Designing Robust Backend Services: Path Standards, Security, Monitoring, and Degradation Strategies

Introduction

In today's fast‑evolving technology landscape, service design must go beyond generic specifications to ensure flexibility, future‑proofing, and user expectations.

System Overview

JD Enterprise VOP (Intelligent Procurement) offers hundreds of standard API services for thousands of customers, providing underlying capabilities for self‑procurement marketplaces.

Service Path and Modules

Use a unified first‑level path such as

domain/api/

to centralize security controls (authentication, authorization, logging, rate‑limiting, monitoring).

Organize subsequent segments by business groups (e.g.,

order/api/order

,

product/api/product

) to clarify module ownership.

Determine service granularity—whether price is a separate service or embedded in product details—based on business scenarios.

Request Methods

Most services should support AJAX with a fixed data format (JSON/XML) for extensibility; special cases like checkout or login may require non‑AJAX redirects.

Input/Output Parameters

Prioritize extensibility; avoid adding fields that force new versions.

Prefer long or string types for numeric fields to prevent overflow when schemas evolve.

Distinguish “unset” from zero values using wrapper types.

Expose only necessary fields; mask or encrypt sensitive data (address, phone, etc.) and apply field‑level de‑identification.

Provide detailed field specifications: length limits, numeric ranges, consistent naming, format definitions, and enum descriptions.

Business Logic Recommendations

Support batch processing to reduce call volume.

Implement horizontal privilege checks to prevent cross‑tenant data leakage.

Use dedicated thread pools for critical multi‑threaded tasks.

Exception Handling

Define clear error codes for write operations to enable callers to retry, alert, ignore, or abort appropriately; wrap unknown exceptions in a unified response format.

Dependency Management

Classify external calls as strong (short‑circuit on failure) or weak (ignore with alerts) to maintain overall service stability.

Monitoring and Logging

Log request and response fields for critical services (payments, orders) to support risk assessment and business analytics.

Collect call statistics for traffic governance, anomaly detection, and rate‑limiting.

Degradation Points

Identify critical versus non‑critical modules and embed fallback logic in non‑critical code paths to preserve core functionality during failures.

Handling Obsolete Services

Route compatible legacy calls to newer services.

Disable outdated endpoints via a unified interceptor that returns a standard error code.

Zero‑Trust Principle

Never trust third‑party services or callers; enforce rate limiting, input validation, and fine‑grained permission checks.

Security Measures

Transport‑level encryption (TLS/HTTPS).

Application‑level encryption for sensitive fields (AES, RSA).

Database‑level encryption for passwords or highly confidential data.

Manage keys securely and assess performance impact.

System Admission

Use IP whitelist for high‑security clients and blacklist for known malicious sources.

Tamper‑Proof Interfaces

Enforce HTTPS.

Apply digital signatures and MACs.

Combine API keys with timestamps to prevent replay attacks.

Input/Output Encryption

For highly regulated customers, encrypt all payloads using client‑specific SDKs loaded via an isolated ECI platform; interceptors handle decryption before business logic and encryption before response.

Code Example

<code>/** @description Specify client‑specific request/response encryption interceptor */
@Service
public class EncryptInterceptor extends HandlerInterceptorAdapter {
    // preHandle: decrypt incoming request
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (!(request instanceof DecryptionRequestWrapper)) {
            return true;
        }
        // decrypt logic …
        return true;
    }
    // postHandle: encrypt outgoing response
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                           ModelAndView modelAndView) throws Exception {
        // encrypt logic …
    }
}
</code>

Conclusion

Building a robust backend service requires adherence to design standards, proactive risk assessment, continuous monitoring, and layered security to stay competitive amid evolving business and technical demands.