Recipe

Graceful Degradation

Keep your application functional when Nimbus services are unreachable — offline caches, circuit breakers, and fallback paths that preserve the user experience.

Problem

License validation, heartbeat checks, and feature gates all depend on Nimbus API availability. A network blip or regional outage should never block a paying customer from using your software.

Architecture

┌─────────────┐     ┌──────────────┐
│  Your App   │────▶│ Circuit      │
│  calls      │     │ Breaker      │
│  validate() │     │ (token bucket│
└─────────────┘     │  + timeout)  │
                    └──────┬───────┘
                           │
              ┌────────────┼────────────┐
              ▼            ▼            ▼
        ┌──────────┐ ┌──────────┐ ┌──────────┐
        │ Nimbus   │ │ Offline  │ │ HMAC     │
        │ API      │ │ Cache    │ │ Grace    │
        │ (primary)│ │ (7 days) │ │ Cache    │
        └──────────┘ └──────────┘ └──────────┘

Key Patterns

Circuit breaker — wrap every Nimbus API call with a token-bucket rate limiter and exponential backoff with jitter. After 3 consecutive failures, open the circuit and serve from cache.
Offline grace cache — on successful license validation, persist an HMAC-signed blob (license status + expiry + hardware fingerprint hash) to disk. Replay it when the API is down.
Feature-flag fallbacks — every gated feature resolves to a safe default (usually enabled for existing customers) when the feature-flag endpoint times out.
Heartbeat decoupling — fire heartbeats on a background thread with a fire-and-forget queue. Never block the main codepath on telemetry delivery.

Cache Invalidation

The offline grace cache is valid for 7 days by default. On each successful online validation, the cache is refreshed and the window resets. If the cache expires while offline, the application enters a reduced-functionality mode — core features remain available, premium add-ons require reconnection.

← Circuit Breaker Offline Cache →