ByteByteGo

I’ve been writing the system design newsletter for 12 months. Here are the 5 most popular ones: 👇 1. From 0 to Millions: A Guide to Scaling Your App 2. A Crash Course in Caching 3. API Architectural Styles 4. How does ChatGPT work? 5. 8 Data Structures That Power Your Databases Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3FEGliw .

The buyer pays in USD, and the European seller receives euros. How does this work? This process is called foreign exchange. Suppose Bob (the buyer) needs to pay 100 USD to Alice (the seller), and Alice can only receive EUR. The diagram below illustrates the process. 1. Bob sends 100 USD via a third-party payment provider. In our example, it is Paypal. The money is transferred from Bob’s bank account (Bank B) to Paypal’s account in Bank P1. 2. Paypal needs to convert USD to EUR. It leverages the foreign exchange provider (Bank E). Paypal sends 100 USD to its USD account in Bank E. 3. 100 USD is sold to Bank E’s funding pool. 4. Bank E’s funding pool provides 88 EUR in exchange for 100 USD. The money is put into Paypal’s EUR account in Bank E. 5. Paypal’s EUR account in Bank P2 receives 88 EUR. 6. 88 EUR is paid to Alice’s EUR account in Bank A. Now let’s take a close look at the foreign exchange (forex) market. It has 3 layers: 🔹 Retail market. Funding pools are parts of the retail market. To improve efficiency, Paypal usually buys a certain amount of foreign currencies in advance. 🔹 Wholesale market. The wholesale business is composed of investment banks, commercial banks, and foreign exchange providers. It usually handles accumulated orders from the retail market. 🔹 Top-level participants. They are multinational commercial banks that hold lots of money from different countries. When Bank E’s funding pool needs more EUR, it goes upward to the wholesale market to sell USD and buy EUR. When the wholesale market accumulates enough orders, it goes upward to top-level participants. Steps 3.1-3.3 and 4.1-4.3 explain how it works. If you have any questions, please leave a comment. What foreign currency did you find difficult to exchange? And what company have you used for foreign currency exchange? –  Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq    #systemdesign #coding #interviewtips  .

7 must-know strategies to scale your database.    1 - Indexing:  Check the query patterns of your application and create the right indexes.    2 - Materialized Views:  Pre-compute complex query results and store them for faster access.    3 - Denormalization:  Reduce complex joins to improve query performance.    4 - Vertical Scaling  Boost your database server by adding more CPU, RAM, or storage.    5 - Caching  Store frequently accessed data in a faster storage layer to reduce database load.    6 - Replication  Create replicas of your primary database on different servers for scaling the reads.    7 - Sharding  Split your database tables into smaller pieces and spread them across servers. Used for scaling the writes as well as the reads.    Over to you: What other strategies do you use for scaling your databases? –  Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq    #systemdesign #coding #interviewtips  .

Do you believe that Google, Meta, Uber, and Airbnb put almost all of their code in one repository?    This practice is called a monorepo.    Monorepo vs. Microrepo. Which is the best? Why do different companies choose different options?    Monorepo isn't new; Linux and Windows were both created using Monorepo. To improve scalability and build speed, Google developed its internal dedicated toolchain to scale it faster and strict coding quality standards to keep it consistent.    Amazon and Netflix are major ambassadors of the Microservice philosophy. This approach naturally separates the service code into separate repositories. It scales faster but can lead to governance pain points later on.    Within Monorepo, each service is a folder, and every folder has a BUILD config and OWNERS permission control. Every service member is responsible for their own folder.    On the other hand, in Microrepo, each service is responsible for its repository, with the build config and permissions typically set for the entire repository.    In Monorepo, dependencies are shared across the entire codebase regardless of your business, so when there's a version upgrade, every codebase upgrades their version.    In Microrepo, dependencies are controlled within each repository. Businesses choose when to upgrade their versions based on their own schedules.    Monorepo has a standard for check-ins. Google's code review process is famously known for setting a high bar, ensuring a coherent quality standard for Monorepo, regardless of the business.    Microrepo can either set their own standard or adopt a shared standard by incorporating best practices. It can scale faster for business, but the code quality might be a bit different.    Google engineers built Bazel, and Meta built Buck. There are other open-source tools available, including Nix, Lerna, and others.    Over the years, Microrepo has had more supported tools, including Maven and Gradle for Java, NPM for NodeJS, and CMake for C/C++, among others.    Over to you: Which option do you think is better? Which code repository strategy does your company use? –  Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq    #systemdesign #coding #interviewtips  .

What is a webhook? The diagram below shows a comparison between polling and webhook. Assume we run an eCommerce website. The clients send orders to the order service via the API gateway, which goes to the payment service for payment transactions. The payment service then talks to an external payment service provider (PSP) to complete the transactions. There are two ways to handle communications with the external PSP. 🔹 1. Short polling After sending the payment request to the PSP, the payment service keeps asking the PSP about the payment status. After several rounds, the PSP finally returns with the status. Short polling has two drawbacks: 1) Constant polling of the status requires resources from the payment service. 2) The External service communicates directly with the payment service, creating security vulnerabilities. 🔹 2. Webhook We can register a webhook with the external service. It means: call me back at a certain URL when you have updates on the request. When the PSP has completed the processing, it will invoke the HTTP request to update the payment status. In this way, the programming paradigm is changed, and the payment service doesn’t need to waste resources to poll the payment status anymore. What if the PSP never calls back? We can set up a housekeeping job to check payment status every hour. Webhooks are often referred to as reverse APIs or push APIs because the server sends HTTP requests to the client. We need to pay attention to 3 things when using a webhook: 1) We need to design a proper API for the external service to call. 2) We need to set up proper rules in the API gateway for security reasons. 3) We need to register the correct URL at the external service. –  Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq    #systemdesign #coding #interviewtips  .

