Sps-Service Header Proposal
#99
Conversation
travisgosselin
changed the title
Sps-User-Agent Header ProposalSps-Service Header Proposal
Signed-off-by: Travis Gosselin <[email protected]>
Signed-off-by: Travis Gosselin <[email protected]>
There was a problem hiding this comment.
Hello. Thanks for working on this.
Just a few (perhaps naïve) questions:
- Would it be fair to assume that the id & name portion of the Sps-Service header should be registered in prod tech registry? If so, would it be worth mentioning in the notes that this as a place where people should go to get that service id and name to at least try to ensure they match?
- Would the environment of the service making the request be something that might be added into the custom attributes given that it isn't part of the key itself? Perhaps that is actually somewhere else in the spec or maybe is being considered in other specs. I am asking because it at least is possible that in the case of a public endpoint it could get a request from another environment than the one the receiving service is running in. This kind of thing would be tricky to track down but would result in prod data being returned to a test UI or vice versa. Maybe not something for the spec but something to think about when considering what we could log given the header.
Again thanks for doing this.
Great feedback @jimthedev - appreciate you taking the time to read through it.
Our API Standards ideally are created agnostic of the implementation and subsystem that sits on top of it and references it. They are also public (like this conversation). So with that in mind, it is recognized that there needs to be an authority for the service ID (in our case at SPS that is tech registry). This line was intending to cover those use cases: Does that make sense or should we add more / reword?
I think of this header as environment agnostic, and specific to the service entity itself. With that in mind, the implementation architecture matters to ensure it is understood what environment the service is from. That being said, the state in the SPS ecosystem is that we have one PROD asset registry used in all environments, our runtime in our integration environment makes use of PRODUCTION service ids as a single source of truth for a lot of reasons I won't enumerate here. Please advise me if you think this is incorrect. |
|
@travisgosselin Ok I think that makes sense. Thanks for clarifying. I think that rewording makes a lot of sense. |
Any suggestions on how to reword it? What terminology you'd like to see to make it clear? I put it through AI to try and get some alternatives, but mostly just a few grammatical changes: Thoughts @jimthedev ? |
Signed-off-by: Travis Gosselin <[email protected]>
Supporting Reusable Model Draft: https://github.com/SPSCommerce/sps-api-design/pull/161