Command Waiting On Event Sourcing Micro-services

Question

I'm very new to micro-services but am trying to learn, so apologies for any ignorance or incorrect information.

I have been looking at event-sourcing architecture for microservices and I have a question when it comes to making a command/post requests and having to wait for their response.

Take this example: I want to create an order but in order to create the order it must be checked to see if the customer has enough money to place it. So I make a post request. This might be straight to the order microservice or might be routed or handled via an api gateway.

From an event sourcing architecture this is my understanding on how it might be created.

1. Order service would receive order information via a post method and add the order in a pending state.
2. The order service would publish a order created event.
3. The pricing service has subscribed to the event. So it will check how much that user/customer has. 3a. If the user has enough money, it will reserve the amount. It will then publish a credit reserved event. 3b. If the user doesnt have enough money it will publish credit exceeded event
4. The order service will have subscribed to both of these events and will either put the order into placed or deny it. (I dont know exactly what it would do if it is denied but it will not be allowed)

(Image is just for reference, this doesnt not imply they world talk directly to each other)

Now a few questions come off of the back of this which I hope someone can please help me.

1. The user is going to call this to place an order. They are going to want a response when they place this to know if it was placed or not. How do you handle waiting for command operations that you need a response to, and that response relies on waiting on other microservices potentially. If my api is to wait for a change in the order, how is an event picked up via an endpoint?

2. How does cross microservice validation work. For instance, say before I create the order I want to know if the user it is for actually exists. is this handled by the api gateway which will do initial validation based on the user info?

I understand there is a idea of anonymous microservices (instead of authoritity where each service owns a data set). For instance, the order service would have a copy of all the users and their wallet, so it can check its copy. (same with the users to check it exists). is this the way to go.

Is any of this even correct. Any help would be much appriciated.

Thanks

Answer 1

The user is going to call this to place an order. They are going to want a response when they place this to know if it was placed or not. How do you handle waiting for command operations that you need a response to, and that response relies on waiting on other microservices potentially.

You have two options.

Firstly you can simply not return a response to the user until all the micro-services have returned. If you think this work won't take that long (ie a few milliseconds) this is an ok strategy. You simply return when the last micro-service has finished its work.

If you are concerned that the HTTP connection will time out before all the work is finished you are better to return immediately saying that the newly created Order resource is in some initial state. The user can then GET the resource later to see if the state has changed. This is known as polling, the user polls the resource until it is in the state they want.

How does cross microservice validation work. For instance, say before I create the order I want to know if the user it is for actually exists. is this handled by the api gateway which will do initial validation based on the user info?

This depends and there is no "right" answer to this. A lot of architectures will do things like user authentication simply once early on (eg check user exists and is authorized for this action), and then all other micro-services wills simply accept that yes that user exists and yes they are allowed do what is being requested.

If the check is more domain specific to one particular micro-service (eg not does this user exist, but something like does this user have a particular balance for this order, or does this user have a particular permission to use this particular micro-service) it is better to do this on the particular micro-service. You want to avoid some thing where one micro-service is checking a very specific permission for another micro-service some where else, since if you change how that permission works on the micro-service it is relevant for, you then have to remember to update the other micro-service that is actually checking the permission.