Back to Resources

Saga Pattern Implementation with Temporal for Resilient Microservices

16 min read
Goh Ling Yong
Technology enthusiast and software architect specializing in AI-driven development tools and modern software engineering practices. Passionate about the intersection of artificial intelligence and human creativity in building tomorrow's digital solutions.

The Inescapable Challenge of Distributed Transactions

In a monolithic architecture, maintaining data consistency is a solved problem: wrap your operations in a database transaction with ACID guarantees. If any step fails, the entire operation is rolled back, leaving the system in a consistent state. Microservices shatter this simplicity. When a single business process spans multiple services, each with its own database, distributed transactions become a formidable challenge. Protocols like two-phase commit (2PC) exist but are often impractical due to their tight coupling and susceptibility to coordinator failure, making them an anti-pattern in modern distributed systems.

This is where the Saga pattern emerges. A saga is a sequence of local transactions where each transaction updates data within a single service. When a local transaction completes, the saga triggers the next one. If a local transaction fails, the saga executes a series of compensating transactions to semantically undo the preceding successful transactions. While powerful, implementing a robust Saga orchestrator from scratch is a significant engineering effort. You must manage state, handle retries, ensure idempotency, and provide visibility into long-running processes. This is precisely the problem domain where a durable execution engine like Temporal excels.

This article is not an introduction to the Saga pattern or Temporal. It is a deep dive for senior engineers on how to architect and implement complex, fault-tolerant Sagas using Temporal's primitives. We will build a production-ready e-commerce order processing workflow, dissecting advanced implementation patterns, failure handling, and performance considerations.

Core Architecture: Orchestrating the Order Fulfillment Saga

Let's define our business process: a multi-step order fulfillment workflow that touches four distinct microservices:

  • Order Service: Creates and manages the state of the order (e.g., PENDING, COMPLETED, FAILED).
  • Inventory Service: Reserves and deducts items from stock.
  • Payment Service: Processes charges against a user's credit card.
  • Shipping Service: Arranges for shipment of the physical goods.

    • The happy path is a sequence of local transactions:

  • CreateOrder (Order Service)
  • ReserveInventory (Inventory Service)
  • ProcessPayment (Payment Service)
  • ShipOrder (Shipping Service)
  • MarkOrderAsCompleted (Order Service)

    • The complexity lies in the failure paths. Each step can fail, and for each successful step preceding the failure, a compensating transaction must be executed:

    * If ProcessPayment fails, we must execute UnreserveInventory.

    * If ShipOrder fails, we must execute RefundPayment and UnreserveInventory.

    We will use the Orchestration approach for our Saga, where a central coordinator (our Temporal Workflow) is responsible for calling the services and their compensations. This provides superior visibility and simpler logic compared to the alternative, Choreography, which relies on a fragile chain of event-driven communication.

    Temporal Primitives at Play

    * Workflow: The orchestrator. It defines the sequence of operations and the compensation logic. The key feature of a Temporal Workflow is its durability. The state of the workflow is preserved by Temporal's service, so it can run for seconds or months, survive process crashes, and its execution is guaranteed.

    * Activity: A single step in the workflow. This is where the actual interaction with a microservice happens (e.g., an HTTP or gRPC call). Activities can be retried, have timeouts, and are the locus of side effects.

    Production-Grade Implementation in Go

    Let's translate the architecture into Go code. We'll start by defining the inputs and the structure of our workflow and activities.

    1. Defining the Workflow and Activities

    First, we define the data structures and the function signatures for our workflow and activities. This creates a clear contract for our Saga.

    go
    // file: shared/types.go
package shared

import "go.temporal.io/sdk/workflow"

// OrderDetails contains all the information for an order.
type OrderDetails struct {
	UserID   string
	ItemID   string
	Quantity int
	Price    float64
	OrderID  string
}

// OrderProcessingWorkflow is the entry point for our Saga.
func OrderProcessingWorkflow(ctx workflow.Context, order OrderDetails) (string, error) {
	// Workflow implementation here...
}

