If you fan out work (HTTP calls, DB reads, image processing), the failure mode isn’t just “slow,” it’s “everything gets slow” because you saturate CPU or downstream connections. A semaphore is a simple way to cap concurrency. The important part is mak

Retries alone can make an outage worse: if a dependency is hard failing, retries just add load. A circuit breaker adds a simple state machine: closed (normal), open (fail fast), and half-open (probe). I like gobreaker because it’s small and predictabl

The default http.Server will happily keep connections open longer than you intended, which is how you end up with “mysterious” goroutine growth during partial outages. I set ReadHeaderTimeout to protect against slowloris-style attacks, keep IdleTimeou

Endpoints with optional filters often devolve into messy SQL string concatenation. I prefer building queries with squirrel so I can conditionally add WHERE clauses while keeping the final query parameterized. The pattern also helps keep ordering stabl

Postgres stability depends on respecting its limits. I configure pgxpool with explicit MaxConns and MaxConnLifetime so the service doesn't accidentally open too many connections during bursts. I also set a session statement_timeout in AfterConnect, wh

I like to start observability with two metrics: request duration and response codes. The wrapper below intercepts WriteHeader to capture status codes and then records both a histogram observation and a counter increment. The biggest gotcha is label ca

To get useful traces, you need propagation and a real exporter. I set a global TextMapPropagator (TraceContext + Baggage) so inbound headers connect spans across services. Then I configure an OTLP exporter and a batch span processor so tracing overhea

Interceptors are the cleanest way to standardize cross-cutting behavior in gRPC. I use a unary interceptor to extract authorization from metadata, validate it, attach the principal to context.Context, and log the method name and duration. This keeps s

JWT auth is easy to get subtly wrong, especially around key rotation. Instead of hard-coding public keys, I fetch JWKS and cache it with a refresh interval so new signing keys are accepted quickly. I still validate iss and aud so tokens from other env

Multipart uploads are a common DOS vector if you let them allocate unbounded memory. I cap the request with http.MaxBytesReader, keep ParseMultipartForm bounded, and copy the file stream into a temp file using io.Copy. This avoids holding the whole fi

Large request bodies are where naive code falls over. Instead of io.ReadAll, I decode JSON incrementally with json.Decoder and enable DisallowUnknownFields so unexpected fields fail fast. That becomes a surprisingly strong safety net when you evolve A

Compressing responses is an easy bandwidth win for JSON APIs, but only when it's done carefully. I check Accept-Encoding for gzip, set Vary: Accept-Encoding so caches behave correctly, and stream output through gzip.Writer so we don't buffer full resp