18 questions and 9 skills to help you find and hire the perfect Backend Developer
Backend Developer
A three-stage interview process for assessing junior, mid-career, or senior level backend developer candidates. This flow includes interviews for evaluating soft skills, technical skills, as well as architecture skills.
Interviews
Evaluated skills
- API Design
- Communication
- Engineering
- Programming
- SQL
- Engineering Management
- Incident Management
- Programming Concepts
- Software Architecture
Share
Backend (Technical)
A journey through the fundamentals of every backend developer's bread and butter: programming languages, RESTful APIs and SQL databases.
- What do the terms "immutable" and "mutable" mean and what are the strengths and weaknesses of the two concepts?Question #13 minutes
- Programming
Evaluation criteria
- Immutable data structures can not be changed, instead one has to create a copy to make a modification
- Immutability shines in concurrent environments and should be used as the general default paradigm
- Mutable data structures can be altered after initialization and changes are propagated to each reference of this value
- Mutability is useful for highly optimized algorithms, but should be treated as an implementation detail
- Mutable data structures are a common source of bugs and race conditions and should therefore only be used when necessary
- Why is 0.1 + 0.2 ≠ 0.3 in most programming environments? in which scenarios can this be a problem and how can it be avoided?Question #23 minutes
- Programming
Evaluation criteria
- Precision errors when doing decimal calculations due to computers working in Base 2 while decimal is Base 10
- Precision errors are not tolerable in a lot of domains (e.g. finance)
- It can be avoided by alternative number representations (e.g. the java.math.BigDecimal package)
- When the precision errors are tolerable in the domain, it may be okay to check for equality with an error margin
- What are the most common HTTP methods and what are they used for?Question #36 minutes
- API Design
Evaluation criteria
- GET: Retrieve information from the server, but do not apply any other effects on the data
- HEAD: Same as GET, but it only returns the status line and header section, not the body
- POST: Sends a request body payload to the server (e.g. form data, file upload, customer information, ...)
- PUT: Replace the entire target resource with the given request body payload
- DELETE: Remove the target resource
- Why might it be a bad idea to return a JSON array or a primitive value without a wrapper object in an API?Question #45 minutes
- API Design
Evaluation criteria
- Backwards compatibility is usually a top priority for REST APIs
- By returning a JSON array or primitive value it is impossible to evolve the API without breaking it
- This becomes easier when there is always a JSON object on the top level, because one can always add a field to it
- Why is it considered bad practice to expose auto-incrementing database IDs in an API? What can you do instead?Question #56 minutes
- API Design
Evaluation criteria
- Auto-incrementing IDs are easily guessable and can be iterated to find weaknesses in the API authorization
- When it comes to unauthorized endpoints, requesting data from auto-incrementing IDs is a critical security flaw
- The API should exclusively rely on additional identifiers like human-friendly alphanumeric references or UUIDs
- Alternatively, the database ID could be encrypted and decrypted to an alphanumeric reference
- Some APIs send and receive image data in a Base64 encoding as part of their JSON payloads. To what problems can this approach lead?Question #66 minutes
- API Design
Evaluation criteria
- Base64 encoding requires ~30% more space which increases loading times
- Encoded strings must be fully loaded into memory for processing, leading to high memory pressure on clients and serves
- The browser cannot use its caching mechanism, which it could if an image URL was used instead
- What are SQL injections and how can an API be protected against them?Question #75 minutes
- SQL
Evaluation criteria
- Malicious user input that is injected into SQL queries without santization
- Attackers can abuse them to fetch data they are not authorized to access or delete entries from the database
- "Prepared Statements" close the attack window by submitting the SQL query and the user input separately
- Additional database access libraries can sanitize queries, but usually also rely on "Prepared Statements"
- ORM (Object-Relational Mapping) libraries are a popular solution for communication with SQL databases. What are their advantages and disadvantages?Question #87 minutes
- Programming Concepts
Evaluation criteria
- Data models are defined in one place, and it's easier to update, maintain, and reuse code
- Common use cases are modeled very well, which gets you up and running rather quickly
- It adds an additional abstraction layer between the application and the database and allows to swap database systems
- The additional layer adds complexity, forcing developers to understand the library, its shortcomings and limitations
- Complex use cases are often much more difficult to implement and lead to poorly performing SQL queries
- What are the alternatives to ORM (Object-Relational Mapping) libraries for interacting with an SQL database? Which solution do you prefer?Question #96 minutes
- SQL
Evaluation criteria
- Writing raw SQL queries allows to leverage features specific to the underlying database systems
- Raw SQL queries make the communication with the database transparent and it's easy to fine tune and optimize them
- DSLs (domain specific languages) are a solution between ORMs and raw SQL where queries are composed by code
- DSLs allow for better composition and reusability, but also add complexity and hide the actual SQL queries
Backend (Soft Skills)
A backend developer soft skill interview, focused on assessing the candidates teamwork and process related skills.
- What excites or interests you about coding? What technologies do you find interesting?Question #15 minutes
- Engineering
Evaluation criteria
- Clear preferences and aversions reflect experience
- Tell us about your preferred development environment, what tools you are comfortable with, and what tools you want to learn?Question #25 minutes
- Engineering
- If you jumped on a project and you had a different opinion about linting rules or code formatting, how would you handle this in regards to your fellow team members?Question #33 minutes
- Communication
- What aspects are essential for a good code review? How do you make sure you are providing constructive criticism?Question #45 minutes
- Communication
- You are assigned to a ticket, and you are asked to gather information, estimate, and solve it. What does this process look like for you?Question #58 minutes
- Communication
- Are there any questions you would like to ask us about our development processes or technology choices?Question #610 minutes
- Engineering
Backend, Problem Solving
Intended as a back and forth, assessing their ability to breakdown requirements and develop a working plan.
- You are in a position where you can make architectural choices. Two developers are arguing over an arbitrary linting rule; how do you decide which rule to implement?Question #15 minutes
- Engineering Management
Evaluation criteria
- We are looking for an understanding that business needs dictate developer standards
- You are hired as the founding backend developer for a to-do list startup. What technical and methodological solutions do you choose as the foundation for this project?Question #215 minutes
- Software Architecture
Evaluation criteria
- Focusses on problem solving and business needs as a top priority
- Not exclusively focusses on purely technical topics, but also takes hiring market and tool maturity under consideration
- Avoids risks and relies on the tools that are known with confidence
- Attempts to build an MVP-like solution first, rather than over-engineering for uncertain use cases
- Emphasizes the importance of tooling, such as code repositories, collaboration, continuous integration & delivery
- The response times of an API service suddenly increase significantly, and you are tasked with investigating this. What steps are you taking to address the situation?Question #310 minutes
- Incident Management
Evaluation criteria
- Identify whether this was caused by a change to the code or external causes
- For external causes find a suitable counter measure, like rate limiting, more server resources, or database replicas
- Identify the commit that caused the regression, revert it and redeploy the system
- After that, closely examine the flawed code, fix it and consider what measures can be taken to avoid such errors
