The system shall allow a user to submit a long URL and receive a shortened URL (short code + domain).
When a short URL is requested, the system shall redirect the client to the corresponding original long URL using an HTTP redirect (e.g., 301/302).
The system shall allow a user to provide a custom short code (alias) if it is available and meets validation rules.
The system shall allow a user to set an expiration time/date for a short URL, after which the redirect shall no longer work.
The system shall validate input URLs (format, allowed schemes like http/https) and reject malformed or unsupported URLs.
The system shall define behavior for duplicate long URLs (e.g., create a new short URL every time, or return an existing one for the same user).
The system shall provide an endpoint to retrieve metadata for a short URL (original URL, created date, expiration, click count).
The system shall allow authorized users to disable or delete a short URL so it no longer redirects.
Availability
The service should be highly available (e.g., 99.9% uptime) so redirects work reliably.
Performance / Latency
Redirect requests should be fast (e.g., p95 < 50–100 ms at the edge/app layer, excluding network conditions).
Scalability
The system should scale horizontally to handle growth in both redirect traffic and new URL creation.
Reliability & Durability
Stored mappings between short codes and long URLs should be durable (data should not be lost after creation).
Security
The system should protect against common threats (injection, SSRF patterns, open redirect abuse), support HTTPS, and sanitize/validate input.
Abuse Prevention
The system should mitigate malicious use (spam, phishing distribution) via rate limits, blocklists/allowlists, and monitoring.
Observability
The system should provide logs, metrics, and tracing (e.g., request rate, error rate, latency, redirect counts) and alerting on anomalies.
Maintainability
The codebase should be modular and testable, with clear API contracts and automated tests for core flows.
Cost Efficiency
The system should optimize for low cost per redirect (caching, efficient storage/lookup, minimal write amplification).
Compatibility
The service should work across common clients/browsers and handle typical URL lengths and characters safely (proper encoding/decoding).
GET /{code} by resolving the short code to the long URL and returning an HTTP redirect (301/302).short_code → long_url mappings so most redirects are served without database access; updated on cache misses after a DB lookup.short_code to prevent collisions (including race conditions and custom aliases).