👋Hi, I'm Waqas — a Software Architect and Technical Consultant specializing in .NET, Azure, microservices, and API-first system design..
I help companies build reliable, maintainable, and high-performance backend platforms that scale.
This guidance is relevant when the topic of this article applies to your system or design choices; it breaks down when constraints or context differ. I’ve applied it in real projects and refined the takeaways over time (as of 2026).
Employee benefits portals that handle high-volume, real-time booking and integrate with many legacy systems need the same architectural care as customer-facing apps—performance, clarity, and reliability. This case study walks through the AirAsia ID90 portal: goals, architecture, tech stack (.NET Core, Azure Service Bus, Azure SQL, Redis, 12+ integrations), engineering challenges, and business outcomes (3,000+ daily transactions, 99.9% uptime). For architects and tech leads planning similar internal portals or airline integrations, the patterns and trade-offs below show what was built, what was solved, and what was measured; the same principles apply to any high-volume booking or benefits platform.
System scale: Employee portal with 3,000+ daily transactions, 99.9% uptime, 60-minute booking window; integration with 12+ legacy AirAsia systems (flight ops, crew, revenue, customer service); real-time flight data and ML for seat allocation.
Team size: Cross-functional (backend .NET, front end Angular, integration, ops); ownership split between ID90 engine, API, and legacy adapters.
Time / budget pressure: Fixed timeline; delivery required phased integration and zero-downtime deployments; Google SSO and Azure hosting.
Technical constraints: .NET Core API, Angular SPA, Azure (App Service, Service Bus, SQL, Redis); 12+ legacy system APIs with fixed contracts.
Non-goals: This case study does not optimize for consumer-scale marketing sites or for greenfield-only; it optimises for employee-facing, high-volume booking with legacy integration and reliability.
What was the project?
The AirAsia ID90 portal is an employee benefits platform for ID90 (industry discount) flight bookings. ID90 is a common industry program that gives airline employees discounted standby or confirmed travel. The project delivered a single place for AirAsia employees to access 90% discounted flights within the 60-minute departure window: real-time flight data integration to identify available seats, automated discount application, instant booking and refund workflow, and secure auth (Google SSO) so that only authorised employees could use the system. The platform had to integrate with 12+ legacy AirAsia systems (flight operations, crew management, revenue management, customer service), handle 3,000+ daily bookings during peak periods, and provide advanced analytics and machine learning for booking pattern prediction and seat allocation optimisation—with enterprise-scale reliability and zero-downtime deployments.
AirAsia ID90 at a glance
Aspect
What it was
Purpose
Employee benefits portal: 90% discounted flights within 60-minute departure window; real-time booking and refund management.
Users
AirAsia employees (millions across Southeast Asia); Google SSO; role-based access (Pilot, Cabin Crew, Ground Staff, Management, etc.).
Volume
3,000+ daily transactions; 99.9% uptime; 0.8s average response time; 98% cache hit rate.
Google SSO (OAuth 2.0, OpenID Connect); JWT; AES-256 at rest; TLS 1.3 in transit; OWASP protection; Key Vault; multi-jurisdiction compliance (GDPR, PDPA).
Observability
Application Insights; ML analytics; Azure DevOps CI/CD; zero-downtime deployments.
Loading diagram…
The Challenge
AirAsia faced a significant challenge with unsold seats on flights departing within the hour. These seats represented lost revenue opportunities, while employees often needed last-minute travel but could not afford full-price tickets. The airline needed a system that could dynamically manage discounted bookings while maintaining operational efficiency and preventing abuse. Requirements included: real-time flight data integration to identify availability in the 60-minute window; automated 90% discount application for eligible employees; instant booking and refund workflow with full audit trails; secure authentication (Google SSO) and role-based access; mobile-responsive design for booking from any device; integration with 12+ legacy AirAsia systems (flight operations, crew management, revenue management, customer service) with real-time sync, API rate limits, and data consistency across heterogeneous systems; and advanced analytics and machine learning for booking patterns and seat allocation—all while processing 3,000+ concurrent bookings during peak seasons with sub-second response times and zero double-booking or conflicts.
