Code Room
System designMedium
Question
Design a token and API-key issuance and revocation system for a developer platform with 5M API keys in circulation. Keys carry scopes, expirations, and per-key rate-tier metadata; validation happens on every API call (600k validations/sec, p99 under 8ms). A leaked key must be revocable globally within seconds, and the system must let developers rotate keys with zero downtime. Cover how keys are stored and validated, the revocation mechanism, and the trade-off between fast validation and instant revocation.
What a strong answer looks like
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.