Business Logic in API Anti-Pattern
(Redirected from Business Rules in Controller Anti-Pattern)
Jump to navigation
Jump to search
A Business Logic in API Anti-Pattern is an API design anti-pattern that embeds business rules and domain logic directly within API endpoint handlers rather than in separate business logic layers.
- AKA: API-Embedded Business Logic Anti-Pattern, Business Rules in Controller Anti-Pattern, Fat Controller Anti-Pattern, Controller-Heavy Anti-Pattern, God Controller Anti-Pattern.
- Context:
- It can typically create tight coupling between API Clients and Business Rule Implementations by exposing implementation details through API contracts.
- It can often lead to API Versioning Challenges when Business Logic Changes force Breaking API Changes across multiple API endpoints.
- It can typically result in Business Logic Duplication across different API Endpoints, API Versions, and Client Types.
- It can significantly impair Unit Testing of Business Logic due to HTTP Infrastructure Dependency and Request-Response Cycle Coupling.
- It can typically violate Separation of Concerns Principle by mixing Presentation Layer Concerns with Domain Layer Concerns.
- It can often create Security Vulnerabilitys through inconsistent Business Rule Enforcement across different API endpoints.
- It can typically reduce Code Reusability by locking Business Logic inside specific API Controllers unavailable to other System Components.
- It can lead to God Class Anti-Patterns as API Controllers accumulate more Business Responsibilitys over time.
- It can typically complicate System Maintenance by scattering related Business Rules across multiple API Layer Components.
- It can range from being a Minor API Design Issue to being a Major Architectural Problem, depending on its business logic complexity.
- ...
- Example(s):
- E-commerce API Anti-Patterns, such as:
- Order Controller Business Logic Anti-Pattern, where order validation rules, pricing calculations, and discount logic reside in API controllers.
- Payment Processing API Anti-Pattern, with fraud detection rules and payment authorization logic embedded in endpoint handlers.
- Authentication API Anti-Patterns, such as:
- Login Controller Anti-Pattern, containing password policy enforcement and account lockout logic within API handlers.
- Token Validation Anti-Pattern, where JWT validation rules and permission checks occur in controller methods.
- Workflow API Anti-Patterns, such as:
- Approval Process API Anti-Pattern, implementing approval chain logic and escalation rules in REST endpoints.
- State Machine API Anti-Pattern, managing state transitions and business constraints within API layers.
- ...
- E-commerce API Anti-Patterns, such as:
- Counter-Example(s):
- Clean Architecture Pattern, which enforces strict layer separation with business logic in domain layers.
- Hexagonal Architecture Pattern, where API adapters only translate between external formats and domain models.
- Domain-Driven Design Implementation, placing all business logic within domain services and aggregate roots.
- Service Layer Pattern, providing a dedicated business logic layer between API controllers and data access layers.
- CQRS Pattern, separating command processing from query handling with distinct business logic components.
- See: API Design Anti-Pattern, Software Architecture Anti-Pattern, Controller Anti-Pattern, Separation of Concerns Principle, Single Responsibility Principle, Domain-Driven Design, Clean Architecture, Service-Oriented Architecture.