Input validation in microservices depending on data from another service

Question

I'm designing photo managing solution with microservices.

• One service is responsible of tracking data of single photos, which are owning by specific user.
• Another service is responsible of photo albums.

I need to prevent user to add not owned photo into his album. It is obvious that I need to make some validation on "album service". But information about photo owners are in "photo service".

One possible solution I thought about was to replicate photo records with relevant attributes to "album service". But I don't really like it, because in this case "album service" will have a lot of photo records, which are not in any album.

Another option would be synchronous call from "album service" to "photo service". But that would break microservices paradigm.

The question is, what would be a good approach to implement such validation.

Answer 1

User with ID 9876 wants to add photo with ID 1234 to album 333:

PUT /albums/333/photos/1234
user-id:9876 (in header)

Album service calls Photo service to validate that the photo belongs to the user:

GET /photos/9876/1234 <- a bit contrived
404 Not Found

The not found indicates to the Album service that the photo does not belong to the user so it returns a 403 to the caller (and does not update the album).

This may break microservices paradigm as you say, but you have framed your problem as a real-time validation problem. Real-time problems require real-time solutions.

If there was no expectation of real-time validation, then you could allow the user to make the request to add the photograph to the album, and then do the actual validation operation at a later time perhaps via a message queue, with any negative result being returned to the user via websockets, or other notification mechanism.