAP
What the API can honestly promise.
0 / 123 lessons complete
Part 1 — Foundations10/10
How the machinery under every API works. Master this and the rest is application.
What an API really is
Contracts, not code — the promise between two programs.
02What makes an API good
Qualities of a great contract; design-first vs code-first; the lifecycle.
03Layers & the narrow waist
TCP/IP & OSI layers and why everything funnels through IP.
04Latency vs throughput
The two numbers, the four delays, and percentiles.
05Network sockets
The pipe every API rides on: ports, TCP handshake, keep-alive.
06How the Web works
URLs, DNS, and the full lifecycle of a request.
07HTTP & how it evolved
Methods, status codes, headers; 1.0 → HTTP/3 over QUIC.
08Remote procedure calls
Making a network call feel local — and where the illusion leaks.
09WebSockets & real-time
Two-way channels: polling vs SSE vs WebSockets.
10SLIs, SLOs & SLAs
Measuring reliability and spending an error budget.
Part 2 — Data & Formats3/3
How API data is represented on the wire and why format choice matters.
Part 3 — Architectural Styles7/7
REST, GraphQL, gRPC — what each is and when to reach for it.
Web API styles overview
Request-response, query, and RPC families compared.
as-02REST architecture style
Resources, uniform interface, statelessness, HATEOAS.
as-03RESTful APIs in practice
Richardson maturity, naming, status codes, pagination.
as-04GraphQL: a query language
One endpoint, client-shaped responses, N+1 traps.
as-05gRPC framework
Protobuf + HTTP/2 streaming for internal services.
as-06Comparing the styles
A decision guide: pick the right style per use case.
as-07Client-adapting APIs
Content negotiation, sparse fields, and the BFF pattern.
Part 4 — Resource Design Patterns8/8
Build-along resource modelling — standard & custom methods, field masks, long-running ops, batch, soft delete — ending in a complete mock API you can stand up.
Resource-oriented design & naming
Model the domain as resources, collections, and a clean hierarchy.
rdp-02Standard methods (CRUD)
List, Get, Create, Update, Delete — the canonical contract.
rdp-03Custom methods (:verb)
Actions that aren't CRUD, done the REST way.
rdp-04Partial updates & field masks
PATCH with update_mask — change only what you mean to.
rdp-05Long-running operations
Async operation resources you poll to completion.
rdp-06Batch operations
batchGet/Create/Update/Delete — kill the N+1 round trips.
rdp-07Soft delete & validation
Recycle-bin deletes, undelete, expunge, and dry-run.
rdp-08Capstone: build a mock API
Assemble every pattern into a complete, buildable mock.
Part 5 — Security12/12
Protecting APIs end to end: transport, identity, and input.
API security threats
The threat model and the OWASP API risks.
sec-02Transport Layer Security (TLS)
Encryption, certificates, and the TLS handshake.
sec-03Securing APIs with input validation
Injection, allow-lists, and never trusting the client.
sec-04CORS, explained
The same-origin policy and how CORS safely relaxes it.
sec-05Authentication vs authorization
Who you are vs what you may do.
sec-06OAuth 2.0
Delegated access, tokens, and the common flows.
sec-07OpenID Connect & SAML
Federated identity and single sign-on.
sec-08API keys, JWTs & a checklist
Bearer tokens, JWT pitfalls, and a hardening checklist.
sec-09Cookies, sessions & CSRF
Web state, session vs token auth, and CSRF defenses.
sec-10Threat modeling (STRIDE)
Think like an attacker: trust boundaries and the six threat classes.
sec-11OWASP API Security Top 10
Deep dive: Server-Side Request Forgery (SSRF), Mass Assignment, and Sensitive Flow abuse.
sec-12Advanced OWASP API Risks
Deep dive: inventory audits, stack trace leaks, and unsafe consumption.
Part 6 — Reliability & Scale19/19
The patterns that keep APIs correct and fast under load.
