Design a URL Shortening Service

1) Functional Requirements Core (MVP) - Create short URL - Input: long_url, optional custom_alias, optional expiration, optional user_id/api_key - Output: short_url, key, created_at, expiry_at - Redirect - GET /{key} -> 301/302 to long_url - Honor expiration/disabled state - Basic analytics - Count redirects per key (total + time buckets) - Optional: referrer, country/region (coarse), user-agent family, device type - Link management - Retrieve metadata (long_url, created_at, expiry_at, status) - Disable/delete (soft delete) Nice-to-have - Custom domains per customer - Bulk shortening API - QR code generation - Anti-malware / safe browsing checks - A/B routing, UTM templates Non-functional - Very low redirect latency (p95 < ~20–50ms from edge/cache) - High availability (multi-AZ/region) - Strong consistency not required for analytics, but required for key->URL mapping 2) High-Level Architecture Traffic flow - DNS -> CDN/Edge (optional but recommended) - Global load balancer (GSLB) -> Regional L7 load balancer - API Gateway - Auth (API keys/OAuth), throttling, request validation - Application services (stateless) - Shorten Service (writes) - Redirect Service (reads, extremely hot path) - Analytics Ingest Service (async) Data layer - Primary Key-Value store for mapping key -> destination record - Cache layer (Redis/Memcached) for hot key lookups - Analytics pipeline - Redirect Service emits event to a log/queue (Kafka/PubSub/Kinesis) - Stream processor aggregates into OLAP store (ClickHouse/BigQuery/Druid) and/or time-series (Cassandra/Scylla) - Periodic rollups for dashboards Supporting services - Key generation service (if using pre-generated IDs) - Abuse detection service (URL reputation, user behavior) - Observability: metrics, tracing, logs Interaction - Create: - Client -> API Gateway -> Shorten Service - Validate URL, check abuse, optional custom alias uniqueness - Obtain unique key (encoding strategy below) - Write mapping to DB - Invalidate/prime cache - Redirect: - Client -> CDN/Edge -> Redirect Service - Lookup key in cache; on miss, query DB - If found and not expired/disabled: respond 301/302 - Emit async analytics event 3) URL Encoding Strategy Goals: uniqueness, short length, high throughput, no central bottleneck. Recommended: numeric ID + Base62 - Use a monotonically increasing 64-bit ID (or time-ordered ID) and encode in Base62 (0-9a-zA-Z). - For 100M new URLs/month (~3.86k writes/sec average; higher peak), ID generation must support > tens of thousands/sec. Options: A) Database sequence (simple) - Pros: easy, strongly unique - Cons: can be bottleneck and hard across shards; requires coordination B) Distributed ID (Snowflake-like) (recommended) - 64-bit: timestamp + region/node + sequence - Pros: scalable, no single writer - Cons: slightly longer keys if you encode full 64-bit; still compact in Base62 (up to 11 chars) C) Pre-generated key pool - Background job generates random Base62 strings, stores unused pool; app reserves keys. - Pros: decouples from ordering, can keep keys short - Cons: pool management complexity Collision handling - For ID-based approach: no collisions by construction. - For custom aliases or random keys: enforce uniqueness with conditional put/unique constraint; on collision, retry with new key. Key length - Base62 length needed: 100M/month implies ~1.2B/year. Base62^7 ≈ 3.5T so 7 chars is plenty if using sequential IDs; Snowflake IDs may be 10–11 chars but acceptable. 4) Database Design Primary store requirements - Very high read QPS, key-based lookups, small records, low latency. - Strongly consistent writes for key uniqueness; reads can be eventually consistent if cache is correct, but prefer consistent read-after-write for new links. Recommended: DynamoDB / Cassandra / ScyllaDB (NoSQL KV) OR MySQL/Postgres with sharding. - NoSQL KV pros: horizontal scale, high throughput, predictable latency. - SQL pros: constraints, transactions, simpler for custom alias uniqueness and admin queries; but sharding/replicas become more complex at scale. Pragmatic choice - Mapping store: DynamoDB (or Cassandra/Scylla) as system of