API design separates seniors

Most coding interviews still ask people to reverse a linked list, but the engineers who actually shape products are the ones who can decide where an application programming interface begins, where it ends, and what happens when version 1 has to survive version 2. A new YouTube walkthrough from Hayk Simonyan frames that gap as the line between basic coding and senior-level API design. (youtube.com) An application programming interface is the contract between two pieces of software, like the menu between a kitchen and the dining room. Microsoft’s API design guidance says a good web API keeps clients loosely coupled so the service can evolve without breaking every app that calls it. (learn.microsoft.com) That is why senior engineers talk about business boundaries before they talk about endpoints. If an order service can change its own rules without reaching into billing or inventory code, the system stays easier to test, deploy, and replace. (learn.microsoft.com) The first big fork is usually Representational State Transfer, which most developers shorten to REST, versus Graph Query Language, which most developers shorten to GraphQL. The GraphQL foundation says GraphQL was built to let clients ask for exactly the data they need, while REST usually exposes fixed resources through separate URLs. (graphql.org) That trade-off shows up fast in real products. REST is usually simpler for caching, monitoring, and predictable behavior over standard Hypertext Transfer Protocol rules, while GraphQL can cut extra round trips when one screen needs pieces of user, order, and inventory data at the same time. (learn.microsoft.com) (graphql.org) The next split is authentication versus authorization, and senior interviews often hinge on whether a candidate knows they are different. Authentication answers “who are you,” while authorization answers “what are you allowed to do,” and GraphQL’s own best-practices page says authorization is outside the core specification and must be designed deliberately. (graphql.org) Rate limiting is another tell, because it forces you to think about abuse before abuse happens. The Open Identity Platform’s March 27, 2026 guide shows per-user rate limiting as a front-door control that can stop one client from overwhelming a service even when the underlying code is correct. (openidentityplatform.org) Backward compatibility is where senior design gets painfully concrete. Google Cloud’s versioning guidance says compatible changes should be treated differently from breaking ones, because even a small field rename can crash clients you do not control. (cloud.google.com) That is why versioning is not just sticking “v2” in a URL and moving on. The OpenAPI Specification exists so teams can describe an interface in a machine-readable contract, which helps documentation, testing, and client generation stay aligned as the API changes. (swagger.io) The reason this stands out more than puzzle-solving is that every one of these choices carries a business cost. Pick the wrong boundary and two teams block each other, pick the wrong auth model and data leaks, pick the wrong versioning plan and old customers break on release day. (youtube.com) (learn.microsoft.com) That is what the recent video is really pointing at. Senior engineers are not just people who can write an endpoint that works on Friday; they are the ones who can explain how that endpoint will still work, stay secure, and remain usable after six teams and three mobile apps depend on it. (youtube.com)