← cd ../services
04 / backend/infra● 22 backends shippedAWS · GCP · Azure

Engine-room engineering.

Secure, scalable, high-performance backend solutions. CMS, headless, DevOps, cloud — AWS, GCP, Azure, and modern CI/CD.

AWSGCPAzureStrapiPostgresCI/CD
ClientWeb · Mobile
APINode + GraphQL
DBPostgres
CacheRedis
All systems · 99.9% uptime
$ what we ship

Six shapes of backend work.

Anything server-side, from a single REST endpoint to a multi-region Kubernetes cluster. Every build ships with monitoring, tests, docs — the boring stuff most agencies skip.

01
REST & GraphQL APIsVersioned, documented (OpenAPI or GraphQL schema), rate-limited, auth-gated. Contracts locked before code.
02
Database design & migrationsPostgres-first schemas, indexes tuned against real query patterns, migrations version-controlled with rollback plans.
03
Headless CMS backendsSanity, Payload, Strapi, Directus. Custom content models + role-based access + editor UX your marketing team won't hate.
04
Data pipelines & ETLAirbyte, Dagster, custom Python. Sync between CRMs, warehouses, third-party APIs — with retries, dedupe, observability.
05
Background workers & queuesBullMQ, Celery, SQS. Long-running jobs, scheduled tasks, retries with exponential backoff, dead-letter queues.
06
Third-party integrationsStripe, HubSpot, Xero, Salesforce, Klaviyo. Webhooks handled idempotently — no duplicate charges, no lost events.
$ our process

Six phases, contract-first.

Backend work fails when the interface changes mid-build. We lock schemas and API contracts on paper before we type any code.

  1. 01

    Requirements & contract design

    Week 1

    Interview your engineers and product owners. Extract every endpoint, every payload, every error case. Output is a signed API contract before code exists.

    • Endpoint inventory + expected traffic profile
    • OpenAPI 3.1 spec or GraphQL SDL, reviewed line-by-line
    • Auth model — OAuth2, JWT, API keys, mTLS
    • SLA + error-budget agreement
  2. 02

    Schema & architecture

    Week 1 – 2

    Database schema, service boundaries, event flow. Drawn on paper, reviewed by your team, then translated to migrations and infrastructure-as-code.

    • ERD + normalisation review
    • Terraform or Pulumi for infra — no click-ops
    • Capacity plan against p95/p99 targets
    • Disaster-recovery playbook drafted
  3. 03

    Core build

    Week 2 – 8

    Two-week sprints. Every endpoint ships with tests, docs, and a monitoring hook the day it lands. Friday demos on the staging cluster.

    • ≥80% unit coverage on business logic
    • Integration tests against a real Postgres instance
    • CI/CD on GitHub Actions, staging on merge
    • Linear board open to your team
  4. 04

    Integrations & webhooks

    Week 6 – 10

    Third-party services wired in. Idempotency keys, retry logic, dead-letter queues, replay tooling — the stuff that stops your 2am pager going off.

    • Idempotency on every webhook consumer
    • Rate-limit + circuit-breaker on outbound calls
    • Sandbox suite for Stripe / Xero / Salesforce
    • Replay UI for failed events
  5. 05

    Load testing & hardening

    Week 10 – 12

    k6 load tests against the staging cluster, penetration scan, OWASP API top-10 review, dependency audit, cost model against real traffic curves.

    • Load tests at 2× target concurrency
    • OWASP API Security Top 10 sweep
    • Snyk + Trivy dependency + container scans
    • Cost model for the first 12 months of traffic
  6. 06

    Deploy & runbook handover

    Week 12 – 14

    Blue/green production deploy. Runbook, on-call rotation, alerting thresholds handed to your team. 90 days of on-call cover from us while your team ramps.

    • Zero-downtime blue/green rollout
    • Runbook — every alert, every remediation, documented
    • Datadog / Grafana dashboards wired to your Slack
    • 90 days of shadow on-call from our Brisbane team
$ what you own

What lands in your hands.

