Interview Prep · Lesson 03

How you're scored

Every API / system-design round is graded against an invisible rubric. This lesson makes it visible — dimension by dimension, level by level — so you can walk in knowing exactly what earns points and what loses them.

⏱ 14 min Difficulty: advanced Prereq: prep-01, prep-02

By the end you'll be able to

Name the seven scoring dimensions interviewers track in API design rounds.
Map your own answers to junior, mid, or senior signal for each dimension.
Self-assess a practice answer using the exercise at the bottom.

Why knowing the rubric matters

A design round is not a test of omniscience. The interviewer is watching how you think, not whether you recall a specific algorithm. That "thinking" is structured — there is a checklist behind the curtain. Candidates who know what's on the checklist can deliberately demonstrate each item; those who don't often ace one dimension and forget three others entirely.

Think of it like a driving test. The examiner doesn't expect perfection on every manoeuvre, but they are filling in boxes: mirror-check, shoulder-check, speed. Miss a box too many times and a perfect parallel park doesn't save you. The same applies here.

Seven dimensions interviewers silently evaluate. Strong candidates touch all seven; exceptional ones go deep in at least three.

The seven dimensions

1. Requirements gathering

Before touching a single endpoint, you should be interviewing the interviewer. The prompt "design a URL shortener" is deliberately underspecified — it could be a personal toy script or the next bit.ly handling 50 billion clicks a day. The right move is to surface and record functional requirements ("what does the shortener need to do?") and non-functional requirements ("how many redirects per second? link expiry? analytics?") before committing to any design. Interviewers watch whether you ask or assume.

2. Correctness of the API model

Once requirements are agreed, does your API actually satisfy them? This covers resource naming, method semantics (POST to create, PUT/PATCH to update, DELETE to remove), correct status codes, and whether the request/response shapes contain everything a real client would need. A common failure: designing endpoints that work for the happy path but have no way to signal partial failure, or returning a 200 when the work was only queued.

3. Non-functional and scale

Real APIs must survive load, latency targets, and data volume. Interviewers expect you to name the constraints ("10 k writes/s, p99 latency < 100 ms, 5-year data retention") and then show how your design satisfies them. This is where you mention read replicas, eventual consistency, async processing, or a CDN — but only when the scale warrants them. Adding complexity nobody asked for is just as bad as ignoring scale entirely.

4. Trade-off reasoning

No design choice is free. Normalising data improves consistency but increases join cost. Caching improves latency but adds staleness risk. Pagination reduces payload size but complicates client state. Senior candidates don't just pick an option — they name the cost of each choice, explain why they're accepting it, and acknowledge what they'd revisit if requirements changed.

5. Communication and narration

An interview is a collaborative conversation, not a whiteboard monologue. You need to: state your current intent before drawing, verify assumptions out loud, signal when you're simplifying ("I'll stub auth for now and come back"), and keep the interviewer oriented. Silence + a flurry of boxes is the single most common red flag. Narrating also helps you — talking through a decision often surfaces gaps before the interviewer points them out.

6. Cross-cutting concerns

These are the themes that cut across every modern API. Interviewers check whether you address them without being prompted:

Authentication & authorisation — who can call it, scoped to which resources?
Rate limiting — per key, per IP, or per tenant? what happens at the limit?
Idempotency — can clients retry safely? do you need idempotency keys?
Pagination — cursor vs. offset, what's the max page size, stable sort?
Versioning — URL path, header, or content negotiation?
Caching — which responses are cacheable, for how long, and by whom?

You don't have to design every one in depth, but you should name which apply and show awareness of the rest.

7. Depth under follow-ups

After the open-ended design phase, interviewers probe with targeted questions: "What happens if the database goes down mid-write?", "How would you evolve this API to support multi-tenancy?", "What breaks at 100× current load?" These questions separate candidates who have a shallow first-draft from those who understand the second and third-order effects of their choices. Good preparation means asking yourself "but what if …" for every assumption in your design.

Junior · mid · senior signal table

The same dimension can be answered at three different quality levels. Here's what each looks like in practice:

Dimension	Junior signal	Mid signal	Senior signal
Requirements gathering	Dives straight in; assumes everything.	Asks 1–2 clarifying questions, mostly functional.	Asks functional and NFR questions; records them; revisits as design evolves.
API correctness	Methods and status codes are wrong or vague; no error shapes.	Methods correct; major status codes covered; happy-path responses are complete.	Full CRUD shapes, edge-case statuses (202, 409, 422), versioned contract, error envelope consistent.
Non-functional / scale	Not mentioned, or hand-wavy ("just add a cache").	Names specific load numbers; picks one scaling strategy with brief justification.	Quantifies load, latency, and storage; evaluates ≥2 strategies; states assumptions that would change the answer.
Trade-off reasoning	Picks an option without naming alternatives.	Mentions one alternative; picks the better one with a reason.	Names ≥2 alternatives with explicit costs; picks one; explains what would flip the choice.
Communication	Long silent stretches; interviewer has to prompt repeatedly.	Narrates most steps; occasionally goes quiet under pressure.	Thinks aloud throughout; signals scope changes; invites pushback; re-orients interviewer when pivoting.
Cross-cutting concerns	Auth added only if asked; others ignored.	Addresses auth and rate limiting unprompted; mentions pagination.	Addresses all six proactively, sized to the problem (e.g., idempotency only where relevant); correct tradeoff for each.
Depth under follow-ups	Falls back on "I'd have to look that up."	Has a plausible answer; may need one hint.	Has already anticipated the question; walks through failure modes and recovery paths with confidence.

