Implement a REST API method that creates a resource. Define the request and response schema, validation rules, and appropriate HTTP status codes. Ensure idempotency using an Idempotency-Key header and handle duplicate requests safely. Include error handling, logging, and input sanitization. Discuss authentication and authorization, rate limiting, and how you would write unit and integration tests. Outline the data model and how you would handle concurrent requests to prevent race conditions.

This question evaluates a candidate's ability to design and implement a production-grade REST API focusing on idempotency, concurrency control, authentication/authorization, rate limiting, error handling, data modeling, and testing.

How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

What difficulty level is this interview question?

This is a hard difficulty System Design question, commonly asked during Technical Screen rounds at Apple.

What role is this question designed for?

This question is commonly asked for Software Engineer candidates at Apple during technical interviews.

Implement a robust REST API method | Apple Interview Question

Design and implement a REST API method to create a resource with idempotency

Context

You are building a create endpoint for a commerce-like service. To make the problem concrete, assume the resource is an Order and clients will call POST /v1/orders to create one. The API must be safe to retry and free from race conditions.

Requirements

Endpoint and semantics
- Define the REST endpoint for creating an order.
- Specify required headers.
Request schema
- Define the JSON request schema and a sample request.
- State validation and sanitization rules.
Response schema
- Define success responses and a sample response.
- Include relevant HTTP headers (e.g., Location).
HTTP status codes
- Enumerate appropriate success and error codes and when to use each.
Idempotency
- Use an Idempotency-Key header.
- Define behavior for duplicate requests (same key + same body, and same key + different body).
Error handling and logging
- Define a consistent error response format.
- Describe structured logging, correlation IDs, and PII redaction.
Authentication and authorization
- Propose a scheme (e.g., OAuth2/JWT) and required scopes/roles.
Rate limiting
- Describe the strategy (algorithm, limits, headers) and how it interacts with idempotent retries.
Data model
- Outline database tables (orders, order_items, idempotency store) and key constraints/indexes.
Concurrency

Explain how you will prevent race conditions and handle concurrent requests using the same idempotency key.

Testing

Describe unit and integration tests, including concurrency and failure scenarios.

Make minimal, explicit assumptions as needed and keep the design pragmatic and production-oriented.

Requirements

Endpoint and semantics

Define the REST endpoint for creating an order.
Specify required headers.

Request schema

Define the JSON request schema and a sample request.
State validation and sanitization rules.

Response schema

Define success responses and a sample response.
Include relevant HTTP headers (e.g., Location).

HTTP status codes

Enumerate appropriate success and error codes and when to use each.

Idempotency

Use an Idempotency-Key header.
Define behavior for duplicate requests (same key + same body, and same key + different body).

Error handling and logging

Define a consistent error response format.
Describe structured logging, correlation IDs, and PII redaction.

Authentication and authorization

Propose a scheme (e.g., OAuth2/JWT) and required scopes/roles.

Rate limiting

Describe the strategy (algorithm, limits, headers) and how it interacts with idempotent retries.

Data model

Outline database tables (orders, order_items, idempotency store) and key constraints/indexes.

Concurrency

Explain how you will prevent race conditions and handle concurrent requests using the same idempotency key.

Testing

Describe unit and integration tests, including concurrency and failure scenarios.

Make minimal, explicit assumptions as needed and keep the design pragmatic and production-oriented.

Implement a robust REST API method

Quick Overview

Design and implement a REST API method to create a resource with idempotency

Context

Requirements

Solution

Comments (0)

Implement a robust REST API method

Quick Overview

Design and implement a REST API method to create a resource with idempotency

Context

Requirements

Solution

Comments (0)