ToolShelf

ACID Transactions in Distributed Systems: The Hard Truth

By The ToolShelf Team January 24, 2026 10 min read
Distributed SystemsArchitectureMicroservicesDatabaseBackend

The Illusion of Atomicity

Remember the comfort of the monolith? In the 'good old days,' data integrity was often as simple as wrapping a block of code in a BEGIN TRANSACTION and ending it with a COMMIT. If anything went wrong—a logic error, a constraint violation, a sudden power outage—the database engine dutifully performed a ROLLBACK. It was binary. It was safe. It was atomic.

But as we migrated to microservices to chase scalability and organizational velocity, we shattered that safety net. We took our beautiful, normalized schemas and split them across network boundaries. The Order Service talks to PostgreSQL; the Inventory Service talks to MongoDB; the Payment Service talks to a third-party API over HTTP.

Here is the core problem: Network calls do not support ACID.

When a request spans multiple services, you lose the luxury of a single database controller enforcing state. You cannot simply rollback a request that has already triggered a shipping label generation in a remote system. This article addresses the hard truth of distributed systems: strict ACID guarantees are often a performance bottleneck or a lie. To build resilient cloud-native systems, you must stop fighting for perfect consistency and start managing the chaos of eventual consistency.

Refresher: Why ACID Was Easy (And Why It's Gone)

Before we dissect the distributed nightmare, let's briefly recap what we are losing. In the context of a single SQL database node, ACID provides:

  • Atomicity: All operations succeed, or none do.
  • Consistency: Data moves from one valid state to another, adhering to all constraints.
  • Isolation: Concurrent transactions result in a system state that would be obtained if transactions were executed serially.
  • Durability: Once committed, data survives system failures.

The moment you adopt the Database-per-Service pattern, these guarantees apply only to the boundary of that specific service. The Order Service guarantees its own data, but it knows nothing about the Inventory Service's constraints.

The CAP Theorem Reality

This brings us to the CAP Theorem, which states that a distributed data store can only provide two of the following three guarantees:

  1. Consistency: Every read receives the most recent write or an error.
  2. Availability: Every request receives a (non-error) response, without the guarantee that it contains the most recent write.
  3. Partition Tolerance: The system continues to operate despite an arbitrary number of messages being dropped or delayed by the network.

In a distributed system, network partitions are not a variable; they are a certainty. Therefore, you must choose Partition Tolerance (P). That leaves you with a binary choice between Consistency (C) and Availability (A). The hard truth? In 99% of modern web applications, you are trading Consistency for Availability. You are choosing to let the user place the order now and reconciling the inventory count a few milliseconds later.

The False Hope of Two-Phase Commit (2PC)

When developers first realize they've lost ACID, their knee-jerk reaction is often to implement a Two-Phase Commit (2PC) or rely on XA transactions. On paper, 2PC sounds like the perfect solution to coordinate multiple databases.

It works in two phases:

  1. The Prepare Phase: The Coordinator asks all participating transaction nodes, "Can you commit this?" The nodes lock the necessary rows and vote "Yes" or "No."
  2. The Commit Phase: If—and only if—every node votes "Yes," the Coordinator sends a "Commit" command. If anyone votes "No," it sends a "Rollback."

Why this fails in production:

  • The Blocking Problem: 2PC is a blocking protocol. During the gap between Phase 1 and Phase 2, the participating databases must hold their locks. If the Coordinator crashes or the network lags, those locks are held indefinitely, preventing other transactions from accessing that data.
  • Latency is the Killer: The throughput of a 2PC system is limited by the slowest node in the chain. In a microservices architecture where you might chain three or four services, the latency penalty becomes exponential.
  • Single Point of Failure: The Coordinator itself becomes a critical fragility.

For high-throughput, cloud-native applications, XA transactions are rarely the answer. They trade too much availability for the sake of consistency.

The Saga Pattern: Managing Long-Running Transactions

If 2PC is the wrong tool, what is the right one? Enter the Saga Pattern.

A Saga is a sequence of local transactions. Each local transaction updates the database and publishes a message or event to trigger the next local transaction in the saga. If a local transaction fails because it violates a business rule, the Saga executes a series of Compensating Transactions to undo the changes that were made by the preceding local transactions.

