I had this discussion in my workplace and wanted to share and get opinions from the folks here. (I suspect StackOverflow might not appreciate such open ended questions).

Context: We have a microservice involved in pricing signalling to our users. We have an endpoint which have the following:

  • Input: an array of item ID’s
  • Output: the expected final price of the given items.

The item prices are quite volatile (and no, it is not crypto related), and is dependent on things like instantaneous supply-demand, promotions, etc.

Since the prices change quite frequently, it became a requirement that we commit to the price that was shown to the user initially, up to a certain time period (eg 5 min after the price was calculated). This improves the UX since the user will be charged as according to what they expected at the start.

Currently, in our system, we achieve this via a JWT, which contains all the details in the request, the obligatory signature, and the expiry set to 5 min from the time it was generated.

After generating this receipt, the FE can then call the endpoint with the JWT which does the actual payment processing using the params encoded in the token. This way, we know that the params + the total cost that is quoted in the JWT originates from our service since we verify that we signed it.

And the system evolves once more. We see that in the system, there is this mechanism, that if the token is expired, we do not reject the request at the charging step. Instead, we call the price endpoint internally using the params provided, and check if the price is the same as in the expired JWT. If it is the same, we process it as normal despite the JWT being expired.

This is where the contention lies. I believe that we should force the user to procure another non-expired JWT and removing this complex logic while others believe in the value of this improved UX where the user doesn’t need to restart the whole flow again.

What do y’all think? Which way would y’all architect the endpoint? Or is there something fundamentally wrong with our design (maybe JWT is not the best suited for this use case)?

  • Pup Biru@aussie.zone
    cake
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    they’re talking about an API though, which changes the game a bit. i agree regarding the UX of the situation, but i don’t think the API is the right place to do something like that

    the API should follow the theory of least surprise, and always work the same rather than follow some unwritten rule in certain situations. i say this for 2 reasons (that i can think of right now):

    • unwritten rules like not following expiry lead to “worked on my machine” and difficult to debug scenarios
    • if you break standards like JWT, you can’t do things like offload auth validation to some kind of ingress router because you have extra rules that don’t follow the spec

    you can implement the same functionality in the client app pretty easily which, IMO, is where UX lives. perhaps putting an expiry with “prices refresh in 5min” to get around the complexity of the fact that prices may or may not change or stay the same… i don’t think anyone enjoys when their ride share surge price changes after the app “times out” searching for driver (as in something out of their control, like an opaque timeout) but if they know the amount of time they have they feel in control