The Solution
The ID90 Portal leverages real-time flight data integration to identify available seats within the 60-minute departure window. The system automatically applies 90% discounts to eligible employees, processes bookings instantly, and manages the entire refund workflow. Built on .NET Core with Angular frontend, the platform integrates with AirAsia’s existing reservation systems through Azure Service Bus messaging. Key technical choices:Azure App Service for hosting; Azure SQL for transactional data; Redis caching for real-time performance (98% hit rate); CI/CD with Azure DevOps for zero-downtime deployments; Application Insights for monitoring and anomaly detection; machine learning models for booking pattern prediction and seat allocation optimisation. Eligibility is enforced in the API: the backend resolves the user from the token, checks tenure, department, and employment status against business rules, and only then applies the discount and calls the airline integration—keeping the logic secure and auditable.
Key Features
Real-time flight monitoring: Continuous integration with flight status systems to identify last-minute availability within the 60-minute window.
Automated discount application: Instant 90% discount calculation and application for eligible employees.
Comprehensive refund system: Automated processing of cancellations, changes, and refunds with full audit trails; 95% automation rate.
Employee authentication:Google SSO integration ensuring secure access and preventing unauthorised usage; 50,000+ employees across 10 Southeast Asian countries.
Mobile-responsive design:Angular Material UI enabling booking from any device, anywhere; PWA with offline booking history and push notifications.
Advanced analytics:Machine learning models predicting booking patterns and optimising seat allocation; Application Insights with custom telemetry; Power BI integration for management reports.
Technical architecture:Microservices with Azure App Service hosting; Azure SQL and Redis; Azure Service Bus for high-throughput processing; Azure DevOps CI/CD for zero-downtime deployments.
Architecture overview
The architecture is organised in layers aligned with the project page.
Employee Portal Frontend:Angular-based single-page application with real-time flight search, instant booking, and employee-specific dashboards. Google SSO, role-based access, personalised booking history. Mobile-first design; touch-friendly interfaces; offline booking history access; push notifications for last-minute flight alerts and confirmations. Real-time flight updates via WebSocket; PWA with service workers, background sync, and responsive design.
ID90 API Gateway: Centralised API gateway with enterprise-grade security, authentication, and performance optimisation. ASP.NET Core gateway with Google SSO, JWT validation, employee authorization; rate limiting, request routing, API versioning. Intelligent load balancing with health checks and circuit breaker patterns; 99.9% uptime during peak booking periods. Enterprise security: SSL/TLS termination, security headers, OAuth 2.0, audit logging. API analytics and monitoring: real-time metrics, performance tracking, usage analytics; request/response logging, error tracking, automated alerting.
ID90 Booking Microservices:.NET Core booking API with real-time booking processing, Azure Service Bus integration, and employee flight management. ID90 discount engine: real-time last-minute flight processing, 90% discount calculations, automated refund processing; background jobs, event-driven architecture, ML for booking pattern optimisation. AirAsia system integration: connectivity with 12+ legacy systems (flight operations, crew, revenue, customer service); service discovery, API management, event processing. Employee analytics engine: reporting on booking patterns, discount utilisation, system performance; custom dashboards, real-time alerts. Automated notification service: booking confirmations, flight updates, refund notifications; SMS, email, Teams, push with routing, delivery tracking, and fallback.
ID90 Data Infrastructure:Azure SQL for employee information, ID90 booking records, and flight data; automated backups, high availability, advanced indexing. Redis cache layer for ultra-fast access to flight availability, employee preferences, and booking data; intelligent cache invalidation, distributed caching. Entity Framework Core for data access, query optimisation, code-first migrations. Automated backup and recovery: daily backups, point-in-time recovery, disaster recovery; geo-redundant storage; RTO 15 minutes, RPO 5 minutes; 99.9% data availability.
ID90 Security & Compliance Layer:Google SSO (OAuth 2.0, OpenID Connect); JWT with 15-minute expiry; refresh token rotation; MFA (TOTP, SMS). Advanced threat protection:Azure Application Gateway WAF, DDoS protection, Azure Security Center; OWASP Top 10, SQL injection/XSS prevention; network security groups, least-privilege access. End-to-end encryption:AES-256 at rest; TLS 1.3 in transit; field-level encryption for PII via Key Vault; key rotation every 90 days. Multi-jurisdiction compliance:GDPR, PDPA, aviation regulations; data residency, consent management, automated compliance reporting; 7-year audit log retention.
ID90 Integration & Event Processing:Azure API Management with rate limiting (1000 requests/minute per system), request/response transformation, circuit breaker patterns; API versioning, backward compatibility for 12+ legacy systems; 99.5% SLA monitoring and automated failover. Real-time event processing:Azure Service Bus and Event Grid for real-time updates across 12+ AirAsia systems; conflict resolution, data validation, custom sync engine; 99.9% data quality. Integration health monitoring: health checks every 30 seconds; alerting for API failures, data inconsistencies, performance degradation; retry with exponential backoff, dead letter queues. Stream processing:Azure Stream Analytics processing 30,000+ events per second from booking transactions, user interactions, and system metrics; Azure Data Factory for ETL without impacting real-time operations.
