Code Room
System designHardsd-g463
Subject Token revocationLevel Senior–Staff~50 minCommon in Distributed systems interviewsIndustries Technology

Question

Design near-instant revocation for stateless access tokens at 4M requests/sec across 250 edge PoPs, where the hard requirement is that NO validation may make a synchronous network call to a central store on the request path. Tokens have a 10-minute TTL; a security event (account compromise, password reset, admin kill) must stop a specific token from being accepted within ~2 seconds everywhere. You can push data to the edge but each PoP holds tens of millions of live tokens. Discuss the revocation data structure pushed to the edge, how you bound its memory and false-positive behavior, the propagation channel, and how you avoid both letting a revoked token through and falsely rejecting a valid one.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.