// Activities defines the contract for our microservice interactions.
type Activities struct{}

func (a *Activities) ReserveInventory(ctx context.Context, itemID string, quantity int) (string, error) { /* ... */ }
func (a *Activities) ProcessPayment(ctx context.Context, userID string, amount float64, idempotencyKey string) (string, error) { /* ... */ }
func (a *Activities) ShipOrder(ctx context.Context, orderID string) (string, error) { /* ... */ }
func (a *Activities) MarkOrderAsCompleted(ctx context.Context, orderID string) error { /* ... */ }

// Compensation Activities
func (a *Activities) UnreserveInventory(ctx context.Context, reservationID string) error { /* ... */ }
func (a *Activities) RefundPayment(ctx context.Context, transactionID string, idempotencyKey string) error { /* ... */ }

    2. Implementing the Saga Orchestration Logic

    Now for the core of the Saga: the workflow definition. We'll use Go's defer statement to elegantly handle compensation logic. A function deferred inside a Temporal workflow will execute when the workflow function exits, either by completing successfully or by failing. This is a powerful pattern for ensuring cleanup and compensation actions are always run.

    go
    // file: workflow/workflow.go
package workflow

import (
	"time"

	"go.temporal.io/sdk/workflow"
	"example.com/saga/shared"
)

func OrderProcessingWorkflow(ctx workflow.Context, order shared.OrderDetails) (string, error) {
	// Set aggressive timeouts for activities. In a real app, these would be configurable.
	options := workflow.ActivityOptions{
		StartToCloseTimeout: time.Second * 10,
	}
	ctx = workflow.WithActivityOptions(ctx, options)

	logger := workflow.GetLogger(ctx)
	logger.Info("Order processing workflow started", "OrderID", order.OrderID)

	var a *shared.Activities
	var compensationFuncs []func()

	// Use defer to run all registered compensations on any workflow failure.
	// Note: The deferred function captures the 'compensationFuncs' slice by reference.
	defer func() {
		if workflow.IsCancelRequested(ctx) || (workflow.GetInfo(ctx).GetContinueAsNewSuggested() && workflow.IsReplaying()) {
			// Don't run compensations if the workflow is being cancelled or continued as new.
			// Cancellation handling would have its own logic.
			return
		}
		// If there's an error, run compensations in reverse order.
		if workflow.GetInfo(ctx).GetCurrentAttempt() > 0 || (len(compensationFuncs) > 0 && workflow.GetInfo(ctx).GetLastCompletionResult() == nil) {
			for i := len(compensationFuncs) - 1; i >= 0; i-- {
				compensationFuncs[i]()
			}
		}
	}()

	// 1. Reserve Inventory
	var reservationID string
	err := workflow.ExecuteActivity(ctx, a.ReserveInventory, order.ItemID, order.Quantity).Get(ctx, &reservationID)
	if err != nil {
		logger.Error("Failed to reserve inventory", "Error", err)
		return "", err
	}
	compensationFuncs = append(compensationFuncs, func() {
		logger.Info("Executing compensation: UnreserveInventory", "ReservationID", reservationID)
		_ = workflow.ExecuteActivity(ctx, a.UnreserveInventory, reservationID).Get(ctx, nil) // Best-effort compensation
	})

	// 2. Process Payment
	var transactionID string
	paymentIdempotencyKey := workflow.GetInfo(ctx).WorkflowExecution.ID + "-payment"
	err = workflow.ExecuteActivity(ctx, a.ProcessPayment, order.UserID, order.Price, paymentIdempotencyKey).Get(ctx, &transactionID)
	if err != nil {
		logger.Error("Failed to process payment", "Error", err)
		return "", err
	}
	compensationFuncs = append(compensationFuncs, func() {
		refundIdempotencyKey := workflow.GetInfo(ctx).WorkflowExecution.ID + "-refund"
		logger.Info("Executing compensation: RefundPayment", "TransactionID", transactionID)
		_ = workflow.ExecuteActivity(ctx, a.RefundPayment, transactionID, refundIdempotencyKey).Get(ctx, nil)
	})

	// 3. Ship Order
	var shipmentID string
	err = workflow.ExecuteActivity(ctx, a.ShipOrder, order.OrderID).Get(ctx, &shipmentID)
	if err != nil {
		logger.Error("Failed to ship order", "Error", err)
		return "", err
	}
	// Note: Shipping is often considered a point of no return. We won't add a compensation for it.
	// In a real-world scenario, this might involve a complex return process, which could be another saga.