record. - Optional relational store for user/account/billing. Core schema (KV / wide-column) Table: url_mapping - key (partition key, string) - long_url (string) - created_at (timestamp) - expiry_at (timestamp, nullable) - status (active|disabled|deleted) - user_id (string/uuid, nullable) - custom_alias (bool) - domain (string, default) - last_accessed_at (timestamp, nullable) - redirect_code (int: 301/302) Indexes / access patterns - Primary: key -> record - By user (for management UI): secondary index - GSI: user_id as partition key, created_at as sort key (or reverse) - By long_url (optional dedupe): hash(long_url) index (only if you want “same long URL returns same key” behavior) Analytics storage (separate) - Raw events in object storage (S3/GCS) + streaming aggregate into OLAP. - Aggregated table example (ClickHouse): (key, day/hour, redirects, unique_ips_approx, country, referrer_domain, ua_family) SQL vs NoSQL trade-off summary - SQL: easier uniqueness for custom aliases, ad-hoc queries; harder to scale writes/reads without careful sharding. - NoSQL: best for primary lookup workload; must design access patterns upfront; uniqueness for custom aliases handled via conditional writes. 5) Scalability and Performance Traffic estimates - Writes: 100M/month ≈ 3.86k/s average, plan for 10x peak => ~40k/s. - Reads: 100:1 => 386k/s average redirects, plan 10x peak => ~4M/s peak globally. Storage - 100M/month * 12 = 1.2B mappings/year. - Record size (key ~10B, URL avg 200B, metadata): assume ~500B–1KB. - 1.2B * 1KB ≈ 1.2TB/year (plus replication and indexes). Caching - Redis/Memcached cluster per region. - Cache key: short key; value: long_url + status + expiry_at + redirect_code. - TTL strategy: - For non-expiring links: long TTL (e.g., 1–7 days) with refresh-on-access. - For expiring links: TTL aligned with expiry. - Negative caching for missing/disabled keys (short TTL) to reduce DB hits. - CDN/Edge caching for redirects where safe: - Cache 301 for public, non-expiring links; careful with per-user or dynamic redirects. Sharding/partitioning - NoSQL: partition by key; ensure uniform distribution. - If SQL: shard by key hash; maintain routing layer. Read replicas - If using SQL or a replicated KV store: add read replicas for management/read-heavy non-redirect queries. Hot keys - Extremely popular short URLs can overload cache nodes. - Use consistent hashing with sufficient virtual nodes. - Consider in-process LRU cache in redirect service. - Edge caching at CDN reduces origin load. Write path optimization - Batch analytics events; never block redirect on analytics. 6) Reliability and Availability Multi-AZ - Run API/Redirect services across multiple AZs behind load balancer. - Cache: Redis cluster with replication + automatic failover (or managed Redis). - DB: multi-AZ replication; quorum reads/writes as appropriate. Multi-region (recommended for global service) - Active-active redirects: replicate mapping DB cross-region (DynamoDB global tables / Cassandra multi-DC). - Writes can be routed to nearest region; resolve conflicts: - For ID-based keys, collisions are unlikely; custom aliases require global uniqueness—handle by routing custom alias creation to a “home region” per domain or using strongly consistent global coordination (rare path). Failover - Health checks + automated traffic shifting via GSLB. - Stateless services allow fast scaling and replacement. Backups and DR - Continuous backups/snapshots of mapping store. - Store raw analytics logs in durable object storage. Graceful degradation - If analytics pipeline is down, continue redirects and buffer events (queue retention) or sample. - If cache is down, redirect service falls back to DB (expect latency increase, but service remains functional). 