All services
Pillar 02 · Backend

Backend Development Services

Share your idea Coffee with CEO
What you get

Capabilities included in every engagement.

  • FastAPI + Pydantic
  • Postgres with reversible migrations (Alembic)
  • SQL Server when the customer runs it
  • Redis (cache, rate limit, queue broker)
  • Celery workers + scheduled jobs
  • WebSocket + Socket.IO real-time
  • S3-compatible object storage
  • Auth (JWT, OAuth2, SSO)
  • Observability (Sentry, Datadog, Grafana)
  • CI to AWS, GCP, Fly.io, Render, Vercel
The stack we default to

What we use. Why we pick it.

We useWhy we pick it
FastAPITyped endpoints, async Python, Pydantic validation on every request and response. OpenAPI auto-generated so typed clients for Flutter, React Native, or React fall out of the build. The backend framework we default to.
Postgres with reversible migrationsThe source of truth. Alembic for migrations - staged, reviewed, rolled forward, rolled back. Schema changes that do not break production on a Friday evening.
SQL Server (when the customer already runs it)For clients on Microsoft stacks we run FastAPI against SQL Server via SQLAlchemy. Same pattern, different dialect. Shipped it on the JustKeyLess keyless hotel access platform and Sabika Gold trading platform.
RedisSession cache, rate limiting, Celery broker, short-lived locks. The boring bit that makes the hot path fast.
CeleryBackground jobs - imports, emails, PDF generation, scheduled cron. Not cron-hacks on a forgotten box.
WebSocket + Socket.IOServer-authoritative real-time. Shipped live price feeds (Sabika Gold), live auction timers (Car Bidding), live bid propagation, and live tick streams (TradeBar).
S3-compatible object storageAWS S3, Cloudflare R2, DigitalOcean Spaces. Signed URLs for uploads and downloads. Never trust the client to validate a file.
CI to wherever you hostAWS ECS or Lambda, Google Cloud Run, DigitalOcean App Platform, Fly.io, Render, Vercel. We meet you at your infrastructure, not migrate you mid-build.
Reference architecture

How it fits together.

FastAPI on the hot path, Postgres as source of truth, Redis for cache, Celery for the jobs that would otherwise block a request.

Client App · browser Any frontend Hot path FastAPI Pydantic validation async Python · uvicorn OpenAPI auto-docs Source of truth Postgres Reversible migrations Cache Redis Session · rate · queue Workers Celery Email · imports · cron Media S3 Signed URLs HTTP SQL GET/SET enqueue

Decisions that shape a backend project

Four decisions made in week 1 set the ceiling for the next two years of engineering:

  • Runtime - Python (FastAPI) by default. Node or Go when the workload demands. Pick language to match the team and the integrations, not the hype cycle.
  • Datastore - Postgres for anything relational. The shape of your data picks the store; the store does not reshape your data.
  • Real-time transport - WebSocket, Socket.IO, Server-Sent Events, or polling. Wrong pick here kills latency budgets on the hot path.
  • Deploy target - AWS, GCP, Fly.io, Render, Vercel, on-prem. Picking the vendor is a decision we weigh in on, not a prerequisite for us to start.

Get these right and every feature is cheaper. Get them wrong and every feature fights the foundation.

What you actually get from a modern Python backend

Typed endpoints. Every request and response is a Pydantic schema. The client gets an OpenAPI spec auto-generated from the code. We do not hand-write interfaces. The “backend returned an int where the app expected a string” bug class does not exist.

Async Python. One FastAPI worker handles hundreds of concurrent requests without the thread-per-request tax. Our small services run on a single modest box and handle real traffic.

Migrations you trust. Alembic migrations reviewed like code, rolled forward and rolled back. Schema changes that do not break production on a Friday evening - reversible, staged, reviewed.

OpenAPI that clients consume. Flutter (Chopper), React Native + React (TypeScript via openapi-typescript), Python clients all generated from the same spec. A field rename on the server fails a client build, not production.

When FastAPI + Postgres is the right call

  • Typed API for typed clients - Flutter, React Native, or React on the other end of the wire.
  • Real-time features - WebSocket endpoints are first-class in FastAPI. One stack for REST + sockets.
  • AI and ML integration - Python owns the LLM tooling. Your FastAPI backend is already where the OpenAI SDK and vector stores live.
  • Regulated data - typed contracts make audit easier. We have shipped KYC, AMFI compliance, and PCI-adjacent flows.

