Hotelbeds is the world’s leading bedbank, distributing accommodation inventory and ancillary travel products to the global travel industry. The company’s distribution channels enables thousands of hotels, B2B travel buyers, such as tour operators, travel agents, and airline websites, to serve their customers in over 140 markets worldwide. This case study explains how Hotelbeds manage millions of requests every day between the various parties involved, as users search for information or submit payments.
Location: Palma de Mallorca, Spain
Customer since: May 2019
Hotelbeds is the world’s leading bedbank — meaning they sit between service providers, like hotel companies, and the wide range of consumer-facing and B2B travel search engines. The company serves more than 180,000 hotels and more than 60,000 B2B travel buyers — such as tour operators, travel agents, and airline websites — in more than 140 markets worldwide. Serving fast, current, and secure information is an absolute must when dealing with such a wide exchange of inventory and customer information.
One major set of standards Hotelbeds must adhere to is payment card industry (PCI) compliance — a set of technical and operational rules that protects customers’ credit card data. That’s where Fastly comes in. With Fastly powering things on the backend, Hotelbeds can optimize speed and security simultaneously — like identifying which API responses include sensitive information to advance request processing while maintaining PCI compliance.
Users expect hotel bookings to be simple, quick, and accurate. When a person searches for a room on Hotelbeds, the request goes to their availability engine, which sends the request to relevant hotels and returns available inventory to the search engine. As users find the perfect fit and complete their booking, customer information and payment is routed back to the specific hotel’s inventory management system, all through Hotelbeds.
It’s a lot of information that needs to move as fast as a screen tap — which means the backend tech is crucial. For Hotelbeds, the back-and-forth requests between various provider systems happen via API calls. Speed is critical to a good user experience, and Hotelbeds aims to complete each call in under one second: anything longer is considered a risk to the business, as it could lead to a frustrating customer experience. But numerous factors can impact API performance, including the type of availability, business rules, and request paths. And things become more complex when multiple types of APIs are in play.
Over the years, Hotelbeds has also acquired multiple companies, each with its own portfolio of APIs. Challenges naturally arise when Hotelbeds’ systems need to maintain compatibility with a wide range of legacy APIs, some of which are over 10 years old and built on dated technologies.
Another challenge with processing API calls is around data privacy. Hotelbeds must be rigorous on an ongoing basis to ensure the privacy and integrity of data coming from consumers, hotels, and other B2B customers. Because confidential information like credit card numbers was present in some Hotelbeds API calls, the company sent all requests through PCI-compliant services. They set up these services to distinguish API calls with sensitive data and handle them safely, while routing API calls without sensitive data through regular services. It made a lot of sense — but due to this added layer, Hotelbeds was incurring significant extra costs to process each request. So they looked towards innovation to find a solution.
To optimize for speed and build a more cost-effective data privacy solution, Hotelbeds decided to turn to Fastly. With Fastly, Hotelbeds’ system can differentiate between search and payment requests, and route API calls through the least expensive path in their backend systems. And by using a single infrastructure, they are able to successfully serve seemingly incompatible legacy APIs seamlessly with no impact to customer systems or the end-user experience. That means more money saved, seamless user experiences, and happy internal teams.
On the backend, Fastly’s Layer 7 load balancer allows Hotelbeds to define content-aware routing decisions with granular control. For every request, Fastly parses the headers and payload for credit card information. If credit card information is detected, the request is sent to PCI-compliant services for processing. Otherwise, it’s handled as a non-sensitive search request. This happens at the Fastly data center nearest to the end user’s client — and that leads to faster responses from Hotelbeds’ API calls and helps to meet their goals around delivering phenomenal user experiences.
To maintain data security, Fastly supports Transport Layer Security (TLS), the next-generation encryption and authentication protocol that keeps internet exchanges confidential between a user and a website. TLS connections between Fastly and the origin are encrypted and terminated at the network edge, closer to end users, and the system is optimized to handle heavy volumes of encrypted traffic without impacting performance.
Hotelbeds also uses Fastly’s Origin Shield service to help accelerate page load time and reduce lag, two factors that have an enormous impact on the end-user experience. Previously, requests had to be sent all the way back to the origin, thus adding computing resources and impacting performance. However, Fastly’s points of presence (POPs) keep connections (like TLS, for example) open and active at the edge, reducing latency to give end users the speed they expect.
“Fastly’s load balancer helps us route API calls with sensitive data through a more cost-effective path and simplify PCI compliance thanks to the powerful VCL programming language.” Stéphane Abondance
Hotelbeds enlisted Fastly Professional Services to assist with configuring and implementing API load balancing in their systems. The Fastly solution required no modification of their backend services or API requests, and no aggressive cutovers from the previous solution. The Fastly deployment happened in parallel with the old systems, preserving the ability to roll back at any time. After working side by side, the team was ready to execute. And the automation that Fastly’s platform offers made for a turnkey transition. The Hotelbeds team was able to collect detailed real-time logs to help them identify the root cause of any migration issues and ensure that the new system was working as intended. The flexibility of Fastly’s Edge Dictionaries helped them easily add or update certain customer data to the new system as needed during migration.
“It’s been a pleasure to work with the Fastly professional services team. There are very few companies that I’ve worked with that offer the same level of speed, agility, and responsiveness as Fastly.” Stéphane Abondance
Today, Hotelbeds uses Fastly to handle billions of requests per month. The company reports that Fastly’s intelligent load balancing has enabled it to save hundreds of thousands of dollars per year by reducing their dependence on expensive PCI-compliant services — without compromising data-handling rigor or system performance. This means end users can keep making travel plans with the ease they expect, and Hotelbeds’ internal teams can stay ahead of the curve to shape the future of their product.
“Edge computing is the future and Fastly plays an important role in shaping it.” Stéphane Abondance