7) Rate Limiting and Abuse Prevention Rate limiting - Per API key/user/IP limits for creation endpoints (token bucket/leaky bucket at API Gateway). - Separate, higher limits for redirects; protect from floods with CDN/WAF. Abuse controls - URL validation: allow-list schemes (http/https), max length, block internal IP ranges (SSRF-style) for preview/scanning components. - Malware/phishing detection: - Integrate with Safe Browsing/reputation feeds. - Asynchronous scanning; optionally “pending” state until scan passes for untrusted users. - Custom alias policies: reserved words, profanity filter, trademark policies. - Bot detection: device fingerprinting heuristics, CAPTCHA for suspicious creation traffic. - Redirect protection: - WAF rules, anomaly detection on redirect patterns. - Per-key redirect rate alerts; temporary throttling. Capacity/Throughput Planning Summary (rough) - Peak redirects: target a few million requests/sec globally. - CDN offload + regional caches should serve majority (aim >95% cache hit for hot set). - Origin DB reads should be minimized; design for <5% misses. - Writes: tens of thousands/sec at peak; distributed ID generation avoids central bottleneck. - Data growth: ~1.2B mappings/year; plan multi-TB storage with replication and indexing overhead. Implementation starting point (component list) - API Gateway + Auth - Shorten Service - Redirect Service (optimized, minimal dependencies) - Redis cache cluster per region - Mapping DB (DynamoDB/Cassandra/Scylla) - ID generator (Snowflake) library/service - Kafka/Kinesis + stream processors + OLAP store - Admin/management service + user DB - Monitoring/alerting + WAF/CDN

### 1. Functional Requirements * **Core Functionality**: * **URL Shortening**: Users can submit a long URL and receive a unique, shorter URL. * **URL Redirection**: Accessing a short URL will redirect the user to the original long URL with a 301 (permanent) redirect. * **Extended Features**: * **Custom URLs**: Users can choose a custom alias for their short URL (e.g., `short.co/my-event`). * **URL Expiration**: Users can set an expiration time/date for a short URL, after which it will no longer redirect. * **Analytics**: The service will track basic metrics for each link, such as total clicks, referrers, and geographic location of clicks. * **API Access**: A REST API will be available for developers to integrate the shortening service into their applications. * **User Accounts**: Registered users can manage their links, view analytics, and access higher API rate limits. ### 2. High-Level Architecture The system is designed to be highly available and scalable, with a clear separation of read and write paths. 1. **Load Balancer (LB)**: Distributes incoming traffic across multiple web servers to prevent any single server from being a bottleneck. It handles SSL termination. 2. **Web/API Servers**: A fleet of stateless servers running the application logic. They handle two primary requests: * `POST /api/v1/url` (Write path): Creates a new short URL. * `GET /{short_key}` (Read path): Redirects to the long URL. 3. **Key Generation Service (KGS)**: A dedicated microservice responsible for generating unique, short keys. It pre-generates keys and stores them in a queue to ensure low latency for the write path. 4. **Cache**: A distributed in-memory cache (e.g., Redis Cluster) sits between the application servers and the database. It stores mappings of `short_key` to `long_url` for frequently accessed links to serve redirects at very low latency. 5. **Database**: The primary data store for all URL mappings and user data. 6. **Analytics Pipeline**: Redirect events are published to a message queue (e.g., Kafka). A separate service consumes these events, aggregates data, and stores it in a data warehouse (e.g., ClickHouse or AWS Redshift) for analytics queries. **Interaction Flow (Redirect)**: `Client` -> `Load Balancer` -> `API Server` -> `Cache (Redis)`. If cache hit, return redirect. If cache miss, -> `Database` -> `API Server` -> `Client`. The mapping is then written to the cache for subsequent requests. ### 3. URL Encoding Strategy We will use a **Base62 encoding** strategy combined with a unique ID generator. * **Approach**: The Key Generation Service (KGS) will manage a global 64-bit counter (e.g., using a dedicated SQL database sequence, Zookeeper, or a custom service). * **Process**: 1. When an application server needs to create a link, it requests a unique ID from the KGS. 2. The KGS provides a unique number (e.g., `10001`). 