When FastAPI is not

  • Hyper-low-latency webhook handlers in the single-digit millisecond range - Node or Go are honest answers.
  • CPU-bound services that need a single binary deploy - Go.
  • Teams that are entirely TypeScript and adding Python is a hire-and-train - stay in Node + tRPC + Prisma or Bun + Hono.

Real-time systems we have shipped

  • Server-authoritative live auction timer with atomic bid writes and sticky-session WebSocket upgrades - live auction bidding.
  • Socket.IO live price broadcast from a single upstream subscription fanned out to every connected client - gold trading platform.
  • Live tick stream + rules engine for price alerts with last-seen-price state and exactly-once delivery on reconnect - trading calculator watchlist.
  • Webhook-driven order state machine hitting a ~5-second top-up SLA across 130+ operators and 44 countries - cross-border mobile top-up.

Migrations without pager duty

Every destructive change uses the expand-then-contract pattern:

  1. Expand. Add the new column, table, or enum value. Both old and new code work.
  2. Backfill. Populate data into the new shape.
  3. Switch. Flip the application code to read from the new shape.
  4. Contract. Drop the old column, table, or enum value - weeks later, once logs confirm nothing still reads it.

This is why our deploys do not page anyone at 11pm.

What goes in Postgres, Redis, Celery, or S3

  • Postgres - anything you would be upset to lose. Users, orders, content, audit logs.
  • Redis - anything you can recompute. Session data, rate-limit counters, cache of expensive queries, Celery’s job broker.
  • Celery - anything that should not block a user request. Email, imports, PDF generation, nightly cron.
  • S3 or R2 or Spaces - anything large. User uploads, generated PDFs, exports. Signed URLs for access control.

The boundary matters because getting it wrong (sessions in Postgres, cache in Celery) is how projects end up with 5-second page loads at month six.

Deploy targets we have shipped to

  • AWS (ECS + RDS + ElastiCache) - enterprise environments, strong IAM.
  • AWS EC2 with Docker for predictable cost and fewer moving parts - shipped for Sabika Gold.
  • Google Cloud (Cloud Run + Cloud SQL) - fast iteration, Firebase-adjacent.
  • DigitalOcean App Platform + Managed Postgres - cost-effective for early-stage.
  • Fly.io - global presence, cheap for small services.
  • Render - simple, opinionated, works for most MVPs.
  • Vercel / Netlify - only for services that live in the same repo as a Next.js app (via Serverless Functions or Edge Runtime).

We meet you at your infrastructure. Picking a vendor is a decision we weigh in on, but it is not a prerequisite to start.

Integrations we have written this year

  • Payments - Stripe, PayPal, Razorpay, Al Rajhi custody, Apple Pay, Google Pay.
  • Messaging - Twilio, Plivo, WhatsApp Business, OneSignal.
  • Auth - Auth0, Clerk, Firebase Auth, NextAuth, Okta SSO.
  • Maps - Google Places, Mapbox, PostGIS.
  • LLMs - OpenAI, Anthropic, Azure OpenAI, Google Gemini. See AI Integration Services.
  • Market data - Polygon.io, Finnhub, Alpaca, Binance, CoinGecko, metalpriceapi.com.
  • Telco aggregators - DT One (130+ operators across 44 countries).
  • Legacy SOAP banking endpoints that should not exist but do.

Case studies

How we work on a backend engagement

Week 1 - architecture. Data model, service boundaries, integrations, deploy target, observability strategy. Written down before a single endpoint is typed.

Weeks 2 to 4 - the spine. Database, auth, first three endpoints, CI to staging, Sentry wired, basic dashboard in Datadog or Grafana. The boring bit most projects skip, which is why most projects hurt at month three.

Weeks 5 to 16 - features. Endpoint by endpoint, with tests. Celery jobs for anything slower than 200ms. Redis for caching on read-heavy paths. We ship to staging every day, to production after a gate.

Weeks 17 to 20 - hardening. Load tests, rate limits, edge cases, runbooks. The last month is where cheap builds skip steps and good builds pay down technical debt.

