File Upload Service

Interview-Ready Approach

1) Clarify Scope and SLOs

• •Problem statement: Design a file upload and sharing service that handles uploads up to 100 MB with download links.
• •Design for a peak load target around 100 RPS (including burst headroom).
• •Uploads/day: ~10,000
• •Downloads/day: ~50,000
• •Max file size: 100 MB (free) / 2 GB (paid)
• •Download latency: Start within 1 second
• •Storage (active files): ~5 TB

2) Capacity Planning Method

• •Convert traffic and growth constraints into request rate, storage growth, and concurrency budgets.
• •Keep at least 2-3x safety margin per tier (ingress, compute, storage, async workers).
• •Reserve explicit latency budgets per hop so p95 can be defended in review.

3) Architecture Decisions

• •Storage: Use object storage for large blobs and keep metadata/authorization separate in the API tier.
• •API Design: Standardize API boundaries, idempotency keys, pagination, and error contracts first.
• •CDN: Serve static and cacheable content from edge and keep origin strictly for misses and dynamic requests.

4) Reliability and Failure Strategy

• •Enforce lifecycle policies, retention tiers, and checksum validation.
• •Apply strict input validation and backward-compatible versioning.
• •Define cache keys and purge workflows before launch to avoid stale/global outages.

5) Validation Plan

• •Run one peak-load test, one dependency-degradation test, and one failover test.
• •Verify idempotency for all retried writes and async consumers.
• •Track user-facing SLOs first: p95 latency, error rate, and successful throughput.

6) Trade-offs to Call Out in Interviews

• •Storage: Object storage is cheap and durable, but random low-latency reads are weaker than databases/caches.
• •API Design: Rich APIs improve developer speed but can create long-term compatibility burden.
• •CDN: Long TTL improves latency/cost; short TTL improves freshness.

Practical Notes

• •Use pre-signed URLs: the API generates an S3 pre-signed upload URL → client uploads directly to S3 → no file passes through your server.
• •Pre-signed download URLs with expiration prevent hotlinking and unauthorized access.
• •A background job deletes expired files from the object store daily.

Why This Solution Works

Request path: The solution keeps ingress, service logic, and stateful dependencies separated so each layer can scale independently.

Reference flow: Web Clients -> DNS -> CDN Edge -> API Gateway -> API Service -> Primary SQL DB -> Object Storage

Design strengths

• •The architecture keeps synchronous paths short and isolates stateful dependencies behind clear boundaries.

Interview defense

• •This design makes bottlenecks explicit (ingress, core compute, persistence, async workers).
• •It supports progressive scaling without re-architecting the core request path.
• •It keeps correctness-sensitive state changes in durable systems while offloading background work asynchronously.