Graceful Degradation as a Default Behaviour

Hard failures are easier to write but worse for customers. The four patterns that make degradation the default and the cost in code complexity.

Four patterns

Default values when downstream is down. The user sees a stale-but-reasonable result instead of an error.

Cached responses with TTL extension. When the cache cannot refresh, serve the stale value with a clear age signal.

Read-only mode. When the database is unreachable for writes, serve reads. Some product surface; better than total down.

Feature reduction. When a non-critical service is down, hide its surface in the UI. Quietly.

The cost

More code. Each integration needs a fallback path.

More tests. The fallback paths are rarely exercised in normal traffic; eval them deliberately.

Operational discipline. The fallback paths must be monitored separately; you cannot rely on the absence of errors.

When NOT to degrade

Authentication. Failing open creates security holes. Hard fail is correct.

Financial transactions. Half-completed payments are worse than refused payments.

Anything where the customer would prefer a clear error over a wrong answer.