Skip to main content
System Design Interview
CHAPTER 08 Beginner

API Design and Communication Protocols

Updated: May 18, 2026
5 min read

# CHAPTER 8

API Design and Communication Protocols

1. Chapter Introduction

In a System Design interview, drawing boxes on a whiteboard isn't enough. You must explicitly define how those boxes talk to each other. An Application Programming Interface (API) is the contract that allows the Client to communicate with the Server, and Microservices to communicate with one another. This chapter explores the reigning champion of APIs (REST), the modern alternatives (GraphQL, gRPC), and protocols for real-time communication (WebSockets).

2. REST (Representational State Transfer)

REST is the industry standard for building web APIs over HTTP. It treats data as "Resources" (e.g., Users, Posts, Orders) accessed via standard HTTP methods.

The 4 Core HTTP Methods (CRUD):

  • GET: Retrieve a resource. (Read)
  • POST: Create a new resource. (Create)
  • PUT / PATCH: Update an existing resource. (Update)
  • DELETE: Remove a resource. (Delete)

*URL Design Best Practices:* URLs should be nouns, not verbs. *Bad:* POST /createNewUser *Good:* POST /api/v1/users (The POST method itself implies "create"). *Hierarchical Good:* GET /api/v1/users/123/orders/45 (Get order #45 for user #123).

3. The Tradeoffs of REST

*Pros:* Universally understood, easy to cache via HTTP, stateless. *Cons: The Over-fetching / Under-fetching Problem.* If a mobile app needs a user's Name and their last 3 Posts, a REST API might force the app to hit /users/123 (downloading the entire user profile payload, which is over-fetching) and then hit /users/123/posts (requiring a second network request, which is under-fetching).

4. GraphQL (The Solution to Over-fetching)

Developed by Facebook, GraphQL is a query language for APIs. Instead of having 50 different REST endpoints, a GraphQL server exposes a single endpoint (usually POST /graphql). The Client sends a query explicitly asking for *exactly* what it wants, and the server returns a JSON payload mirroring that exact structure.

*Client Query:*

graphql
123456 
query {
  user(id: 123) {
    name
    posts(last: 3) { title }
  }
}

*Pros:* Perfect for mobile apps on slow networks (one request, exact data). *Cons:* Extremely difficult to cache via standard HTTP, complex backend implementation, risk of clients writing overly complex queries that crash the database.

5. gRPC (The King of Internal Communication)

Developed by Google, gRPC is an open-source Remote Procedure Call framework. While REST and GraphQL use JSON (which is human-readable but bloated and slow to parse), gRPC uses Protocol Buffers (Protobuf)—a heavily compressed binary format.

*Where to use it:* You rarely expose gRPC to external web browsers. You use gRPC for Server-to-Server internal communication within a Microservices architecture. It is roughly 7x-10x faster than REST.

6. WebSockets (Real-Time Communication)

HTTP is unidirectional (Client asks, Server responds). The server cannot push data to the client unprompted. What if you are building a chat application or a live stock ticker? You cannot use standard HTTP requests (polling the server every 1 second is highly inefficient).

WebSockets create a persistent, bi-directional, full-duplex connection over a single TCP socket. The connection stays open indefinitely, allowing the Server to push a message to the Client the millisecond it happens. *Interview Use Cases:* WhatsApp, Multiplayer Gaming, Live Dashboards, Collaborative Editing (Google Docs).

7. API Gateways

When you transition to microservices, you might have 50 different internal APIs. You do not want the mobile app to manage 50 different IP addresses. An API Gateway (e.g., AWS API Gateway, Kong) sits between the Client and the internal microservices. *Functions:*
  • Routing: Directs /users to the User Service and /billing to the Billing Service.
  • Authentication: Validates the JWT token before letting the request into the internal network.
  • Rate Limiting: Prevents a single IP from spamming the API (DDoS protection).

8. Real-World Scenario: Designing a Chat App API

*Interview Prompt:* Design the API for WhatsApp. *Candidate Error:* "I will use REST. The client will do a GET /messages every 5 seconds to see if there are new messages." (This is "Long Polling" and wastes massive battery/bandwidth). *The Fix:* "I will use WebSockets for the core chat functionality to allow instant bi-directional message pushing. However, for uploading a profile picture, I will use a standard REST POST request, as it is a heavy, one-time payload."

9. Mini Project: Whiteboard an API Spec

Write the REST API specification for a simple "To-Do List" application. Define the Method, URL, and Status Code for:
  1. 1. Fetching all to-dos.
  1. 2. Creating a new to-do.
  1. 3. Updating a to-do to "completed."
  1. 4. Deleting a to-do.

10. Common Mistakes

  • Mixing Nouns and Verbs in REST: Writing endpoints like GET /deleteUser.
  • Ignoring Pagination: Returning an array of 10,000 users in a single GET request will crash the client. Always design APIs with pagination (e.g., GET /users?limit=50&offset=100).

11. Best Practices

  • Versioning: Always include a version number in your API URLs (e.g., /api/v1/users). If you make a breaking change later, you can release /api/v2/users without breaking old mobile apps that haven't updated yet.

12. Exercises

  1. 1. If you are building a Microservice architecture and need the Billing Service to communicate with the User Service at maximum speed, which protocol should you use? (REST, GraphQL, or gRPC?)
  1. 2. Why is GraphQL difficult to cache at the CDN/Load Balancer level compared to REST?

13. MCQs

Question 1

In REST API design, what HTTP method is conventionally used to update an existing resource?

Question 2

What is a core best practice when designing URLs for a REST API?

Question 3

What is the "Over-fetching" problem in standard REST APIs?

Question 4

How does GraphQL solve the Over-fetching and Under-fetching problems?

Question 5

What is the primary use case for gRPC in system design?

Question 6

If you need to build a real-time stock ticker or a chat application, which communication protocol is mandatory?

Question 7

What is the purpose of an API Gateway in a microservices architecture?

Question 8

Why MUST you include pagination (e.g., ?limit=50) in your API design for endpoints that return lists?

Question 9

Why is API Versioning (e.g., /v1/users) a critical best practice?

Question 10

Why is standard HTTP caching (like browser caching or CDN caching) difficult with GraphQL?

14. Interview Questions

  • Q: "Design the REST API for a ride-sharing app (like Uber). What endpoints do you need for a user to request a ride and cancel a ride?"

15. FAQs

  • Q: Do I need to know gRPC implementation details for an interview?
A: For junior/mid roles, no. Simply knowing that it exists, uses Protobufs, and is faster than REST for internal microservice communication is enough to score senior points.

16. Summary

APIs dictate how components interact. REST remains the king of public web APIs, utilizing HTTP methods and hierarchical URLs. GraphQL empowers frontend clients to request exact data shapes, solving over-fetching. gRPC provides massive speed upgrades for internal microservice communication. WebSockets unlock real-time, bi-directional push capabilities. Finally, an API Gateway secures and routes all this traffic.

17. Next Chapter Recommendation

We've mentioned Microservices several times. It is time to break apart the monolith. In Chapter 9: Microservices Architecture, we will explore why companies transition to distributed services, the pain points of service discovery, and the orchestration of complex deployments.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Caching Strategies and CDN
Next Chapter Microservices Architecture

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 4

🗺️ Related Roadmaps 1