🎯 Interview angle

Most interviewers fill in a rubric during the interview, not after. That means every minute you talk is a chance to fill in a box. Make it easy: when you transition between dimensions, say so out loud — "I've got the core endpoints, let me now talk about rate limiting and auth." That sentence alone signals senior-level meta-awareness about the structure of a design round.

⚠️ Common trap

Going so deep on one dimension (typically scale) that you never address the others. A gorgeous sharding strategy with no auth model, no pagination design, and no error shapes is a mid-level answer at best. Breadth across all seven dimensions plus selective depth is the senior pattern, not depth on one.

✅ Do this, not that

Do say "I'm going to stub auth as Bearer token for now — I'll come back to scope and RBAC after the core API shape is settled." Don't silently skip auth and hope it goes unnoticed. Explicitly deferring shows awareness; omitting it suggests ignorance.

A worked example: scoring a payment API answer

Suppose the prompt is "Design the API for charging a customer." Here's a rough candidate answer and how it maps to the rubric:

POST /v1/charges
Body: { "amount": 2999, "currency": "usd", "payment_method": "pm_abc",
         "idempotency_key": "order_7c3a" }
← 201 { "id": "ch_01", "status": "pending" }

GET /v1/charges/ch_01
← 200 { "id": "ch_01", "status": "succeeded", "amount": 2999 }

POST /v1/charges/ch_01/refunds
← 201 { "id": "re_02", "status": "pending" }

Scoring that answer:

Requirements: n/a here (assumed), but a real candidate should have asked: online vs in-store? multi-currency? recurring? partial refunds?
Correctness: Strong — correct methods, 201 for creation, resource-oriented.
Cross-cutting: Idempotency key included (good). Auth not shown (flag). Rate limiting not mentioned.
Trade-offs: Two-step async pattern (pending → succeeded) was chosen — needed narration of why (card networks are slow).

✍️ Self-assessment: score your own answer

Pick any of the mock prompts from Lesson 04. Set a 20-minute timer. Give your answer out loud or written, then score it against the seven dimensions using this grid:

Dimension	Did I cover it? (yes / partial / no)	What level? (junior / mid / senior)
Requirements gathering
API correctness
Non-functional / scale
Trade-off reasoning
Communication
Cross-cutting concerns
Depth under follow-ups

Rubric: If every row is "senior", you're ready to ship. If any row is "no", that's your first practice target. Aim for "mid or above" on all seven before your interview — senior on at least three. The dimensions most often missed first: cross-cutting concerns and depth under follow-ups.

🧠 Quick check

1. An interviewer asks a follow-up: "What happens if the network drops after you've charged the card but before you return a 201?" A junior candidate says "I'd retry." What's the senior response?

The senior answer identifies the exact mechanism (idempotency key) that prevents a double-charge on retry, showing depth under follow-ups about cross-cutting concerns.

2. Which communication pattern is a senior-level signal in a design round?

Narrating continuously keeps the interviewer oriented, demonstrates meta-awareness, and surfaces gaps early. Silent monologue is the most common mid-level failure mode for otherwise strong engineers.

3. A candidate spends 35 of 45 minutes on a perfect horizontal sharding strategy but never mentions auth, rate limiting, pagination, or versioning. This is most likely scored as:

Depth on one dimension at the expense of all others is a classic mid-level pattern. The senior signal is breadth across all seven plus selective depth — not all-in on one.

Key takeaways

Seven dimensions are evaluated in every design round: requirements, correctness, NFR/scale, trade-offs, communication, cross-cutting concerns, depth under follow-ups.
Breadth beats depth: cover all seven at mid-level before going deep on any one.
Cross-cutting concerns (auth, rate limiting, idempotency, pagination, versioning, caching) are the most commonly missed cluster.
Narrating explicitly when you change dimension ("now let me cover rate limiting") is itself a senior-level signal.
Self-assessing with the rubric table after every practice answer accelerates improvement faster than just doing more prompts.

Sources & further reading

donnemartin — System Design Primer (widely used rubric reference)
Stripe API reference — a real-world benchmark for idempotency, error envelopes, and versioning done well
Google Cloud API Design Guide — resource-oriented design best practices
Google SRE Book — SLOs — how to frame NFR conversations