Systems Series Part 6

‹‹ Systems Series ››

Systems Series Part 6

‹‹ Series Overview ››

Stability Patterns Every Rails Fintech Engineer Should Know

Design techniques that keep Rails fintech apps alive when real-world failures strike.

Author: Suma Manjunath

Published on: August 31, 2025

In Release It!, Michael Nygard introduces stability patterns — design techniques that keep systems alive when real-world failures strike.

For fintech engineers working with ACH payments, these aren’t optional. An ACH outage can mean duplicate withdrawals, delayed settlements, or even compliance violations.

This post covers four essential stability patterns for Rails fintech apps: Circuit Breakers, Timeouts, Retries, and Bulkheads.

---

The Problem: Fragile ACH Dependencies

Rails apps that handle ACH rely on external services — payment gateways, bank APIs, and NACHA file processors.

When those services misbehave, your app risks:

• Thread lockups in Puma or Sidekiq.
• Endless retries, leading to duplicate ACH submissions.
• Cascading failures, where one outage spreads system-wide.

---

Stability Patterns in Action

1. Circuit Breaker

A circuit breaker prevents cascading failures. After repeated errors, it “trips” and stops making requests for a cooldown period. Instead of tying up resources, your app fails fast.

require "semian"

begin
  Semian::NetHTTP.new("ach_provider", success_threshold: 1, error_threshold: 3, timeout: 10) do
    Net::HTTP.start("ach.example.com") do |http|
      http.post("/debit", payload)
    end
  end
rescue Semian::OpenCircuitError
  # Fast-fail: don't block the app
  Rails.logger.error "ACH service unavailable - circuit open"
  raise ACHSubmissionError, "ACH provider temporarily unavailable"
end

Diagram:

graph TD
    A[Client Request] --> B[ACH API Call]
    B -->|Fails repeatedly| C[Circuit Breaker Trips]
    C --> D[Fast Fail Response]
    C -.->|After cooldown| B

2. Timeouts

Never let slow ACH APIs hog your app. Configure reasonable timeouts based on SLAs.

Typical defaults:

• Open timeout: 2s
• Read timeout: 5–10s

conn = Faraday.new(url: "https://ach.example.com") do |f|
  f.options.open_timeout = 2 # connect
  f.options.timeout = 10     # read
end

3. Retries with Backoff + Jitter

Retries are essential — but naive retries cause retry storms that make outages worse. Always use exponential backoff with jitter and a max cap.

class ACHService
  MAX_RETRIES = 3
  MAX_BACKOFF = 32

  def submit_payment(payload)
    retries = 0
    begin
      response = connection.post("/debit", payload)
      handle_response(response)
    rescue Faraday::TimeoutError, Faraday::ConnectionFailed => e
      retries += 1
      if retries <= MAX_RETRIES
        backoff = [2**retries + rand(0..1), MAX_BACKOFF].min
        sleep(backoff)
        retry
      else
        raise ACHSubmissionError, "ACH submission failed after #{MAX_RETRIES} attempts"
      end
    end
  end
end

ACH-specific tie-in: NACHA rules prohibit duplicate file submissions → idempotency keys are mandatory. Retries should never generate duplicate batches.

4. Bulkheads

Like watertight compartments in a ship, bulkheads isolate workloads so one failure doesn’t sink everything.

In Rails, this often means separate Sidekiq queues:

# sidekiq.yml
:queues:
  - [ach_processing, 5]
  - [card_payments, 5]
  - [default, 2]

Diagram:

graph LR
    subgraph ACH["ACH Queue"]
      A1[ACH Job]:::ach
      A2[ACH Job]:::ach
    end

    subgraph Card["Card Queue"]
      C1[Card Job]:::card
      C2[Card Job]:::card
    end

    classDef ach fill:#f9f,stroke:#333,stroke-width:1px
    classDef card fill:#9ff,stroke:#333,stroke-width:1px

ACH-specific tie-in: ACH jobs often run on daily cutoff windows — if they back up, you don’t want them blocking real-time card payments.

---

Acronyms & Terms

• ACH – Automated Clearing House, U.S. electronic payments network.
• Circuit Breaker – Pattern that halts failing calls temporarily to prevent cascading failure.
• Bulkhead – Partitioning strategy that isolates workloads to contain failures.
• Jitter – Randomized delay added to backoff to avoid retry storms.
• DLQ (Dead Letter Queue) – Queue for jobs that permanently fail.

---

References

• Nygard, Michael T. Release It!: Design and Deploy Production-Ready Software. Pragmatic Bookshelf.
• NACHA Operating Rules & Guidelines.
• AWS Architecture Blog: “Exponential Backoff and Jitter.”
• Netflix Tech Blog: “Circuit Breaker Pattern at Scale.”
• Google SRE Book – Handling overload and graceful degradation.
• Shopify Engineering: “Circuit Breakers at Scale.”

---

Roadmap

This article is part of the Release It! with Rails + ACH series:

• Previous: Why Apps Fail in Production
• Next: The Four Core Production Concerns in Fintech Systems

Related upcoming deep dives:

• Circuit Breakers (Post #3)
• Retries & Backoff (Post #4)
• Bulkhead isolation (Post #5)

---

Key Takeaways

• ACH APIs are fragile dependencies — plan for failure.
• Circuit breakers, timeouts, retries, and bulkheads are the core survival patterns.
• In Rails, these can be implemented with gems (Semian, Faraday) and queueing strategies (Sidekiq).
• ACH-specific rules (like NACHA’s duplicate file restrictions) require careful retry + idempotency design.

---

This post introduces the toolkit. Each of the four patterns will get its own deep dive article later — here we’re setting the stage.

Share this article:

At BuildTales.dev, Suma Manjunath is passionate about writing, intentional tech, and the messy magic of building great software teams.

If you enjoyed this article, explore more stories in these series:

• 💳 Payments Series – ACH, card networks, faster payments, wallets, crypto
• 🧭 Leadership Series – Systems thinking, organizational growth, decision-making
• 🏗 Systems Series – Architecture, resilience, scaling patterns for software engineers

Comments & Discussion

Share your thoughts, ask questions, or start a discussion about this article.