API versioning
Evolving without breaking callers.
rel-02Idempotency
Making retries safe; idempotency keys in practice.
rel-03Rate limiting algorithms
Token/leaky bucket, fixed & sliding windows — with code.
rel-04API gateway deep dive
The front door: routing, auth, limiting, aggregation.
rel-05Retries & backoff
Exponential backoff, jitter, and retry storms.
rel-06Circuit breaker pattern
Failing fast to protect a struggling dependency.
rel-07Caching at every layer
Client, CDN, gateway, app, and DB caches.
rel-08Load balancing
Spreading traffic; L4 vs L7; health checks.
rel-09Monitoring & observability
Metrics, logs, traces, and the four golden signals.
rel-10Event-driven & pub/sub
Queues, topics, and decoupling with messages.
rel-11Evolving APIs safely
Additive change, tolerant reader, expand-and-contract.
rel-12Designing webhooks
Payloads, HMAC signing, retries, replay, idempotent consumers.
rel-13Capacity estimation
Back-of-the-envelope sizing: QPS, storage, servers for N users.
rel-14Scaling 1 → 1M users
Vertical vs horizontal, statelessness, the architecture progression.
rel-15Scaling the database
Read replicas, sharding, hot keys, denormalization, CQRS.
rel-16Consistency & CAP
Strong vs eventual, CAP/PACELC, quorum, stale reads.
rel-17High availability
No SPOF, multi-AZ/region, active-active, failover.
rel-18Resilience & disaster recovery
Graceful degradation, bulkheads, load shedding, RTO/RPO, chaos.
rel-19Chaos & progressive delivery
Canary deployments, traffic shifting math, feature flagging, connection draining, and proactive fault injection.
Part 7 — Performance5/5
Estimating and shrinking response time.
Estimating response time
A repeatable method to estimate an API's response time.
perf-02Latency budgets
Splitting a target across hops and components.
perf-03Speeding up page loads
Critical path, payload size, and round trips.
perf-04Data fetching & pagination
Cursor vs offset, batching, prefetch, debouncing.
perf-05Server vs client rendering
SSR, CSR, SSG and what each means for your API.
Part 8 — Production at Scale10/10
Interactive simulators + evidence-based scaling walkthroughs — drag the load toward 100M and watch the behaviour. Figures are first-principles models, cited and labeled.
Simulator: rate limiter
Multi-tenant token bucket — watch throttling & 429s as load hits 100M.
sim-02Simulator: cache hit ratio
Hit rate → effective latency and origin load.
sim-03Simulator: consistent hashing
Add nodes, push a hot key → per-node load & remap %.
sim-04Simulator: queue & backpressure
Producer vs consumers → queue depth, lag, drops.
sim-05Simulator: retry storm
Failure rate × retries → the traffic amplification.
sim-06Simulator: capacity & latency
QPS → servers needed and the utilization hockey-stick.
ws-01Walkthrough: 1 box → 100M/day
The scaling staircase, each step forced by a number.
ws-02Walkthrough: payments at 100M
Keeping money correct at scale (Stripe-style, modeled).
ws-03Walkthrough: read-heavy feed
Fan-out, write amplification, the celebrity problem.
ws-04Walkthrough: real-time chat
Millions of connections + pub/sub fan-out.
Part 9 — Platform & API Product Engineering9/9
Your API as a product others build on: nested quotas, webhook delivery, error models, multi-tenancy, dev-platform keys, platform auth, metering — ending in a full developer-platform design.
Nested & tiered rate limits
Compose per-key + per-app + per-account daily quotas atomically.
plat-02Webhook delivery system
Fan-out, signing, retries, DLQ, replay, per-consumer isolation.
plat-03Designing your error model
Envelopes, codes vs status, partial failures, retryability.
plat-04Optimistic concurrency
ETag/If-Match, the lost-update problem, 409/412.
plat-05Multi-tenancy & isolation
Silo vs pool vs bridge; noisy neighbours; tenant scoping.
plat-06Apps, keys, scopes & rotation
Minting, hashing, restricted keys, dual-key rotation.
plat-07Platform & third-party auth
Installed apps, per-install tokens, Connect-style on-behalf-of.
plat-08Usage metering & monetization
Counting billable events reliably; quotas → plans → overage.
plat-09Capstone: design a developer platform
N apps, keys, webhooks, nested quotas — end to end.
