Architecture
This document explains Bundleport's architecture and how requests flow through the system.
High-Level Architecture
Request Flow
1. Search Request
2. Booking Request
Key Components
API Gateway
Responsibilities:
- Authentication (API key validation and automatic token transformation)
- Rate limiting (per service account, per endpoint)
- Request routing
- Response formatting
- Logging and monitoring
The API Gateway acts as the entry point for all API requests, handling security, rate limiting, and routing before requests reach backend services.
Authentication (product view):
- Your client sends
Authorization: ApiKey <your-key>on each request. - The gateway validates the key, applies rate limits, and routes to the right service.
- Backend services enforce scopes and business rules.
You do not need to obtain or refresh Bearer tokens in your application—the gateway handles token exchange internally. For implementation details (caching, JWT), see Authentication.
Connect Hotels Service
Responsibilities:
- Request validation
- Business rule application
- Data normalization
- Provider orchestration
- Response aggregation
- Deduplication and ranking
Key Features:
- Multi-provider aggregation
- Parallel request execution
- Fault tolerance (partial failures)
- Caching strategies
Provider Integrations
Responsibilities:
- Protocol translation (REST, SOAP, etc.)
- Data mapping (provider format → Bundleport format)
- Error handling
- Retry logic
- Connection pooling
Supported Protocols:
- REST APIs
- SOAP/XML
- Binary protocols
- Custom integrations
Content Service
Responsibilities:
- Hotel catalog management
- Content synchronization
- Data quality assurance
- Multi-language support
- Media management
Data Flow
Normalization Process
Example:
- Provider A:
hotel_id,room_type,meal_plan - Provider B:
propertyCode,accommodationType,boardBasis - Normalized:
hotel.code,room.code,boardCode
Deduplication
When the same hotel appears from multiple providers:
- Identify - Match hotels by location, name, or provider mapping
- Consolidate - Merge options from all providers
- Rank - Apply business rules to select best option
- Present - Return single result with provider metadata
Multi-Provider Aggregation
Parallel Execution
All providers are queried in parallel for faster responses:
Wall-clock time is driven by the slowest successful supplier (not the sum of all calls).
Partial Failures
If one provider fails, others continue:
Caching Strategy
Content API
- Cache Duration: Hours to days
- Cache Key: Connection code + content type
- Invalidation: On content updates
Booking API
- Cache Duration: None (always real-time)
- Reason: Availability and pricing change frequently
Scalability
Horizontal Scaling
- API Gateway: Stateless, scales horizontally
- Services: Stateless, scales horizontally
- Database: Read replicas for content queries
Performance Optimizations
- Connection pooling to providers
- Parallel request execution
- Response caching (where appropriate)
- Database query optimization
Security
Authentication
- API key validation at gateway
- Automatic ApiKey → Bearer token transformation (transparent to clients)
- Service account scopes
- IP allowlisting (optional)
Data Protection
- HTTPS/TLS for all communications
- PCI compliance for payment data
- Secure credential storage
Monitoring & Observability
Metrics
- Request rates
- Response times
- Error rates
- Provider performance
Tracing
- Request IDs for end-to-end tracking
- Per-provider response times
- Error tracking
Logging
- Request/response logging
- Error logging
- Audit trails
Next Steps
- Key Concepts - Understand domain concepts
- Connect Hotels Overview - Learn about the product
- Quickstart - Start building