Crucial distinction: A compensating transaction is not a ROLLBACK. It is an semantic undo.

  • Database Rollback: The data is restored as if the write never happened.
  • Compensating Transaction: You create a new record that reverses the effect. If you credited an account $50, the compensation is a new debit of $50.

Coordination Strategies

There are two ways to coordinate Sagas:

  • Choreography (Event-based): Each service produces and listens to other services’ events and decides on an action. There is no central point of control.
    • Pros: Loose coupling, easy to start.
    • Cons: Can become cyclic and hard to debug (the "pinball machine" effect).
  • Orchestration (Centralized): A central Orchestrator (like a State Machine) tells the participants what local transactions to execute.
    • Pros: Centralized logic, easier to track state.
    • Cons: Requires an extra infrastructure component (e.g., AWS Step Functions, Temporal.io).
// Pseudo-code: Saga Orchestration Logic with Compensation
async function processOrderSaga(order) {
  const sagaLog = [];
  
  try {
    // Step 1: Reserve Inventory
    await inventoryService.reserve(order.items);
    sagaLog.push({ step: 'inventory', action: 'reserve' });

    // Step 2: Charge Payment
    await paymentService.charge(order.userId, order.total);
    sagaLog.push({ step: 'payment', action: 'charge' });

    // Step 3: Ship
    await shippingService.createLabel(order);

  } catch (error) {
    console.error("Saga failed, initiating compensation", error);
    // Execute compensations in reverse order
    for (const action of sagaLog.reverse()) {
      if (action.step === 'payment') {
        await paymentService.refund(order.userId, order.total);
      }
      if (action.step === 'inventory') {
        await inventoryService.release(order.items);
      }
    }
    throw new Error("Order failed and rolled back via compensation");
  }
}

The Nightmare Scenario: What happens if the Compensating Transaction fails? You cannot rollback a rollback. At this point, your system requires manual intervention or an idempotent retry mechanism that runs until success.

The 'Isolation' Headache in Distributed Data

The Saga pattern solves Atomicity (via compensation), Consistency (eventually), and Durability. But it fails miserably at Isolation.

In a traditional ACID transaction, intermediate states are invisible to other transactions. In a Saga, changes are committed to local databases immediately. This leads to Dirty Reads.

Example:

  1. User A starts a Saga to buy the last Item X. The Inventory Service reserves it (Stock = 0).
  2. User B checks stock and sees 0.
  3. User A's payment fails. The Saga compensates and releases Item X (Stock = 1).
  4. User B was denied a purchase based on data that was essentially temporary.

Countermeasures

  • Semantic Locking: Instead of relying on database locks, use application-level flags. Do not just decrement stock; move the item to a PENDING state.
  • Commutative Updates: Design operations so they can be applied in any order without changing the final outcome (e.g., SET value = value + 1 is safer than SET value = 5).
  • Versioning: Use optimistic locking logic to detect if data changed between the start and end of a saga.
// Semantic Locking Example (SQL)
-- Instead of strictly updating stock counts
-- UPDATE items SET stock = stock - 1

-- Use a status or reservation table
const reservationQuery = `
  UPDATE items 
  SET status = 'RESERVED_FOR_ORDER_123', 
      last_updated = NOW()
  WHERE id = $1 AND status = 'AVAILABLE'
`;

UI/UX Considerations: Since isolation is gone, the UI must reflect "Pending" states. Don't tell the user "Order Complete." Tell them "Order Placed" or "Processing," setting the expectation that confirmation is asynchronous.

Embracing the Chaos

Distributed transactions require a fundamental shift in mindset. We are moving from a world where the database guaranteed correctness to a world where the application is responsible for integrity.

  • 2PC provides safety but kills performance and availability.
  • Sagas provide scalability but introduce significant complexity in error handling and isolation management.

There is no silver bullet. The hard truth is that you must stop fighting for perfect ACID across boundaries. Instead, design robust systems that fail gracefully. Embrace eventual consistency, implement idempotent consumers, and use semantic locking. When you accept that the state of your system is fluid, you can stop worrying about the illusion of atomicity and start building systems that actually scale.

Need to debug your JSON payloads for distributed events? Use our privacy-focused JSON Formatter to visualize and validate your data structures without them ever leaving your browser.

Happy architecting,
— ToolShelf Team

Also Read