Web Services - Use many specific or fewer more encompassing Web Services

Posted on 2011-02-24
Last Modified: 2012-05-11
I am new to using web services, so bear with me.

I have a application with a SQL Server database.  I need this to update data on a Mainframe with Adabase.  Updates will be triggered on each update to the SQL Server.

My question is this: (In this example, I am using an Inventory Management Application with tablles "tblInventory" and "tblTransaction")

I perform an operation in the application which:
1. Adds a new record to tblInventory
2. Updates an existing record in tblInventory
3. Adds a new record to tblTransactions

These are all recorded in the SQL Server now I need to pass them to the mainframe.

How many web services should I use to accomplish updating the mainframe (Adabase)?

Another way of putting it is "Would I just pass all of the data at once to 1 web service and let the mainframe decipher how to handle it?" or "Would I call 3 different but transaction specific web services?"

It seems like the latter would require less data being passed and less processing overhead on the mainframe, but what is the desired way?  Or I am way off base and there is a completely different way I haven't though of?
Question by:PSCTECH
  • 2
  • 2
  • 2
LVL 28

Accepted Solution

Ryan McCauley earned 250 total points
ID: 34981119
Either way, you're managing web service sprawl - just of a different type. Put another way, do you:

Create a moderate number of fine-grained web services, and then call a couple for every activity you have (for example, the three-step call you have in your example)
Or do you create a medium number of highly specific web services that can only be used by a single process because their so specific. For your example above, say you make that one call - then, when a client needs to add a record, update a record, and then update two records in tblTransactions (for some reason), you'll have to create a completely new service call, instead of just calling existing services differently.

If you have a small number of possible reasons you'd be calling the service, then the second option is better, but I've seen a number of times where specific cases are continually added and the ultra-specific nature of these servers causes sprawl. If you have a handful of core activities, but there are multiple things that could happen as part of any single call, I'd go with the first option, since you can call fine-grained services in any order (and with any frequency) you like.

As with most things, the answer is "It Depends" :) If you want to describe your scenario in a little more detail (reason for creating services instead of just doing the updates directly, number of apps using the services, different possible reasons they could call them, etc), then I can give you a more tailored recommendation.
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 34997404
Given what you have described above, I would use a single web service on the mainframe.  I would also use a RESTful web service (avoiding the complexity of SOAP).  Since you will be changing the data model on the mainframe with INSERT and UPDATE verbs, you need to use the POST method or otherwise protect the interface with some kind of API key.  If you need security you might want to consider using HTTPS.

If you use XML to send the information to the mainframe you will be able to have a very easy-to-understand code set.  Your XML tags can be quite descriptive.  You might also consider using a CSV or JSON data scheme, but whatever you choose you want it to be accomplished in plain text - do not send binary data (it is too hard to debug) if you can avoid it.

I can envision something like the code snippet to add a record to inventory.  If you have any more specifics, please post back and we can discuss.
XML like this...

<apikey>[your key here]</apikey>

Generates SQL like...

INSERT INTO tblInventory ( name, size, gender, color, style ) values ( 'Shoe', '8', 'f', 'red', '80224' )

Open in new window

LVL 28

Expert Comment

by:Ryan McCauley
ID: 34997514
If you're going to go the plain-text route, make sure you take care with SQL Injection - concatenating text like that into a SQL Statement involves a number of risks - though you have an API key to help ensure that only authorized sources use the service, a malicious user could cause problems by passing a malformed request to the server - that's why I prefer hard-coded statements and specific web service calls instead in generic ones.

In any case, you'll want to make sure you've read about SQL Injection and you understand how to mitigate it. You can Google any number of articles, but here's somewhere to start:

Open in new window

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

LVL 109

Expert Comment

by:Ray Paseur
ID: 34998048
Good point about the risk of SQL injection (or for that matter, any kind of data pollution).  If this is really something that needs to be secured, the PayPal model handshake is an excellent solution.  It works whether or not you choose to use HTTPS.

1. Mainframe app receives a post to update the data model.
2. It takes the entire data string and posts it back to the app.
3. app checks its logs for a matching message to the mainframe
4. app responds with VERIFIED if the message actually came from the app

This design pattern puts the burden of trust on the app, and reduces the risk that the mainframe data can be contaminated.

Author Comment

ID: 34998824
Ryan, Ray,  Thanks for the info.  Ryan, you asked for detail.  The customer has a legacy system, which they don't want us to interact with directly.  The specified in the statement of work that we pass info to their mainframe via web services, so our hands a a bit tied.
Sorry for the confusion in my scenario.  I mistyped.  What is should have said is:

I perform a RECEIVE operation in the application which:
1. Adds a new record to tblInventory or Updates an existing record in tblInventory
2. Adds a new record to tblTransactions


Author Closing Comment

ID: 34999742
Thank you both for the help.  Any additional information you may think of or links to samples would be appreciated.

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sql query 8 51
MS SQL 2008 Divide by zero error encountered. Error 3 46
Sql Server group by 10 45
average of calculation (TSQL) 4 26
How to leverage one TLS certificate to encrypt Microsoft SQL traffic and Remote Desktop Services, versus creating multiple tickets for the same server.
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question