What we will not do

  • Serverless-only for everything. Lambda and Cloud Functions are great for event handlers and scheduled jobs. They are usually the wrong default for a full API because of cold starts, traceability, and cost at scale. We pick case-by-case.
  • NoSQL where SQL fits. 90% of projects that reach for MongoDB regret it at month nine. We start with Postgres and only add other stores when there is a concrete reason.
  • Microservices on day one. Monolith first. Split when a boundary gets painful enough that splitting costs less than not splitting. Most projects never cross that line.
  • ORMs so heavy they write queries you cannot read. SQLAlchemy core + raw SQL where it earns clarity. Abstractions that hide the query plan hide the bug.

Why teams pick us for backend

We run FastAPI, Pydantic, and OpenAPI as one unit. The mobile or web client gets a typed binding generated straight from the server code. Rename a field on the backend, break a client build, catch it in CI. You do not find out a field changed shape because a user’s screen went blank.

Real-time lives in the same app as REST. WebSocket and Socket.IO handlers run next to your regular endpoints, not on a separate service you forget to deploy. Migrations use expand-then-contract so nothing goes down during a rollout. We deploy where you already host (AWS, GCP, Fly.io, Render, Vercel, on-prem) and hand over everything at launch: source, infrastructure-as-code, runbooks, the lot.

Pick this instead if

Where to go from here.

Three honest forks in the road. Each page names the stack, the failure mode it avoids, and the kind of product it suits.

mobile

Flutter App Development Services

Flutter apps for iOS, Android, iPad, and web from one Dart codebase. Named state management, typed backend contracts, store pipelines that ship on a Tuesday.

Read
web

React Development Services

React web apps on Next.js App Router. Server Components, TanStack Query, Tailwind + shadcn/ui. Fast by default, typed end to end, tested where it counts.

Read
ai

AI Integration Services

LLMs, RAG, and agents wired into production apps. Server-held keys, swappable models, measurable output. Not a ChatGPT wrapper.

Read
FAQ

Questions people ask before we start.

FastAPI gives three things Django does not: native async, Pydantic validation, and OpenAPI out of the box. On a modern Python project you spend less time writing schemas and more time writing business logic. Flask works but is less typed - we reach for it only on small services. Node for hyper-low-latency webhook handlers or when the team is all JavaScript. Go for a CPU-heavy service that needs one binary.

Alembic with reversible migrations. Every migration is reviewed like code. Destructive migrations (drops, renames) go through an expand-then-contract pattern so production is never in a broken state during rollout. We have a written runbook for it.

JWT for API auth, OAuth2 or SSO via Auth0, Clerk, Firebase Auth, or NextAuth depending on the product. Authorization is RBAC or ABAC at the endpoint level, enforced by FastAPI dependencies. Row-level security on Postgres for multi-tenant apps.

Yes. We audit, document, write a migration plan, and extend. Rewrites are the last resort - usually the right move is to add a strangler service next to the existing one and grow it in.

Signed webhooks (HMAC), idempotency keys on the receiving endpoint, a Postgres outbox pattern for outgoing webhooks, and Celery retries with exponential backoff. Every webhook has a trace ID. The 'the payment went through but our system missed it' bug class does not land on you.

We start with a monolith on a single box that can handle real traffic (async FastAPI goes further than most teams expect). We split services when a boundary gets painful enough that splitting costs less than not splitting. We add Redis and Celery where the hot path demands it. We do not microservice on day one.

Sentry for exceptions, Datadog or Grafana + Prometheus for metrics, structured JSON logs to CloudWatch or equivalent. Every request has a trace ID. Every error points to a commit. On-call runbooks included.

GitHub Actions runs tests and type-checks on every PR. Merge to main triggers a build and a staged deploy - staging first, then production after a manual gate. Rollbacks are one command (docker tag to the previous image, redeploy). No 'deploy on Friday at 5pm' anxiety.

Start a backend development services engagement

Tell us what you’re building.

Tell us the data model, the integrations, and the deploy target. We reply with an architecture, a timeline, and a scoped proposal for a discovery sprint. NDA signed on request. Response within 1 business day.

Book a 20-min scoping call Email Sameer
The team on the call

Named engineers, not a pool.

You speak to the person who’ll review the architecture. No account-manager layer. No offshore switcheroo.

Founder & Lead Engineer

Sameer Donga

Shipping Flutter, FastAPI, and AI systems since 2019. Reviews the architecture on every engagement.

LinkedIn GitHub