• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 289
  • Last Modified:

Web Services - Use many specific or fewer more encompassing Web Services

I am new to using web services, so bear with me.

I have a vb.net application with a SQL Server database.  I need this to update data on a Mainframe with Adabase.  Updates will be triggered on each update to the SQL Server.

My question is this: (In this example, I am using an Inventory Management Application with tablles "tblInventory" and "tblTransaction")

I perform an operation in the application which:
1. Adds a new record to tblInventory
2. Updates an existing record in tblInventory
3. Adds a new record to tblTransactions

These are all recorded in the SQL Server now I need to pass them to the mainframe.

How many web services should I use to accomplish updating the mainframe (Adabase)?

Another way of putting it is "Would I just pass all of the data at once to 1 web service and let the mainframe decipher how to handle it?" or "Would I call 3 different but transaction specific web services?"

It seems like the latter would require less data being passed and less processing overhead on the mainframe, but what is the desired way?  Or I am way off base and there is a completely different way I haven't though of?
  • 2
  • 2
  • 2
2 Solutions
Ryan McCauleyData and Analytics ManagerCommented:
Either way, you're managing web service sprawl - just of a different type. Put another way, do you:

Create a moderate number of fine-grained web services, and then call a couple for every activity you have (for example, the three-step call you have in your example)
Or do you create a medium number of highly specific web services that can only be used by a single process because their so specific. For your example above, say you make that one call - then, when a client needs to add a record, update a record, and then update two records in tblTransactions (for some reason), you'll have to create a completely new service call, instead of just calling existing services differently.

If you have a small number of possible reasons you'd be calling the service, then the second option is better, but I've seen a number of times where specific cases are continually added and the ultra-specific nature of these servers causes sprawl. If you have a handful of core activities, but there are multiple things that could happen as part of any single call, I'd go with the first option, since you can call fine-grained services in any order (and with any frequency) you like.

As with most things, the answer is "It Depends" :) If you want to describe your scenario in a little more detail (reason for creating services instead of just doing the updates directly, number of apps using the services, different possible reasons they could call them, etc), then I can give you a more tailored recommendation.
Ray PaseurCommented:
Given what you have described above, I would use a single web service on the mainframe.  I would also use a RESTful web service (avoiding the complexity of SOAP).  Since you will be changing the data model on the mainframe with INSERT and UPDATE verbs, you need to use the POST method or otherwise protect the interface with some kind of API key.  If you need security you might want to consider using HTTPS.

If you use XML to send the information to the mainframe you will be able to have a very easy-to-understand code set.  Your XML tags can be quite descriptive.  You might also consider using a CSV or JSON data scheme, but whatever you choose you want it to be accomplished in plain text - do not send binary data (it is too hard to debug) if you can avoid it.

I can envision something like the code snippet to add a record to inventory.  If you have any more specifics, please post back and we can discuss.
XML like this...

<apikey>[your key here]</apikey>

Generates SQL like...

INSERT INTO tblInventory ( name, size, gender, color, style ) values ( 'Shoe', '8', 'f', 'red', '80224' )

Open in new window

Ryan McCauleyData and Analytics ManagerCommented:
If you're going to go the plain-text route, make sure you take care with SQL Injection - concatenating text like that into a SQL Statement involves a number of risks - though you have an API key to help ensure that only authorized sources use the service, a malicious user could cause problems by passing a malformed request to the server - that's why I prefer hard-coded statements and specific web service calls instead in generic ones.

In any case, you'll want to make sure you've read about SQL Injection and you understand how to mitigate it. You can Google any number of articles, but here's somewhere to start:


Open in new window

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Ray PaseurCommented:
Good point about the risk of SQL injection (or for that matter, any kind of data pollution).  If this is really something that needs to be secured, the PayPal model handshake is an excellent solution.  It works whether or not you choose to use HTTPS.

1. Mainframe app receives a post to update the data model.
2. It takes the entire data string and posts it back to the VB.net app.
3. VB.net app checks its logs for a matching message to the mainframe
4. VB.net app responds with VERIFIED if the message actually came from the VB.net app

This design pattern puts the burden of trust on the VB.net app, and reduces the risk that the mainframe data can be contaminated.
PSCTECHAuthor Commented:
Ryan, Ray,  Thanks for the info.  Ryan, you asked for detail.  The customer has a legacy system, which they don't want us to interact with directly.  The specified in the statement of work that we pass info to their mainframe via web services, so our hands a a bit tied.
Sorry for the confusion in my scenario.  I mistyped.  What is should have said is:

I perform a RECEIVE operation in the application which:
1. Adds a new record to tblInventory or Updates an existing record in tblInventory
2. Adds a new record to tblTransactions

PSCTECHAuthor Commented:
Thank you both for the help.  Any additional information you may think of or links to samples would be appreciated.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now