Skilled Coder Blog
System Design

System Design: Booking.com / Hotel Booking System

What’s the Goal?

Build a reliable hotel booking platform where travelers can search for hotels, filter by location, price, rating, or availability, see detailed listings with room information and amenities, and then seamlessly book a room. The system should prevent double-bookings, handle concurrent requests from multiple users, and process payments securely. It must also scale across regions to handle peak search traffic and booking events.

Core Components

  • Search Service – Exposes search APIs with filters for city, price range, star rating, and date availability. Utilizes ElasticSearch for full-text and geo queries.
  • Hotel Metadata Service – Stores hotel profiles, images, room descriptions, amenities, and reviews in a read-optimized store or cache for fast retrieval.
  • Availability Service – Tracks per-room inventory day by day. Uses Redis to serve hot data with low latency and partitions by city and date.
  • Booking Service – Manages the transaction to reserve a room, apply locks, interact with payment gateways, and confirm the booking.
  • Lock Service – Provides distributed locking to prevent the same room from being booked twice during checkout.
  • Payment Service – Integrates with external payment processors for charging credit cards or other methods.
  • Notification Service – Sends booking confirmation emails and push notifications to the traveler after successful payment.
  • Analytics & Reporting – Aggregates data on bookings, cancellations, and revenue to drive business decisions.

End-to-End Flow

Below is an expanded step-by-step walkthrough of how a typical booking occurs on the platform.

1. User Searches for Hotels

When a traveler opens the booking site or mobile app, they typically select a destination city and travel dates. The client sends a request such as:

GET /search?city=London&checkin=2025-07-20&checkout=2025-07-22&guests=2

The Search Service parses the request and constructs a query for ElasticSearch. The query uses geospatial filters to match hotels near the chosen city center and additional filters for price range, star ratings, or amenities (e.g., free breakfast, pool). Because search responses must be fast, the system preloads hotel metadata into a cache. Meanwhile, room availability data for the top N hotels is fetched concurrently from Redis, so the user can immediately see which hotels have rooms for the selected dates. The final search response includes a list of matching hotels with aggregated rating, cheapest room price, and a small subset of amenities to keep the payload lightweight.

2. User Views Hotel Details

Once the user clicks a search result, the client requests a detailed hotel view:

GET /hotels/H123?checkin=2025-07-20&checkout=2025-07-22

This page shows all available room types, photos, hotel rules, and user reviews. The metadata is served from a read-optimized store such as a CDN-backed cache or a NoSQL database, ensuring fast load times even for high-resolution photos. Concurrently, the Availability Service retrieves each room’s availability and base price for the selected dates. If the hotel allows dynamic pricing, the service may consult a pricing engine to calculate current rates based on demand, time of year, or promotional codes.

3. Selecting a Room and Locking Inventory

To prevent race conditions where two travelers try to book the same room simultaneously, the system introduces a locking mechanism. When the user picks a room, the client sends a lock request:

POST /rooms/R123/lock
{
  "checkin": "2025-07-20",
  "checkout": "2025-07-22",
  "user_id": "U789"
}

The Lock Service executes an atomic Redis command:

SET room:R123_2025-07-20 locked NX EX 120

This command uses the NX flag to set the key only if it does not already exist, and EX 120 sets an expiration of two minutes. The lock gives the traveler a short window to complete the checkout flow. If another user tries to lock the same room during that window, they receive an error or an “unavailable” status, prompting them to choose a different room.

4. Initiating the Booking

After the traveler confirms their details and payment method, the client initiates the actual booking via an authenticated API call:

POST /book
{
  "user_id": "U789",
  "hotel_id": "H123",
  "room_id": "R123",
  "checkin": "2025-07-20",
  "checkout": "2025-07-22",
  "amount": 350.00,
  "payment_token": "tok_abc123",
  "idempotency_key": "uuid-7890"
}

The payload includes an idempotency_key so that if the client retries due to a network hiccup, the server can recognize duplicate requests and avoid double booking or double charging the user.

