0

In our design we have something of a paradox. We have a database of projects. Each project has a status. We have a REST api to change a project from “Ready” status to “Cleanup” status. Two things must happen.

  1. update the status in the database
  2. send out an email to the approvers

Currently RESTful api does 1, and if that is successful, do 2.

But sometimes the email fails to send. But since (1) is already committed, it is not possible to rollback.

I don't want to send the email prior to commit, because I want to make sure the commit is successful before sending the email.

I thought about undoing step 1, but that is very hard. The status change involves adding new records to the history table, so I need to delete them. And if another person make other changes concurrently, the undo might get messed up.

So what can I do? If (2) fails, should I return “200 OK” to the client?

Seems like the best option is to return “500 Server Error” with error message that says “The project status was changed. However, sending the email to the approvers failed. Please take appropriate action.”

Perhaps I should not try to do 1 + 2 in a single operation? But that just puts the burden on the client, which is worse!

John Henckel
  • 10,274
  • 3
  • 79
  • 79

1 Answers1

1

Just some random thoughts:

You can have a notification sent status flag along with a datetime of submission. When an email is successful then it flips, if not then it stays. When changes are submitted then your code iterates through ALL unsent notifications and tries to send. No idea what backend db you are suing but I believe many have the functionality to send emails as well. You could have a scheduled Job (SQL Server Agent for MSSQL) that runs hourly and tries to send if the datetime of the submission is lapsed a certain amount or starts setting off alarms if it fails as well.

If ti is that insanely important then maybe you could integrate a third party service such as sendgrid to run as a backup sending mech. That of course would be more $$ though...

Traditionally I've always separated functions like this into a backend worker process that handles this kind of administrative tasking stuff across many different applications. Some notifications get sent out every morning. Some get sent out every 15 minutes. Some are weekly summaries. If I run into a crash and burn then I light up the event log and we are (lucky/unlucky) enough to have server monitoring tools that alert us on specified application events.

Travis Acton
  • 4,292
  • 2
  • 18
  • 30