Code Room
System designHardsd-g239
Subject Authorization at scaleLevel Senior–Staff~45 minCommon in Security interviewsIndustries Technology

Question

Design edge authorization for a global CDN/API gateway where every incoming request (5M req/sec across 200 PoPs) must be authorized against customer-defined access rules (allow/deny by token claims, geo, IP reputation, path, method) before it hits the origin, with a p99 added latency budget under 1ms, and a guarantee that a customer's rule change is enforced everywhere within ~10 seconds. Walk through where authorization runs, how rules and the data they need reach 200 PoPs, and how you keep edge decisions both fast and consistent with the central config.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.