Infrastructure you can hand to any competent DevOps hire. No hidden magic, no proprietary formats, no lock-in.

Source repo + CI/CD

GitHub org transferred with branch protection, PR templates, and passing pipelines.

Terraform / Pulumi infra

Every AWS or GCP resource declared as code. Rebuild the whole cluster from an empty account in under an hour.

API documentation

Live OpenAPI or GraphQL schema, hosted on your domain, versioned per release.

Runbook & on-call docs

Every alert threshold, every remediation, every "what to do at 3am" documented in your Notion.

Monitoring dashboards

Datadog, Grafana, or CloudWatch — wired, alerting, tested against real incident scenarios.

DR & backup plan

Documented recovery time and recovery point objectives. Tested restore from cold storage.

$ tech stack

The stack we reach for.

Mainstream tools. Every choice is hire-able across Sydney, Melbourne, Perth and Wellington — you're not tied to us for the next hire.

Languages
  • Node.js
  • Python
  • TypeScript
  • Go
Frameworks
  • Fastify
  • NestJS
  • FastAPI
  • Django
  • tRPC
Data
  • Postgres
  • Redis
  • ClickHouse
  • DynamoDB
  • Prisma
Cloud
  • AWS
  • GCP
  • Azure
  • Cloudflare
  • Fly.io
Infra as code
  • Terraform
  • Pulumi
  • Docker
  • Kubernetes
Observability
  • Datadog
  • Grafana
  • Sentry
  • OpenTelemetry
$ timeline & investment

Rough shape of a backend engagement.

Numbers from the last dozen backend builds. Real quote comes after the scoping sprint — but this is the sensible band.

Typical timeline
00 weeks
Single-service API: 4–6 weeks. Multi-service platform: 10–14 weeks. Data pipeline standalone: 3–5 weeks.
Investment (AUD)
$0k – $0k
Fixed price against a locked contract. Broken into three milestone payments. DevOps retainer from $1.2k/mo.
0
APIs shipped since 2024
0%
Prod uptime last 12 mo
0ms
Median API p95
0
Data-loss incidents
$ questions

Questions engineers ask us first.

The honest answers. If your question isn't here, we'll cover it on the technical scoping call.

AWS, GCP, or Azure — do you have a preference?
We use whichever your team already runs. If it's greenfield, AWS is our default — deepest talent pool across Sydney and Melbourne, most third-party integrations, best price-to-perf on Postgres RDS. GCP wins for data-heavy workloads. Azure wins if you're already in Microsoft's licensing world.
Do you write tests, or just say you do?
We write tests. ≥80% unit coverage on business logic is a contractual gate — we don't invoice the milestone until it's green. Integration tests run against real Postgres in CI. E2E tests hit a staging environment. Test files ship with every PR.
Can you take over a codebase someone else built?
Yes — we run a paid 2-day audit first. You get a written report: code health, test coverage, security posture, dependency debt, and honest advice on whether it's worth continuing or rebuilding. About 60% of the takeovers we quote end up as continuations.
How do you handle secrets and credentials?
AWS Secrets Manager, GCP Secret Manager, or Doppler — never in env files, never in the repo. IAM roles over long-lived keys wherever the runtime allows. You get an inventory of every secret and its rotation cadence at handover.
What does DevOps handover look like?
Two-week overlap. Your team shadows our on-call, we shadow theirs. Every runbook rehearsed at least once with a real incident scenario. After overlap, we stay reachable for 90 days at no extra cost.
Do you offshore?
No. Every engineer on the project is based in Brisbane, Sydney or Auckland. Same time zone as you, same laws around IP, same phone number when things go sideways.
What if traffic 10x's post-launch?
Every architecture we ship is capacity-planned for at least 5× target traffic. If real traffic overshoots that, we run a fixed-price scaling sprint — typically 2–3 weeks — with the plan agreed before we touch prod.

Need backend help?

Free 30-minute discovery call. We'll reply within 1 business day.