5. Booking Service Logic

Upon receiving the booking request, the Booking Service performs several checks and operations in a distributed transaction style:

  1. Verify Lock – Ensure the room lock is still active. If it has expired, the booking fails and the user must reselect the room.
  2. Start Database Transaction – The service begins a transaction in the relational bookings database.
  3. Insert Booking Record – A row is inserted into the bookings table with status pending and price details.
  4. Update Availability – The service marks the selected dates as unavailable in the availability table.
  5. Commit Transaction – The DB transaction is committed to keep the booking consistent.
  6. Process Payment – The Payment Service is called, either synchronously or asynchronously via a message queue. If the payment fails, the booking is rolled back.
  7. Emit Event – On success, the service produces a message to a Kafka topic booking.success, which triggers confirmation emails and updates downstream services.

6. Post-Booking Workflow

Consumers subscribed to the booking.success topic perform various tasks:

  • Send a confirmation email with the reservation details and cancellation policy.
  • Push a notification in the mobile app with booking status and a link to the itinerary.
  • Release the room lock so inventory updates immediately and other users can book remaining rooms.
  • Schedule reminder emails or push notifications closer to check-in, using a job queue.

This asynchronous pattern keeps the main booking API responsive while still ensuring all post-booking actions occur reliably.

Handling Concurrency and Race Conditions

In a high-traffic system, multiple users might attempt to book the same room for overlapping dates. To prevent inconsistent state, the platform applies a set of defensive strategies:

Double Booking Risks

  • Problem: Two users hit “book” at nearly the same time. Without proper locking, the database could end up with two confirmed bookings for the same room and date range.
  • Solution: Atomic locks via Redis SETNX ensure only one user obtains the booking window. The Booking Service also checks lock existence before finalizing the reservation. If a race still occurs, the idempotency_key prevents duplicate bookings on retries.

Payment Timeout

  • Problem: Payment processing might take too long or fail, leaving the booking in an inconsistent state.
  • Solution: Process payments through a message queue so that failures can be retried. Use state transitions (pending, confirmed, cancelled) in the database to track progress. If payment never completes, a background worker can release the room and mark the booking as cancelled.

Hotel Updates After Booking

  • Problem: If hotel staff change room attributes (like room type or amenities) after a booking is made, the traveler expects their reservation details to remain the same.
  • Solution: Store an immutable snapshot of the room metadata at the time of booking. That snapshot is displayed in confirmation emails and in the user’s itinerary page.

Database Schema (Simplified)

Here’s an example of how the core tables might look.

Hotels Table

hotel_idnamegeo_hashcitystars
H123Royal Palaceabc123London4

Rooms Table

room_idhotel_idroom_typebase_pricemax_guests
R123H123Deluxe180.002

Availability Table (Partitioned by date)

room_iddateavailable_count
R1232025-07-203

Bookings Table

booking_iduser_idroom_idcheckincheckoutstatusprice
B456U789R1232025-07-202025-07-22pending350.00

Scaling the System

As the platform grows to millions of users, each component must scale independently. Below is a high-level strategy for scaling major subsystems.

ComponentScale Strategy
SearchUse ElasticSearch with geo shards; add read replicas for heavy traffic
Room AvailabilityPartition Redis by city and date ranges; store cold data in a SQL or NoSQL DB
Booking ServiceDeploy stateless instances behind a load balancer so they can scale horizontally
Locking LayerRun a Redis cluster or implement RedLock for multi-node consensus
PaymentsIntegrate with external payment gateway; rely on webhooks and retries
Async JobsUse Kafka topics and worker pools for notifications and analytics

Additional Considerations

Caching Strategy

Caches are critical for search performance and to minimize load on the main databases. Popular hotels and metadata are cached in memory or an in-memory database such as Redis or Memcached. For image assets and static pages, a CDN reduces latency for global users. The challenge is cache invalidation: when hotel information or prices change, the system must refresh caches quickly, possibly via cache-busting or message-based invalidation.

Microservices vs Monolith

A large booking platform often adopts a microservices architecture to separate concerns. Search, Booking, Payments, Reviews, and Notifications might all be individual services. This approach allows each team to scale and deploy independently, but it also introduces complexity in service discovery, monitoring, and fault tolerance. If the organization is smaller, a modular monolith can still work, provided the boundaries between modules are well-defined.

