Zomato · engineering
Preparation guide for Backend Developer positions at Zomato Limited. Covers their Online Coding → Technical × 2 → Cultural Fit process with technical, behavioral, and HR questions.
What is REST? What are its key architectural constraints?
Tip: Name the 6 constraints: client-server, stateless, cacheable, uniform interface, layered system, code on demand (optional). Statelessness is the one interviewers probe most.
What is the difference between SQL and NoSQL databases? When would you choose each?
Tip: SQL: structured schema, ACID, relational. NoSQL: flexible schema, BASE, horizontal scale. Choose SQL for transactional data; NoSQL for high-write, schema-flexible workloads like logs or feeds.
What is connection pooling and why is it important?
Tip: A pool reuses existing DB connections instead of opening a new one per request. Critical at scale — opening a TCP + auth handshake takes ~100ms. HikariCP (Java) and pg-pool (Node) are common implementations.
What is the N+1 query problem? How do you solve it?
Tip: N+1 occurs when fetching a list of N records triggers N additional queries for related data. Fix with eager loading (JOIN), DataLoader batching, or selecting only needed fields. Common ORM trap.
How do you implement JWT-based authentication in a REST API?
Tip: Login endpoint returns signed JWT (header.payload.signature). Client sends it in `Authorization: Bearer <token>`. Server verifies signature with secret key — no DB lookup needed per request. Store refresh tokens in DB for revocation.
What is caching? Explain write-through, write-behind, and cache-aside strategies.
Tip: Cache-aside (lazy loading): app checks cache, on miss loads from DB and populates. Write-through: write to cache and DB simultaneously. Write-behind: write to cache, async flush to DB. Cache-aside is most common in practice.
What is database indexing? When would you NOT add an index?
Tip: Indexes speed up reads but slow down writes (index must be updated on every INSERT/UPDATE). Avoid on: small tables (full scan is faster), columns with low cardinality (boolean), tables with frequent bulk writes.
Tell me about a backend service you optimised. What was the bottleneck and how did you fix it?
Tip: Structure: profiling approach, root cause (DB query, serialisation, network), solution, measurable improvement. Avoid vague answers like "I added a cache" without showing you identified the actual bottleneck first.
An API endpoint returns 503 errors under high load. Walk me through your investigation.
Tip: Check: are downstream services (DB, cache, external APIs) healthy? Is the connection pool exhausted? Is the process running out of memory? Is the request queue full? Then address the bottleneck, not the symptom.
How would you design a URL shortener backend?
Tip: Key decisions: hash function (Base62 of MD5 or counter), storage (Redis for fast reads + RDB for persistence), collision handling, expiry, custom slugs. Talk through scale requirements before jumping to implementation.
What is the difference between authentication and authorisation?
Tip: Authentication: verifying WHO you are (login). Authorisation: verifying WHAT you are allowed to do (permissions). A logged-in user may be authenticated but not authorised to access admin routes.
Why did you choose backend development, and what motivates you to stay current with it?
Tip: Show genuine interest: performance, distributed systems, data integrity challenges. Mention specific things you follow — a blog, open source project, or recent spec. Generic answers are penalised.
Take a full scored mock interview tailored to your resume. Get feedback on technical depth, clarity, structure, confidence, and relevance — free to start.