Graceful degradation means that when a dependency fails, the system keeps the core flow working by serving a reduced or partial experience instead of returning an error. The goal is to fail soft, not fail hard: a degraded page beats a 500.
Graceful degradation means that when a dependency fails, the system keeps the core flow working by serving a reduced or partial experience instead of returning an error. The goal is to fail soft, not fail hard: a degraded page beats a 500.
BAD (fail hard):
search() → backend timeout → throw → user sees HTTP 500 (whole page dead)
GOOD (fail soft):
result = search()
catch timeout → return cached_results OR empty + notice
page renders:
[ "Showing recent results — live search is temporarily unavailable." ]
+ cached listings, working nav, working checkout
→ user keeps browsing; core flow intact
Instead of a dead page, the user gets cached results and a small notice, while navigation and checkout keep working. The failure is contained to one feature.
Dependencies will fail — third-party APIs, search clusters, recommendation services. Without graceful degradation, any one failure cascades into a full outage. Designing to fail soft (cached/partial/default data), flagging off non-critical paths, timing out with fallbacks, and isolating failures with bulkheads keeps the product usable during partial failures — which is the difference between a minor blip and a major incident.