3. The application server converts this number to a Base62 string (`[a-zA-Z0-9]`). For example, `10001` in Base62 is `2k1`. 4. To ensure a fixed length and avoid short, guessable keys, we can use a 7-character length. A 64-bit counter provides more than enough unique IDs (2^64), which can be mapped to a Base62 string. A 7-character Base62 string can represent 62^7 (~3.5 trillion) unique URLs, which is sufficient for our scale. * **Collision Handling**: This approach guarantees uniqueness, so collisions are impossible by design. This is superior to hashing the long URL, which can produce collisions and requires extra checks. ### 4. Database Design Given the massive read throughput and scalability requirements, a **NoSQL database** like Apache Cassandra or Amazon DynamoDB is the ideal choice. * **Why NoSQL?**: The primary access pattern is a simple key-value lookup (`short_key` -> `long_url`). NoSQL databases excel at horizontal scaling, high availability, and low-latency reads for this pattern, which is perfect for our 100:1 read-to-write ratio. * **SQL Trade-off**: A sharded SQL database (e.g., PostgreSQL with Citus) could work but would introduce more operational complexity for sharding and scaling at this level. **Core Table Schema (Cassandra/DynamoDB-like)**: * **Table Name**: `urls` * **Primary Key**: `short_key` (This will serve as the partition key, ensuring data is evenly distributed across the cluster). * **Columns**: * `short_key` (text, Partition Key) * `long_url` (text) * `user_id` (uuid) * `created_at` (timestamp) * `expires_at` (timestamp) - We can set a Time-To-Live (TTL) on the row based on this value for automatic cleanup. ### 5. Scalability and Performance * **Capacity Estimations**: * **Writes**: 100M URLs/month ≈ 40 writes/sec (avg). * **Reads**: 10B reads/month ≈ 3,850 reads/sec (avg). Peak traffic could be 10-20x this amount. * **Storage**: 100M URLs/month * 12 months * 5 years = 6B URLs. At ~500 bytes per entry, this is ~3 TB of data. * **Scaling the Read Path**: * **Caching**: This is the most critical component. We will use a multi-layered cache. * **CDN Cache**: Use a CDN (e.g., Cloudflare) to cache redirects at the edge. This can offload a significant percentage of traffic for popular links. * **Distributed Cache**: An in-memory cache like Redis will be used. Given 10B reads/month, many URLs will be 'hot'. Caching even 10-20% of the most active URLs can reduce database read load by over 80-90%. * **Database Sharding**: Our choice of NoSQL with `short_key` as the partition key handles this naturally. We can add more nodes to the database cluster to scale both storage and throughput horizontally. ### 6. Reliability and Availability * **Redundancy**: All components will be deployed across multiple Availability Zones (AZs). * **Load Balancers, API Servers**: Deployed in an auto-scaling group across at least two AZs. * **Cache (Redis)**: Deployed in a cluster configuration with replicas in different AZs. * **Database (Cassandra)**: The database will be configured with a replication factor of 3, with replicas stored in different AZs to ensure data durability and availability during an AZ failure. * **Failover**: Automated failover mechanisms will be in place. The load balancer will automatically route traffic away from unhealthy instances. Managed database services typically handle database failover automatically. * **Data Backup**: Regular snapshots of the database will be taken and stored in a separate region for disaster recovery. ### 7. Rate Limiting and Abuse Prevention * **Rate Limiting**: Implemented at the API Gateway or in the application logic using an in-memory store like Redis. * Limits will be based on IP address for anonymous users (e.g., 10 creations/minute) and on API key for registered users (with different tiers). * **Abuse Prevention**: * **Malicious URL Scanning**: Integrate with a service like the Google Safe Browsing API to check every submitted `long_url` against a blocklist of malicious sites. * **CAPTCHA**: For anonymous users exhibiting high-frequency submission patterns. * **Blacklisting**: Maintain an internal blacklist of domains and user accounts known for spamming.