Building an E-commerce Website Backend: Services, Data Models, and APIs
Building a robust backend for an e-commerce website in 2026 means designing for high concurrency, accurate inventory control, secure transactions, global scale, and fast iteration. Most production-grade platforms adopt a microservices or modular monolith approach, often following Domain-Driven Design (DDD) principles, with heavy use of event-driven communication, CQRS (for read/write separation), and sometimes event sourcing for critical domains like orders.
This article outlines a practical, modern backend structure: key services, core data models, recommended APIs, and implementation considerations.
Core Backend Services (Microservices Breakdown)
Break the system into bounded contexts aligned with business domains. Each service owns its database (Database-per-Service pattern) for loose coupling and independent scaling.
| Service | Primary Responsibility | Typical Tech Stack (2026) | Scaling Needs | Communication Style |
|---|---|---|---|---|
| User / Auth | Registration, login, profiles, roles, sessions, OAuth/SSO | Node.js/Go, PostgreSQL + Redis | Medium | Sync (REST/gRPC) |
| Catalog / Product | Product CRUD, categories, attributes, variants, pricing rules | Go/Java, PostgreSQL or MongoDB | High (read-heavy) | Sync + Events |
| Search | Full-text search, faceting, ranking, autocomplete, recommendations | Elasticsearch / OpenSearch / Typesense | Very High | Sync (REST/GraphQL) |
| Inventory | Stock levels, reservations, warehouses, low-stock alerts | PostgreSQL, Redis (counters) | High (write during sales) | Events (critical) |
| Cart | Session-based shopping cart, add/remove, apply coupons, calculate totals | Redis (fast), or DynamoDB | High (burst during browsing) | Sync |
| Checkout / Order | Validate cart → create order, apply taxes/shipping, orchestrate payment & fulfillment | Java/Go, PostgreSQL | Very High (peaks) | Saga + Events |
| Payment | Gateway integration (Stripe, PayPal, Adyen), webhooks, refunds, fraud checks | Node.js, PostgreSQL | High | Sync + Webhooks |
| Promotion / Pricing | Discounts, coupons, flash sales, dynamic pricing, bundles | PostgreSQL + Redis | Medium–High | Sync |
| Order Fulfillment | Post-order: shipping labels, tracking, status updates, returns | Go, PostgreSQL | Medium | Events-driven |
| Notification | Emails, SMS, push notifications (order placed, shipped, etc.) | Serverless (Lambda) + SES/SNS | Variable | Async (events) |
Event Bus (Kafka, RabbitMQ, Pulsar, or AWS SNS/SQS + EventBridge) acts as the glue: “OrderPlaced”, “PaymentCaptured”, “InventoryReserved”, “StockUpdated” events trigger downstream actions.
Key Data Models (Simplified ERD Concepts)
Use polyglot persistence, but here’s a common relational + NoSQL mix:
- User
- id (UUID)
- email, password_hash
- name, addresses (JSONB or separate table)
- created_at, last_login
- Product (Catalog service)
- id (UUID)
- sku, name, description
- category_id, brand
- variants [] → {variant_id, attributes: {color, size}, price, cost}
- images [], metadata (JSONB)
- Inventory (Inventory service)
- product_variant_id
- warehouse_id
- available_quantity
- reserved_quantity
- total_quantity
- Cart (Redis hash or document)
- cart_id (session/user_id)
- items [] → {product_variant_id, quantity, unit_price_at_add}
- applied_coupons []
- totals (subtotal, tax, shipping, discount, grand_total)
- Order (Order service – often event-sourced or with audit trail)
- order_id
- user_id
- status (Pending → Paid → Shipped → Delivered → Cancelled)
- items [] → {variant_id, quantity, price_snapshot, tax}
- shipping_address, billing_address
- payment_method, payment_id
- totals, created_at, updated_at
- Payment
- payment_id
- order_id
- amount, currency
- status (Pending, Authorized, Captured, Refunded)
- gateway_response (JSON)
For high-audit domains (orders, payments), Event Sourcing stores events like OrderCreated, ItemAdded, PaymentSucceeded instead of mutating state directly.
API Design Choices and Best Practices
In 2026, most e-commerce backends use a hybrid approach:
- External / Client-Facing APIs → GraphQL (flexible queries for frontend, mobile, personalization) or REST (simpler caching, broader tooling)
- Internal Service-to-Service → gRPC (performance, streaming, strong typing with Protobuf)
- Public / Partner APIs → REST + OpenAPI spec for discoverability
GraphQL (Apollo Federation or standalone) shines for:
- Product detail pages (fetch product + variants + reviews + related in one query)
- Cart & checkout (avoid over-fetching)
REST remains strong for:
- Simple CRUD endpoints
- Webhook receivers
- Third-party integrations
Key Endpoints Examples (REST style for illustration):
- CatalogGET /products?category=electronics&sort=price-desc&page=1&limit=20GET /products/{id} (with variants & pricing) POST /products (admin only)
- SearchGET /search?q=wireless+headphones&facet=brand:Apple,Sony&minPrice=50
- CartPOST /carts/{cartId}/items → {variantId, quantity} PATCH /carts/{cartId} → apply coupon GET /carts/{cartId}
- Checkout / OrdersPOST /orders (from cartId + shipping + payment intent) GET /orders/{orderId}GET /orders?userId=xxx&status=shipped
- Inventory (internal) gRPC: ReserveInventory(request: ReserveRequest) returns (ReserveResponse)
Best Practices
- Versioning: /v1/ in path or headers; avoid breaking changes
- Authentication: JWT or OAuth2; API keys for partners
- Rate Limiting & Throttling: Protect against abuse (especially cart/add-to-cart)
- Idempotency: Keys for payment & order creation
- Error Handling: Consistent JSON errors (RFC 7807 style)
- Caching: ETags, Redis for carts, CDN/edge for catalog
- Observability: OpenTelemetry traces, metrics for latency & error rates
- Async for Heavy Work: Use sagas/compensating transactions for checkout (e.g., reserve inventory → capture payment → confirm order)
Implementation Tips
- Start with a modular monolith if your team is small—extract to microservices later.
- Use CQRS for read-heavy paths (materialized views in Elasticsearch for search/browse).
- Implement Sagas or Choreography for distributed transactions (e.g., Order Placement Saga).
- Secure payment flows: PCI compliance, never store cards—use tokens.
- Test chaos (network delays, service failures) and load test checkout peaks.
This modular, event-aware backend powers everything from small shops to platforms handling millions of orders. Focus first on Catalog → Cart → Checkout → Orders → Inventory as the critical path—then expand with personalization, promotions, and fulfillment.