Encoding vs Encryption vs Tokenization.  .  .  Encoding, encryption, and tokenization are three distinct processes that handle data in different ways for various purposes, including data transmission, security, and compliance. In system designs, we need to select the right approach for handling sensitive information.    🔹 Encoding  Encoding converts data into a different format using a scheme that can be easily reversed. Examples include Base64 encoding, which encodes binary data into ASCII characters, making it easier to transmit data over media that are designed to deal with textual data.    Encoding is not meant for securing data. The encoded data can be easily decoded using the same scheme without the need for a key.    🔹 Encryption  Encryption involves complex algorithms that use keys for transforming data. Encryption can be symmetric (using the same key for encryption and decryption) or asymmetric (using a public key for encryption and a private key for decryption).    Encryption is designed to protect data confidentiality by transforming readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and a secret key. Only those with the correct key can decrypt and access the original data.    🔹 Tokenization  Tokenization is the process of substituting sensitive data with non-sensitive placeholders called tokens. The mapping between the original data and the token is stored securely in a token vault. These tokens can be used in various systems and processes without exposing the original data, reducing the risk of data breaches. Tokenization is often used for protecting credit card information, personal identification numbers, and other sensitive data. Tokenization is highly secure, as the tokens do not contain any part of the original data and thus cannot be reverse-engineered to reveal the original data. It is particularly useful for compliance with regulations like PCI DSS. –  Subscribe to our weekly newsletter to download the high-resolution PDF: https://lnkd.in/etnGkPB7   #systemdesign #coding #interviewtips  .

Double charging a customer is VERY BAD. How do we avoid it? When we design the payment system, it is important to guarantee that the payment system executes a payment order exactly-once. At the first glance, exactly-once delivery seems very hard to tackle, but if we divide the problem into two parts, it is much easier to solve. Mathematically, an operation is executed exactly-once if: 1. It is executed at least once. 2. At the same time, it is executed at most once. We now explain how to implement at least once using retry and at most once using idempotency check. 𝐑𝐞𝐭𝐫𝐲 Occasionally, we need to retry a payment transaction due to network errors or timeout. Retry provides the at-least-once guarantee. For example, as shown in Figure 10, the client tries to make a $10 payment, but the payment keeps failing due to a poor network connection. Considering the network condition might get better, the client retries the request and this payment finally succeeds at the fourth attempt. 𝐈𝐝𝐞𝐦𝐩𝐨𝐭𝐞𝐧𝐜𝐲 From an API standpoint, idempotency means clients can make the same call repeatedly and produce the same result. For communication between clients (web and mobile applications) and servers, an idempotency key is usually a unique value that is generated by clients and expires after a certain period of time. A UUID is commonly used as an idempotency key and it is recommended by many tech companies such as Stripe and PayPal. To perform an idempotent payment request, an idempotency key is added to the HTTP header: <idempotency-key: key_value>. If you have any questions or I missed anything, please leave a comment. –  Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq    #systemdesign #coding #interviewtips  .

What is an API?  . . By Rapid_API on Twitter   A great illustration that explains:  🔹 What is it 🔹 How it works 🔹 Why is it so popular –  Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq    #systemdesign #coding #interviewtips  .

The Big Archive for System Design - new Edition (PDF) is available now. And it's completely FREE. The PDF contains 𝐚𝐥𝐥 𝐦𝐲 𝐭𝐞𝐜𝐡𝐧𝐢𝐜𝐚𝐥 𝐩𝐨𝐬𝐭𝐬 published in 2023. What’s included in the PDF? 🔹 Netflix's Tech Stack 🔹 Top 5 common ways to improve API performance 🔹 Linux boot Process Explained 🔹 CAP, BASE, SOLID, KISS, What do these acronyms mean? 🔹 Explaining JSON Web Token (JWT) to a 10 year old Kid 🔹 Explaining 8 Popular Network Protocols in 1 Diagram 🔹 Top 5 Software Architectural Patterns 🔹 OAuth 2.0 Flows 🔹 What does API gateway do? 🔹 Linux file system explained 🔹 18 Key Design Patterns Every Developer Should Know 🔹 Best ways to test system functionality 🔹 Top 6 Load Balancing Algorithms 🔹 Top 12 Tips for API Security 🔹 𝐀𝐧𝐝 100+ 𝐦𝐨𝐫𝐞 Like, follow and subscribe to our newsletter to receive the PDF download link: https://bit.ly/3KCnWXq #systemdesign #coding #interviewtips  .

What does API gateway do? . . The diagram below shows the detail. Step 1 - The client sends an HTTP request to the API gateway. Step 2 - The API gateway parses and validates the attributes in the HTTP request. Step 3 - The API gateway performs allow-list/deny-list checks. Step 4 - The API gateway talks to an identity provider for authentication and authorization. Step 5 - The rate limiting rules are applied to the request. If it is over the limit, the request is rejected. Steps 6 and 7 - Now that the request has passed basic checks, the API gateway finds the relevant service to route to by path matching. Step 8 - The API gateway transforms the request into the appropriate protocol and sends it to backend microservices. Steps 9-12: The API gateway can handle errors properly, and deals with faults if the error takes a longer time to recover (circuit break). It can also leverage ELK (Elastic-Logstash-Kibana) stack for logging and monitoring. We sometimes cache data in the API gateway. Over to you: 1) What’s the difference between a load balancer and an API gateway? 2) Do we need to use different API gateways for PC, mobile and browser separately? –  Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq    #systemdesign #coding #interviewtips  .