Reliability & Failover

To achieve high availability, deploy services across multiple regions. Databases should replicate data synchronously within a region and asynchronously across regions. Load balancers detect unhealthy instances and reroute traffic. Circuit breakers and retries help services recover gracefully from transient failures. For long-running outages, a read-only mode may allow users to browse hotels even if bookings are temporarily disabled.

Security & Compliance

Payment information must be handled in compliance with PCI DSS. Sensitive data such as user profiles and booking records should be encrypted in transit and at rest. Access to administrative APIs needs strict authentication and role-based authorization. Because hotels may be subject to different regional regulations (like GDPR in Europe), the system should support data deletion and anonymization on request.

Analytics & Monitoring

The business team needs metrics such as conversion rate, average booking value, and cancellation trends. Services emit metrics to a monitoring stack like Prometheus + Grafana or a managed solution. Logs are centralized (e.g., via Elasticsearch or CloudWatch) for troubleshooting. An event-driven data pipeline sends booking events into a data warehouse for further analysis, powering dashboards and targeted marketing campaigns.

Advanced Features and Future Enhancements

  1. Personalized Recommendations – Suggest hotels based on the user’s previous searches and bookings, leveraging collaborative filtering or machine learning models.
  2. Loyalty Program – Implement reward points and tiered membership. The data model must keep track of earned points, redemptions, and expiration dates.
  3. Dynamic Packaging – Allow bundling with flights or rental cars, requiring integration with third-party APIs and additional booking flows.
  4. Price Alerts – Let users subscribe to price drops for specific hotels or destinations, which involves periodic background tasks to check for changes.
  5. Cancellation Policies – Provide flexible and non-refundable options, each with different rules for refunds and rebooking.
  6. Multilingual Support – Store hotel descriptions and user-facing text in multiple languages, complicating search indexing but vital for a global audience.
  7. A/B Testing – Run experiments on pricing or UI changes. This requires feature flags and careful tracking of user cohorts.

The platform should be designed to incorporate these features with minimal disruption, emphasizing loose coupling between services and clean API contracts.

Putting It All Together

Let’s walk through how the entire system behaves under load during a busy travel season. A traveler in New York searches for hotels in London for popular summer dates. The request hits the Search Service, which quickly returns a list of options thanks to its geo-indexed ElasticSearch cluster. When the user selects a hotel, the Availability Service fetches real-time room counts from Redis, and the UI indicates which room types are still open.

During checkout, the Lock Service ensures that only one user holds a room reservation at any time. Even if thousands of users try booking the same top-rated hotel, the locking layer keeps inventory consistent. The Booking Service processes each reservation in a short-lived database transaction, then offloads payment to an external gateway. Once the payment clears, a Kafka message triggers confirmation emails and analytics updates. In case of failure, automated retries and compensating transactions release room locks and keep the system state consistent.

The Role of Distributed Transactions

While a classic two-phase commit is often too heavy for large-scale systems, a simplified distributed transaction pattern with sagas or outbox tables can ensure eventual consistency. For example, when a booking is made, the service writes to its own database first, then publishes an event to a message bus. Downstream systems listen for this event and update their data stores accordingly. If a step fails, compensating actions roll back or adjust previous operations. This pattern avoids long-lived locks across services while still guaranteeing correct final state.

Handling Spikes and Peak Events

Major events, holidays, or promotional campaigns can create sudden traffic spikes. Auto-scaling groups or Kubernetes clusters can spin up additional application instances as needed. Rate limiting protects backend services from overload. A warm cache of popular destinations ensures search remains fast even under heavy load. Post-booking tasks might be throttled or prioritized to guarantee that confirmation emails and lock releases happen before less critical analytics processing.

Conclusion

Designing a hotel booking system similar to Booking.com involves orchestrating many moving pieces: fast search, accurate availability data, reliable bookings, secure payments, and responsive notifications. By leveraging distributed locking, message queues, caching layers, and a well-structured database, we can deliver a smooth booking experience while preventing double reservations or inconsistent data. Scalability comes from partitioning services and databases, while careful monitoring and failover strategies maintain reliability. With a solid foundation, the platform can evolve to include loyalty programs, personalized recommendations, and other advanced features that keep travelers coming back.

NOTE: This high-level design focuses on the core booking flow. Real-world implementations incorporate many more details such as fraud detection, partner integrations, tax calculations, and comprehensive customer support tooling.