samedi 24 octobre 2020

data validation between microservices

Lets say i have 3 micro-services books, authors, attachments.

Author wants to add cover image for book

  1. Once author select image from gallery, file gets uploaded in attachments service with author-id(user-id) which return some metadata such us {id: 1}.

  2. Second API will associate attachment to book like follow.

PUT /books/1/cover-image
payload: {id: 1}

Now Book service has to validate the following

  1. Attachment with id 1 exists or not.
  2. If exists it should verify current author(user) is owner of the attachment.

Approach 1:

  1. Create API endpoint in attachment service to verify both cases. but it endup in multiple API calls for single attachment upload.

Approach 2

  1. Once the user upload the image, instead of returning attachment id in metadata such us {id: 1} return signed id {id: sign(authorId, attachmentId, secret)}.

  2. Book review have same secret where it can decode and verify attachment-id and author-id which avoid multiple API calls.

Is there any cons with approach 2?

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)