	// 4. Mark Order as Completed
	err = workflow.ExecuteActivity(ctx, a.MarkOrderAsCompleted, order.OrderID).Get(ctx, nil)
	if err != nil {
		logger.Error("Failed to mark order as completed", "Error", err)
		// This is a critical failure. The order is shipped but not marked complete.
		// This might require manual intervention. We'll still fail the workflow to alert operators.
		return "", err
	}

	logger.Info("Workflow completed successfully", "OrderID", order.OrderID)
	return "Order processed successfully: " + order.OrderID, nil
}

    Key Implementation Details:

    * Compensation Stack: We use a slice of functions (compensationFuncs) to act as a stack. After each successful activity that has a corresponding compensation, we append a closure to this slice. The closure captures the necessary data (e.g., reservationID, transactionID) to run the compensation.

    defer for Cleanup: The defer block at the top of the workflow is the safety net. If any* ExecuteActivity call returns an error, the workflow function will exit, triggering the deferred function. This function then iterates through our compensationFuncs stack in reverse order, executing the compensations.

    * Best-Effort Compensation: Notice the _ = workflow.ExecuteActivity(...).Get(ctx, nil) inside the compensations. Compensating actions themselves can fail. The Saga pattern typically dictates that these should be retried indefinitely or until a human intervenes. We're logging the attempt but not failing the entire compensation block if one compensation fails. This is a design decision; a more robust implementation might use a separate workflow to manage failing compensations.

    * Idempotency Keys: We generate idempotency keys using the unique workflow execution ID. This is crucial for making activities safe to retry. We'll discuss this in detail next.

    3. Idempotent and Retriable Activities

    An activity may be executed multiple times due to worker crashes, network failures, or timeouts. The downstream microservice must be able to handle these repeated calls without causing duplicate effects (e.g., charging a customer twice).

    Here’s how you would implement the ProcessPayment activity and the corresponding service endpoint to be idempotent.

    go
    // file: activities/activities.go
package activities

import (
	"context"
	"fmt"
	// ... other imports for your HTTP client, etc.
)

// Mock Payment Service Client
type PaymentServiceClient struct{}

func (c *PaymentServiceClient) Charge(ctx context.Context, userID string, amount float64, idempotencyKey string) (string, error) {
	// In a real implementation, this would be an HTTP/gRPC call.
	// The downstream service MUST use the idempotencyKey to de-duplicate requests.
	fmt.Printf("Calling Payment Service: Charge user %s for %.2f with key %s\n", userID, amount, idempotencyKey)
	// Simulate a transient failure to demonstrate retries.
	if shouldFailSometimes() {
		return "", fmt.Errorf("payment gateway timeout")
	}
	return "txn-" + idempotencyKey, nil
}

// ... other service clients

type Activities struct {
	PaymentClient *PaymentServiceClient
	// ... other clients
}

func (a *Activities) ProcessPayment(ctx context.Context, userID string, amount float64, idempotencyKey string) (string, error) {
	// The activity's only job is to call the downstream service with the key.
	// Temporal's retry policy, configured in the workflow, will handle retries.
	return a.PaymentClient.Charge(ctx, userID, amount, idempotencyKey)
}

    On the server-side (the Payment Service), the implementation would look something like this:

    go
    // PSEUDOCODE for the Payment Service endpoint
func handleChargeRequest(request ChargeRequest) {
    // 1. Check a cache (e.g., Redis) or a dedicated DB table for the idempotency key.
    cachedResponse, err := cache.Get(request.IdempotencyKey)
    if err == nil && cachedResponse != nil {
        // Request has been processed before, return the stored result.
        return cachedResponse
    }

    // 2. If not in cache, begin a transaction.
    tx := db.Begin()
    
    // 3. Within the transaction, check a persistent table for the idempotency key.
    var existingTxn Transaction
    tx.Where("idempotency_key = ?", request.IdempotencyKey).First(&existingTxn)
    if existingTxn.ID != 0 {
        tx.Rollback()
        return existingTxn.Response // Return previous result
    }

