Review getEvents endpoint for performance, scalability, security

Q: Review getEvents endpoint for performance, scalability, security

This question evaluates backend system-design and API engineering skills, focusing on performance analysis, scalability considerations, and application security through a code-review lens for a REST GET /events endpoint (System Design domain).

Q: How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

Q: What difficulty level is this interview question?

This is a hard difficulty System Design question, commonly asked during Technical Screen rounds at StubHub.

Q: What role is this question designed for?

This question is commonly asked for Software Engineer candidates at StubHub during technical interviews.

Question

Code Review Task: HTTP GET /events Handler

Context

Assume a typical REST endpoint GET /events that lists events for a consumer application. The handler supports query parameters like:

q (text search), from/to (date range), venueId, performerId, category, sort, page, pageSize, include (e.g., venue, performers, tickets)
It fetches data from a relational DB via an ORM, may optionally call one or two downstream services (e.g., pricing, recommendations), and returns JSON.

You are given a code snippet that implements this handler (getEvents). Your goal is to perform a thorough code review and propose concrete improvements.

Tasks

Performance
- Identify issues such as N+1 queries, missing pagination/limits, inefficient sorting/filtering, missing indexes, excessive serialization, uncompressed/unpaginated payloads, and missing caching or ETags.
- Propose specific fixes.
Scalability
- Evaluate statelessness, concurrency handling, connection pooling, batching, backpressure, timeouts/retries with jitter, circuit breakers, rate limiting, and dependency fan-out.
- Propose specific fixes.
Security
- Verify authentication and fine-grained authorization, input validation and injection prevention, output encoding, sensitive data exposure (PII), TLS requirements, CSRF/IDOR risks, logging redaction, and resource quotas to prevent abuse.
- Propose specific fixes.

Additionally, define monitoring/alerting metrics and SLOs, and outline targeted tests (unit, integration, load, and security) to validate your recommendations. Explain trade-offs for each change.

Review getEvents endpoint for performance, scalability, security

Quick Overview

Code Review Task: HTTP GET /events Handler

Context

Tasks

Solution

Comments (0)