Something to consider before you design your Webservices

Here we will discuss things you should consider before you start designing or starting development of your service. These are not rules of thumb but provide good help to design and maintain your services properly.

Have proper granularity for services

Every service you define should have a fine level of granularity. I relate this to SRP (Single Responsibility Principle) of OOPs, which states every object/component should be doing only one task or handling one responsibility, which ensures better quality, less error prone code and quick fixes/solutions. Here, your web services should be doing specific task i.e. providing only some specific service for other applications or services. Having very fine services provides reusability and loose coupling but it hits performance due to multiple calls (and other associated tasks like marshaling/un-marshaling). Decision should be taken after properly understanding requirements of overall business needs.

Define Service policy and lifecycle

Policies are set of rules which should be followed by all services within organization. Follow proper rules as per your business requirement like security should be followed, document should be followed etc. Lifecycle are phases your service goes through from its inception to end. It helps you in finding various services in your organization and how they integrated with other services.

Policies can be separated in following terms

  • Security Policies
  • Documentation policies
  • Versioning policies

Don’t mix transport and logical layer

Your application code/logic may dependent on platform/language but it should not depend on transport layer/protocol in use. By separating your logic from transport layer you ensure your business logic is intact even if in future you want to use some other communication mechanism. Basically transport should be doing what is supposed for communication of request and response like accepting/replying request, transforming request/response to/from input/output expected by your client/business logic. Rule of thumb never put your business related logic directly in your web service handlers/endpoints.

Provide Service discovery

When you create a service, you want it to be used by others. You need to provide some way to users of your service to find it and use it without your help. Web Service standard provide a good way and rules to fulfill this. Your service should be visible to other, whether you want it within your organization or to outer world; it makes sense when it can be accessed and use by other. Provide a proper visibility to your service for external operations. This also help different teams/projects of organisation to know about what all is already available within.

Provide document for services

This is continuation to above point, providing a service and its discovery is not enough. You should have properly document your service such that user don’t need your help to use it. Properly document objective, scope, life cycle, inputs, expected outputs and error conditions for your service.

Provide versioning for services

From first release of your service provide some version to your service; whether you expect it or not, it will be helpful in future release of your services. You can follow below versioning rules for your service –

  • Use major and minor version for your services
  • Follow this basic rule, if there are changes which can break earlier service or client using that service, change major version, otherwise change only minor version
  • Different SOA technologies may or may not provide direct way for versioning. You can use different method to do so. Version information should get reflected to your service and user of service.
  • Always update documentation of your services according to changes in your services.

Web Service Security

Have proper security for your service. However, it is not mandatory you may have services which are open for all, but normally it is desired. When you implement security, think deep about security level, what type of security your service needs? Whether you need just authentication/authorization or even at message level. This is pretty broad topic and you should have proper security according to your organization and service need. Also having security is not enough you need to continuously audit it to see if it is meeting your requirement and if their are any new potential risks.

Monitoring of Services

Monitoring of service and its usage is very important to know usage of your service, service users and its behaviors. Always register your service to some registry which provides such features. You never know when you need to get this information. It will benefit by providing service usage, fixing of service and take quick actions at early stage of issue.


Leave a Reply

Your email address will not be published. Required fields are marked *

+ 2 = six

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>