For this week’s newsletter, we will cover:

• Designing a location-based service (YouTube Video)

• Understanding how a 2-factor authenticator works

• Making sense of SEO

• Platform Landscape of API

Designing a location-based service

In this video, we will answer questions like how to efficiently find the best restaurants nearby on Yelp or find k-nearest gas stations on Google Maps.

How does Google Authenticator (or other types of 2-factor authenticators) work?

Google authenticator is commonly used for logging into our accounts when 2-factor authentication is enabled. How does it guarantee security?
 
Google Authenticator is a software-based authenticator that implements a two-step verification service. The diagram below provides detail. 

There are two stages involved:

• Stage 1 - The user enables Google two-step verification 

• Stage 2 - The user uses the authenticator for logging in, etc.

Let’s look at these stages.
 
𝐒𝐭𝐚𝐠𝐞 1
Steps 1 and 2: Bob opens the web page to enable two-step verification. The front end requests a secret key. The authentication service generates the secret key for Bob and stores it in the database.
 
Step 3: The authentication service returns a URI to the frontend. The URI is composed of a key issuer, username, and secret key. The URI is displayed in the form of a QR code on the web page.
 
Step 4: Bob then uses Google Authenticator to scan the generated QR code. The secret key is stored in the authenticator.

𝐒𝐭𝐚𝐠𝐞 2
Steps 1 and 2: Bob wants to log into a website with Google two-step verification. For this, he needs the password. Every 30 seconds, Google Authenticator generates a 6-digit password using the TOTP (Time-based One Time Password) algorithm. Bob uses the password to enter the website.
 
Steps 3 and 4: The frontend sends the password Bob enters to the backend for authentication. The authentication service reads the secret key from the database and generates a 6-digit password using the same TOTP algorithm as the client.
 
Step 5: The authentication service compares the two passwords generated by the client and the server, and returns the comparison result to the frontend. Bob can proceed with the login process only if the two passwords match.
 
Is this authentication mechanism safe? 

Can the secret key be obtained by others? 
We need to make sure the secret key is transmitted using HTTPS. The authenticator client and the database store the secret key, and we need to make sure the secret keys are encrypted.

Can the 6-digit password be guessed by hackers?
No. The password has 6 digits, so the generated password has 1 million potential combinations. Plus, the password changes every 30 seconds. If hackers want to guess the password in 30 seconds, they need to enter 30,000 combinations per second.
 
Over to you: What are some of the other 2-factor authentication devices you used?

Making sense of Search Engine Optimization

You have just developed a new website. What does it take to be ranked at the top?

We need to understand how search engines rank websites and optimize our website to be search engine-friendly. This is called SEO (Search Engine Optimization).

A search engine works in 3 stages:

• The crawler reads the page content (HTML code) and follows the hyperlink to read more web pages.

• The preprocessor also works in 3 steps:

  •  It removes HTML tags and ‘Stop’ words, which are words like ‘a’ or ‘an’ or ‘the.’ It also removes other noise that is not relevant to the web page's content, for example, the disclaimer. 

  • Then the keywords form structured indices, called forward indices and inverted indices.

  • The preprocessor calculates the hyperlink relationships, for example, how many hyperlinks are on the web page and how many hyperlinks point to it.

•  When a user types in a search term, the search engine uses the indices and ranking algorithms to rank the web pages and presents the search results to the user. 

How do we make our website rank higher in search results? The diagram below shows some ways to do this.

•  Optimize website structure:

We need to make it easier for the crawler to crawl our website. Remove anything the crawler cannot read, including flash, frames, and dynamic URLs. Make the website hierarchy less deep, so the web pages are less distant from the main home page.

The URLs must be short and descriptive. Try to include keywords in the URLs, as well. It will also help to use HTTPS. But don’t use underscore in the URL because that will screw up the tokenization.

• Choose the keywords to optimize for: 

Keywords must be relevant to what the website is selling, and they must have business values. For example, a keyword is considered valuable if it’s a popular search, but has fewer search results.

• Optimize the web page

The crawler crawls the HTML contents. Therefore the title and description should be optimized to include keywords and be concise. The body of the web page should include relevant keywords. 

Another aspect is the user experience. In May 2020, Google published Core Web Vitals, officially listing user experience as an important factor of page ranking algorithms.

• External link

If our website is referenced by a highly-ranked website, it will increase our website’s ranking. So carefully building external links is important. Publishing high-quality content on your website which is useful to other users, is a good way to attract external links. 

Over to you: What are your top SEO recommendations?

The 2022 API Platform Landscape: Trends and Challenges by Postman

• Companies are moving towards API-first. 

• Multi-cloud and hybrid architectures. 

• APIs as products. 

• Explosion of API gateways and service meshes. 

• More protocols and more choices for developers. 

• Shifting left on security. 

Original article: https://lnkd.in/eumbi8DU

Over to you: what are some of the challenges you've faced when designing the API layer?

Other things we made:

Our bestselling book “System Design Interview - An Insider’s Guide” is available in paperback and digital format.

Paperback edition: https://geni.us/XxCd

Digital edition: https://bit.ly/3lg41jK

New System Design YouTube channel: https://bit.ly/ByteByteGoVideos