Handling verification of user requests in an event-driven architecture



Basically in a distributed chat application system, I have a groups-service and a messages-service as well as a user-service.

How would (the gateway-service) handle a "send message to group" request?

I need to make sure the user has the correct permissions to even send a message to a group first.

Currently, the api gateway just synchronously requests the user permissions from the group service to check if the user is part of the group and then sends a command to the messages-service to actually create the message.

There is of course also the SAGA approach to make this some sort of transaction and stay async.

Maybe the best solution would be to go the CQRS route and check requirements in view databases first before initiating write request?

So what would be the best approach to check certain things BEFORE telling any service to handle a request?

Another example would be a user buying a product where I first need to check the users account balance before I can tell the order service to place an order.

Continue reading...