    // 4. Key not found. This is a new request. Process the payment.
    paymentResult, err := paymentGateway.Charge(request.CardDetails, request.Amount)
    if err != nil {
        tx.Rollback()
        // Return an error that Temporal can use for retry decisions
        return InternalServerError(err)
    }

    // 5. Store the result and the idempotency key in the persistent table.
    newTxn := Transaction{
        IdempotencyKey: request.IdempotencyKey,
        Response:       paymentResult,
        Status:         "COMPLETED",
    }
    tx.Create(&newTxn)
    tx.Commit()

    // 6. Optionally, write the result to the cache for faster lookups.
    cache.Set(request.IdempotencyKey, paymentResult, 24 * time.Hour)

    return paymentResult
}

    This double-check (cache then DB) pattern ensures both performance and correctness, making your service resilient to the at-least-once execution guarantee of Temporal activities.

    Advanced Edge Cases and Patterns

    A simple happy path with failure compensation covers many use cases, but real-world systems are more complex.

    Handling Asynchronous Human Interaction with Signals

    What if the payment is flagged for a manual fraud review? The workflow must pause and wait for an external event (a human decision) before proceeding. This is a perfect use case for Temporal Signals.

    A Signal is an external, asynchronous request to a running workflow execution.

    Let's modify our ProcessPayment activity to handle a FRAUD_REVIEW_REQUIRED status.

    go
    // In ProcessPayment Activity...
chargeResult, err := a.PaymentClient.Charge(...)
if err != nil {
    // Check for a specific application error that indicates fraud review
    if IsFraudReviewError(err) {
        // Return a special error type that the workflow can interpret.
        return "", temporal.NewApplicationError("Fraud review required", "FraudReviewRequired")
    }
    return "", err
}

    Now, the workflow can catch this specific error and wait for a signal.

    go
    // In OrderProcessingWorkflow...

// ... after trying to process payment
err = workflow.ExecuteActivity(ctx, a.ProcessPayment, ...).Get(ctx, &transactionID)
if err != nil {
    var appErr *temporal.ApplicationError
    if errors.As(err, &appErr) && appErr.Type() == "FraudReviewRequired" {
        logger.Info("Payment requires fraud review. Awaiting signal.")
        
        // Create a channel to receive the signal on.
        signalChan := workflow.GetSignalChannel(ctx, "fraud-review-signal")

        var signal struct {
            Approved bool
            Reason   string
        }

        // Wait for the signal. The workflow will be durable and idle here.
        // We can add a timer to timeout the wait.
        signalReceived := false
        timer := workflow.NewTimer(ctx, time.Hour*24*7) // 7-day timeout for review

        workflow.NewSelector(ctx). 
            AddReceive(signalChan, func(c workflow.ReceiveChannel, more bool) {
                c.Receive(ctx, &signal)
                signalReceived = true
            }).
            AddFuture(timer, func(f workflow.Future) {
                // Timer fired, do nothing, let the loop exit
            }).
            Select(ctx)

        if !signalReceived || !signal.Approved {
            logger.Warn("Fraud review timed out or was rejected", "Reason", signal.Reason)
            // This will trigger the compensation logic (refund, unreserve inventory).
            return "", fmt.Errorf("payment rejected in fraud review: %s", signal.Reason)
        }

        logger.Info("Fraud review approved. Continuing workflow.")
        // The payment is now considered complete, so we proceed.
        // We might need to get a new transaction ID from the signal payload.

    } else {
        logger.Error("Failed to process payment", "Error", err)
        return "", err
    }
}
// ... continue with ShipOrder, etc.

    To send the signal, you would use the Temporal client (tctl CLI or an SDK) from another service (e.g., an internal admin tool):

    bash
    # Using the CLI
tctl workflow signal --workflow_id 'your-workflow-id' --name 'fraud-review-signal' --input '{"Approved": true, "Reason": "Manual review by operator Jane Doe"}'

    Managing Long-Running Sagas with Continue-As-New

    A workflow's history grows with every event (activity start, activity completion, timer set, etc.). For a saga that could potentially run for months (e.g., a subscription billing cycle), this history can become enormous, impacting performance. Temporal's solution is the ContinueAsNew feature.

