core concepts Flashcards
(19 cards)
type of API or System Interface
RESTful API, GraphQL API, Wire Protocol
Type of Scaling
Horizontal scaling, vertical scaling
Horizontal scaling
adding more machines to a system to increase its capacity
vertical scaling
process of adding more resources to a single machine to increase its capacity
CAP Theorem
Consistency, Availability, and Partition tolerance
consistency
all nodes in your system will see the same data at the same time. When a write occurs, all subsequent reads will return that value, regardless of which node they hit. However, during a network partition, some nodes may become unavailable to maintain this consistency guarantee.
availability
every request will receive a response, even during network partitions. The tradeoff is that different nodes may temporarily have different versions of the data, leading to inconsistency. The system will eventually reconcile these differences, but there’s no guarantee about when this will happen.
Lock
Shared resources which can only be accessed by one client at a time.
Lock requirement
lock as little as possible to ensure that we’re not blocking other clients from accessing the system.
locks to be held for as short a time as possible. This means that we want to lock only for the duration of the critical section.
Indexing
process of creating a data structure that makes reads faster.
Way of indexing
keeping our data in a hash map by a specific key
keep our data in a sorted list
type of Communication Protocols
HTTP(S), SSE/long polling, websockets
when to use HTTP
simple request and responses
long polling
the client makes a request to the server and the server holds the request open until it has new data to send to the client. Once the data is sent, the client makes another request and the process repeats. Notably, you can use standard load balancers and firewalls with long polling - no special infrastructure needed.
Websockets
realtime, bidirectional communication
SSE
allows the server to push updates to the client whenever new data is available, without the client having to make repeated requests as in long polling
type of security
Authentication / Authorization, Encryption, Data Protection, Monitoring,
how to implement Authentication / Authorization
API Gateway or a dedicated service like Auth0, My API Gateway will handle authentication and authorization
Encryption
cover both the data in transit (e.g. via protocol encryption) and the data at rest (e.g. via storage encryption). HTTPS is the SSL/TLS protocol that encrypts data in transit and is the standard for web traffic. If you’re using gRPC it supports SSL/TLS out of the box. For data at rest, you’ll want to use a database that supports encryption or encrypt the data yourself before storing it.
