Design and Implement a URL Shortener at Scale

Overview

A URL shortener seems simple — map short codes to long URLs. But designing one that handles millions of redirects reveals real system design challenges: hash collisions, hot key caching, analytics at scale, rate limiting, and database optimization.

In this tutorial, you'll design the system on paper first, then build the complete implementation: a Node.js API with PostgreSQL, short code generation with collision handling, a redirect service, click analytics, rate limiting, and caching concepts. You'll deploy the finished product.

What you'll learn:

System design methodology (requirements, estimation, architecture)
Base62 encoding and hash-based short code generation
Collision detection and resolution strategies
PostgreSQL schema design with indexes for read-heavy workloads
In-memory caching patterns (with Redis concepts)
Rate limiting with the sliding window algorithm
Click analytics and asynchronous event processing
Horizontal scaling considerations

Step 1: System Design — Requirements

Before writing code, define what you're building.

Functional requirements:

Shorten a URL → return a short code (e.g., https://sho.rt/abc123)
Redirect short code → original URL (HTTP 301/302)
Track click analytics (timestamp, referrer, country)
Optional: custom short codes, expiration dates

Non-functional requirements:

Reads heavily outweigh writes (100:1 ratio)
Redirect latency < 50ms at p99
Short codes should be as short as possible (6-8 characters)
System should handle 10,000 redirects/second

Back-of-envelope estimation:

6-character Base62 code = 62^6 = ~56 billion unique codes
At 1M new URLs/day, that's 150+ years before exhaustion
Storage per URL: ~500 bytes → 1M URLs = 500MB/day → manageable

Step 2: Project Setup

Create tsconfig.json:

Step 3: Database Schema

Create src/db.ts:

Schema decisions: short_code has a unique index for O(log n) lookups during redirect. The clicks table is append-only, optimized for writes. We store ip_hash (hashed IP) instead of raw IPs for privacy. click_count on the urls table is a denormalized counter — avoids COUNT(*) on millions of rows.

Step 4: Short Code Generation

Create src/shortcode.ts:

Why not use auto-incrementing IDs encoded in Base62? That reveals creation order and total URL count — a business intelligence leak. Random codes are unpredictable. At 7 characters with Base62, collision probability stays under 0.001% until you have billions of URLs (birthday paradox: ~3.5 billion URLs for a 50% collision chance with 62^7 space).

Step 5: URL Service

Create src/service.ts:

Step 6: In-Memory Cache

Create src/cache.ts:

This in-memory LRU cache uses JavaScript's Map ordered insertion property. In production, you'd use Redis for shared caching across multiple instances. The pattern is identical — check cache first, fall back to database, populate cache on miss.

Step 7: Rate Limiting

Create src/ratelimit.ts:

This is a fixed-window rate limiter — simple and effective for single-instance deployments. The sliding window algorithm is more precise (prevents burst-at-boundary attacks) but requires sorted sets, which is where Redis excels. For production multi-instance setups, move rate limiting to Redis or your API gateway.

Step 8: API Routes

Create src/app.ts:

The redirect uses HTTP 301 (permanent redirect). This tells browsers to cache the redirect locally, reducing load on your server. The tradeoff: if you ever need to change where a short code points, browsers with cached 301s won't re-check. Use 302 (temporary) if you need mutability.

Step 9: Server Entry Point

Create src/index.ts:

Step 10: Testing the System

Step 11: Scaling Considerations

When this single-server design hits its limits, here's how to scale each component:

Database reads (the bottleneck for redirects):

Add read replicas — route redirects to replicas, writes to primary
Partition the clicks table by month (it grows fastest)
Archive old click data to cold storage

Caching:

Replace in-memory LRU with Redis for shared cache across instances
Cache hit rate > 95% for popular URLs (Zipf distribution)
Use cache-aside pattern: check cache → miss → read DB → populate cache

Short code generation at scale:

Pre-generate batches of codes and assign ranges to each app instance
Eliminates the collision-check database round trip
Each instance owns a non-overlapping range

Rate limiting:

Move to Redis with sorted sets for sliding window
Or use a dedicated rate limiter (API gateway, Cloudflare)

Step 12: Deploy

Create a Dockerfile:

Deploy to Railway with a PostgreSQL add-on:

You've built a URL shortener that handles the core system design challenges: ID generation, collision handling, read-heavy optimization, analytics collection, and rate limiting. The architecture translates directly to system design interviews — you can whiteboard it because you've implemented every component.