    ContinueAsNew completes the current workflow execution and starts a new one with the same workflow ID, carrying over state but with a fresh history.

    Consider a monthly subscription saga:

    • Start on Day 1.
    • Sleep until Day 28.
    • Charge customer (Activity).
    • Provision service for the next month (Activity).
  • ContinueAsNew to start the cycle for the next month.
    • go
    // file: workflow/subscription.go
package workflow

import (
	"time"
	"go.temporal.io/sdk/workflow"
)

type SubscriptionState struct {
	UserID      string
	BillingCycle int
	Amount      float64
}

func SubscriptionWorkflow(ctx workflow.Context, state SubscriptionState) error {
	logger := workflow.GetLogger(ctx)
	logger.Info("Subscription workflow started", "UserID", state.UserID, "Cycle", state.BillingCycle)

	// Sleep until it's time to bill. In a real app, this would be a calculated duration.
	awakeTime := workflow.Now(ctx).Add(30 * 24 * time.Hour)
	err := workflow.Sleep(ctx, awakeTime.Sub(workflow.Now(ctx)))
	if err != nil {
		return err // Handle cancellation
	}

	// Bill the user
	var a *shared.Activities
	err = workflow.ExecuteActivity(ctx, a.ProcessPayment, state.UserID, state.Amount, ...).Get(ctx, nil)
	if err != nil {
		// Handle payment failure (e.g., send dunning emails in another saga)
		logger.Error("Subscription payment failed", "Error", err)
		// Don't continue-as-new if payment fails
		return err
	}

	logger.Info("Billing successful for cycle", "Cycle", state.BillingCycle)

	// Prepare for the next cycle
	nextState := state
	nextState.BillingCycle++

	// Continue as a new workflow to keep history short
	return workflow.NewContinueAsNewError(ctx, SubscriptionWorkflow, nextState)
}

    This pattern allows you to create effectively infinite-running processes without unbounded history growth.

    Performance and Production Readiness

    * Task Queue Tuning: Don't run all your activities on one giant task queue. Create separate task queues for different types of work. For example:

    * high-throughput-activities: For quick, stateless operations. Scale the workers on this queue aggressively.

    * third-party-api-activities: For slow, I/O-bound calls to external services. Run these on a separate pool of workers with higher concurrency settings but perhaps fewer machines.

    * cpu-intensive-activities: For things like video processing. Run these on workers with specific machine types (high CPU).

    * Worker Scaling: Monitor the schedule_to_start_latency metric for your task queues. If this latency is consistently high, it means your activities are waiting too long for a worker to become available. This is your primary indicator that you need to scale up your worker fleet for that task queue.

    * Observability: Tracing a request through multiple microservices is key to debugging sagas. Temporal has built-in support for OpenTelemetry. By injecting an OTel context propagator into your workflow and activity contexts, you can generate a single, unified trace that follows the entire saga execution, including retries and jumps between different services. This is invaluable for understanding the flow and performance of your distributed transaction.

    * Testing: The go.temporal.io/sdk/testsuite package is essential. It allows you to run a full in-memory Temporal server within your Go tests. You can test your entire workflow logic, including activity retries, timeouts, and signal handling, without any external dependencies. Use testSuite.OnActivity(...).Return(...) to mock your activity implementations and test specific failure and compensation paths in your workflow logic.

    Conclusion

    The Saga pattern is a powerful tool for maintaining data consistency across microservices. However, a naive implementation can quickly become a complex, brittle state machine that is difficult to test and operate. By leveraging a durable execution engine like Temporal, you offload the hard parts of orchestration—state management, retries, timeouts, and durability—to a dedicated, scalable system.

    By combining Temporal's workflow-as-code model with Go's defer for compensation, Signals for asynchronous events, and Continue-As-New for long-running processes, you can build sophisticated, resilient, and observable Sagas. This approach allows you to focus on the business logic of your transactions, not the plumbing of distributed systems, leading to more robust and maintainable applications.

    Found this article helpful?

    Share it with others who might benefit from it.

    More Articles