Part 10 — Debugging & Real-World6/6
Diagnosing real API failures — the skills interviews and on-call both test.
The API debugging mindset
Reproduce, isolate by layer, read the evidence.
dbg-02Reading errors & status codes
What 4xx/5xx, timeouts, and resets actually tell you.
dbg-03Acing the Stripe-style debugging interview
The bug-squash round: format, scoring, a 10-step playbook, and a worked walkthrough.
dbg-04Debugging webhooks
Missed events, retries, signatures, and replay.
dbg-05Idempotency in practice
Double charges, dedup keys, and safe retries.
dbg-06Handling 429s & throttling
Reading limit headers and backing off correctly.
Part 11 — Design Case Studies22/22
The repeating interview pattern: requirements → decisions → API model → evaluation.
The case-study framework
How to drive any 'design the API for X' question.
cs-01Design: Search API
Query, filters, pagination, latency budget.
cs-02Design: File upload/download API
Chunking, resumable uploads, presigned URLs.
cs-03Design: Comment & rating API
Nested resources, moderation, counts.
cs-04Design: Pub/Sub API
Topics, subscriptions, delivery guarantees.
cs-05Design: URL shortener
Key generation, redirects, analytics (original).
cs-06Design: Notification service
Fan-out, channels, preferences (original).
cs-07Design: Video streaming API
Upload, transcode, adaptive playback.
cs-08Design: Chat/messenger API
Delivery, presence, ordering, real-time.
cs-09Design: Maps API
Tiles, routing, geo queries.
cs-10Design: Video conferencing API
Rooms, signaling, media routing.
cs-11Design: Online judge API
Submit, sandbox, verdicts.
cs-12Design: Payments API
Charges, idempotency, webhooks, the money path.
cs-13Design: Social feed API
Timeline, fan-out, follows.
cs-14Design: Ride-hailing API
Matching, location, trip lifecycle.
cs-15Design: Gaming/leaderboard API
Real-time state, rankings, anti-cheat.
cs-16Design: Chess / turn-based game API
Move validation, game state, anti-cheat, real-time turns.
cs-17Design: Price-tracker API
External polling, price history, alerts (original).
cs-18Design: Slack API
Real-time messaging, WebSockets, connection lifecycle, and presence.
cs-19Design: Collaborative Editing API
Real-time document sync, Operational Transformation (OT) vs. CRDTs, and scaling math.
cs-20Design: IoT Data Ingestion API
High-throughput append-only telemetry, binary serialization (Protobuf), and time-series DB scaling.
cs-21Design: E-commerce Saga Checkout API
Distributed transactions, Saga pattern, compensating actions, and the outbox pattern.
Part 12 — Failure Case Studies4/4
What real outages teach about API design.
What causes API failures
The taxonomy: load, dependencies, deploys, data.
fail-02Knight Capital
How a deploy/flag bug lost $440M in 45 minutes.
fail-03The 2017 S3 outage
A typo, a cascading dependency, and blast radius.
fail-04Config & dependency outages
When the control plane takes everything down.
Part 13 — Interview Prep7/7
Drill, self-test, and a repeatable method to ace the interview.
API interview question bank
100+ questions, low → high, with answers.
prep-02The API design cheat-sheet
One-page method + checklists for the whiteboard.
prep-03How you're scored
The rubric interviewers use, and how to hit it.
prep-04Mock interview prompts
Timed prompts with model answers.
prep-05Business & product sense
API business models, metering, and leading with the 'why'.
prep-06How leading APIs do it
Stripe, AWS, GitHub, HubSpot, Shopify: rate limits, versioning, auth, webhooks — cited.
prep-07Inside Stripe's API (deep dive)
Token-bucket + 4 limiters, the version-change layer, idempotency-key store — traced.