Interview: Web & Backend
Backend interview questions — REST API design, Django/Flask/FastAPI, databases, authentication, and caching.
Backend Python roles focus on API design, databases, authentication, and deployment. These questions cover the essentials.
REST API Design
Q: What are REST principles?
- Resources identified by URLs (
/users/123) - HTTP methods define actions (GET read, POST create, PUT update, DELETE remove)
- Stateless — each request contains all needed information
- Representations — JSON, XML
Q: Status codes you should know
| Code | Meaning | When |
|---|---|---|
| 200 | OK | Successful GET/PUT |
| 201 | Created | Successful POST |
| 204 | No Content | Successful DELETE |
| 400 | Bad Request | Invalid input |
| 401 | Unauthorized | Missing/invalid auth |
| 403 | Forbidden | Valid auth, no permission |
| 404 | Not Found | Resource doesn’t exist |
| 429 | Too Many Requests | Rate limited |
| 500 | Internal Error | Server bug |
Q: PUT vs PATCH?
PUT replaces the entire resource. PATCH applies partial updates to specific fields.
Django Questions
Q: What is the MVT pattern?
Model (data) → View (logic) → Template (presentation). Django’s “View” is the controller in MVC.
Q: What is an ORM? Why use it?
Object-Relational Mapping translates Python objects to SQL. Benefits: database-agnostic code, prevents SQL injection, migrations.
Q: What are migrations?
Version-controlled database schema changes. makemigrations generates them; migrate applies them.
Q: N+1 query problem?
# BAD — 1 query for posts + N queries for authors
posts = Post.objects.all()
for post in posts:
print(post.author.name)
# GOOD — 2 queries total
posts = Post.objects.select_related("author").all()
Q: select_related vs prefetch_related?
select_related— SQL JOIN for ForeignKey/OneToOne (single query)prefetch_related— separate query for ManyToMany/reverse FK (two queries)
Flask vs Django vs FastAPI
| Flask | Django | FastAPI | |
|---|---|---|---|
| Style | Micro-framework | Batteries-included | Async API-first |
| ORM | External (SQLAlchemy) | Built-in | External |
| Admin | External | Built-in | None |
| Async | Via extensions | Django 4.1+ | Native |
| Best for | Microservices | Full web apps | High-perf APIs |
| Docs | Manual | Manual | Auto-generated |
Authentication
Q: Session vs JWT authentication?
| Sessions | JWT | |
|---|---|---|
| Storage | Server-side (DB/Redis) | Client-side (token) |
| Revocation | Easy (delete session) | Hard (need blocklist) |
| Scalability | Requires shared store | Stateless — scales easily |
| Use case | Traditional web apps | SPAs, mobile, microservices |
Q: How does JWT work?
- User logs in with credentials
- Server signs a token (header.payload.signature) with secret key
- Client sends token in
Authorization: Bearer <token>header - Server verifies signature and extracts claims
Q: How do you hash passwords?
Never store plaintext. Use bcrypt or argon2:
from passlib.hash import bcrypt
hashed = bcrypt.hash("password")
bcrypt.verify("password", hashed) # True
Database Questions
Q: SQL vs NoSQL — when to use each?
- SQL (PostgreSQL): Structured data, relationships, transactions, complex queries
- NoSQL (MongoDB, DynamoDB): Flexible schema, horizontal scaling, high write throughput
Q: What is an index?
A data structure that speeds up queries on specific columns. Trade-off: faster reads, slower writes, more storage.
Q: What is a database transaction?
A group of operations that succeed or fail together (ACID). Use transactions when modifying multiple related records.
Q: Connection pooling?
Reuse database connections instead of opening new ones per request. SQLAlchemy and Django handle this automatically.
Caching
Q: Where to cache in a web app?
- Browser cache — static assets (CSS, JS, images)
- CDN — geographically distributed static content
- Application cache (Redis) — API responses, session data, computed results
- Database query cache — ORM-level caching
Q: Cache invalidation strategies?
- TTL (Time To Live) — expire after N seconds
- Write-through — update cache when DB updates
- Cache-aside — app manages cache explicitly
Deployment
Q: Why not use Flask/Django dev server in production?
Single-threaded, not secure, no performance optimization. Use Gunicorn/uWSGI behind Nginx.
Q: What is Docker and why use it?
Containers package app + dependencies into a portable unit. Ensures consistency between dev, staging, and production.