PracHub
QuestionsPremiumLearningGuidesInterview PrepNEWCoaches
|Home/System Design/Soti

Design an IP blacklist API

Last updated: May 6, 2026

Quick Overview

This question evaluates API and backend system design skills for network security and distributed caching, encompassing data modeling for exact IPs and CIDR ranges, cache architecture and invalidation, consistency and failure handling, scaling, and observability.

  • medium
  • Soti
  • System Design
  • Software Engineer

Design an IP blacklist API

Company: Soti

Role: Software Engineer

Category: System Design

Difficulty: medium

Interview Round: Onsite

Design an API and backend service for an IP firewall blacklist system. The service should allow security administrators or automated abuse-detection systems to add, remove, update, and query blacklisted IP addresses and IP ranges. Firewall gateways and application services should be able to call the API at high throughput to decide whether an incoming request should be blocked. Focus especially on cache design: - What APIs would you expose? - How would you store exact IP addresses and CIDR ranges? - How would you design the read path so blacklist checks are very low latency? - How would cache invalidation and propagation work when the blacklist changes? - How would you handle scale, consistency, failures, and observability?

Quick Answer: This question evaluates API and backend system design skills for network security and distributed caching, encompassing data modeling for exact IPs and CIDR ranges, cache architecture and invalidation, consistency and failure handling, scaling, and observability.

Soti logo
Soti
Apr 23, 2026, 12:00 AM
Software Engineer
Onsite
System Design
0
0

Design an API and backend service for an IP firewall blacklist system.

The service should allow security administrators or automated abuse-detection systems to add, remove, update, and query blacklisted IP addresses and IP ranges. Firewall gateways and application services should be able to call the API at high throughput to decide whether an incoming request should be blocked.

Focus especially on cache design:

  • What APIs would you expose?
  • How would you store exact IP addresses and CIDR ranges?
  • How would you design the read path so blacklist checks are very low latency?
  • How would cache invalidation and propagation work when the blacklist changes?
  • How would you handle scale, consistency, failures, and observability?

Solution

Show

Comments (0)

Sign in to leave a comment

Loading comments...

Browse More Questions

More System Design•More Soti•More Software Engineer•Soti Software Engineer•Soti System Design•Software Engineer System Design
PracHub

Master your tech interviews with 7,500+ real questions from top companies.

Product

  • Questions
  • Learning Tracks
  • Interview Guides
  • Resources
  • Premium
  • For Universities
  • Student Access

Browse

  • By Company
  • By Role
  • By Category
  • Topic Hubs
  • SQL Questions
  • Compare Platforms
  • Discord Community

Support

  • support@prachub.com
  • (916) 541-4762

Legal

  • Privacy Policy
  • Terms of Service
  • About Us

© 2026 PracHub. All rights reserved.