Tech stack
Category
Technologies
Backend
ASP.NET Core, C#, Entity Framework, Task Parallel Library
Database
Azure SQL Database, Redis (98% hit rate)
Security
Google SSO, JWT
Cloud
Azure Service Bus, Azure App Service, Azure Load Testing, Docker
1. Real-time last-minute booking processing at scale
Problem: Processing 90% discounted flight bookings within the critical 60-minute departure window while maintaining sub-second response times, handling 3,000+ concurrent bookings during peak travel seasons, and ensuring data consistency across distributed systems with zero booking conflicts or double-booking scenarios.
Solutions:
High-performance .NET Core API:ASP.NET Core with async/await, connection pooling (max 100), Entity Framework Core with compiled queries. 0.8s average response time; read replicas for flight availability; Dapper for high-frequency operations; circuit breaker and retry policies for external AirAsia integration.
Multi-layer intelligent caching:Redis cluster with 99.9% cache hit rate; L1 (in-memory) and L2 (Redis) layers. Cache invalidation: flight availability 30s TTL, pricing 5min TTL, employee preferences 1h TTL. Cache-aside and write-through for confirmations; distributed locking to prevent race conditions.
Event-driven microservices:Azure Service Bus message queues for asynchronous booking processing; saga pattern for distributed transactions. SignalR for real-time confirmations; fallback to SMS/email. Hangfire for refund processing and analytics aggregation.
Intelligent load balancing and auto-scaling:Azure Load Balancer with health checks and session affinity. Auto-scaling: scale out at 70% CPU, scale in at 30%; min 3, max 20 instances. Blue-green deployment for zero-downtime during peak hours.
2. Enterprise-scale employee management and security
Problem: Managing 50,000+ AirAsia employees across 10 Southeast Asian countries with complex organisational hierarchies, varying access levels, multi-language support, and strict compliance (GDPR, PDPA, aviation regulations) while maintaining 99.9% uptime.
Solutions:
Enterprise Google SSO:Google Workspace integration; OAuth 2.0, OpenID Connect; multi-tenant for different AirAsia subsidiaries. JWT with 15-minute expiry; refresh token rotation; MFA (TOTP, SMS); conditional access (location, device trust).
Scalable multi-region data architecture:Azure SQL with geo-replication across 3 regions (Singapore, Malaysia, Thailand). Database partitioning by employee region and booking date; optimised indexes (query time reduced 75%). Read replicas for analytics; connection pooling (200 max connections per region).
Comprehensive role-based access control:Hierarchical RBAC with 15+ role types (Pilot, Cabin Crew, Ground Staff, Management, etc.) and dynamic permission inheritance. ABAC for booking restrictions (grade, route, seasonal). Audit logging for all access and booking modifications; 7-year retention.
Multi-jurisdiction compliance: Data residency per country; consent management; automated compliance reporting for GDPR, PDPA, aviation; monthly audit reports and real-time compliance dashboards.
3. Advanced machine learning analytics and predictive intelligence
Problem: Implementing real-time predictive analytics for booking patterns, demand forecasting, and fraud detection while processing 2.5M+ data points daily, maintaining sub-100ms inference latency, and providing actionable insights without impacting booking system performance.
Solutions:
Azure ML model integration and MLOps:8 ML models via Azure Machine Learning: booking pattern prediction (85% accuracy), demand forecasting (92%), price optimisation (15% revenue increase), fraud detection (99.2% precision). MLOps pipeline: automated retraining every 24 hours; A/B testing; automated rollback on degradation. Models as REST APIs with auto-scaling and load balancing.
Real-time analytics and business intelligence:Application Insights with 50+ metrics per booking. Real-time dashboards: booking velocity, employee satisfaction, system performance, revenue impact. Power BI with automated reports; predictive analytics for capacity planning and 30-day demand forecasting.
Stream processing and data pipeline:Azure Stream Analytics processing 30,000+ events/sec from bookings, user interactions, and metrics. Azure Data Factory for ETL. Azure Functions for aggregation, model training, and reports without impacting real-time booking.
Advanced monitoring and anomaly detection: Custom anomaly detection for unusual booking patterns, fraud, and performance issues. Azure Monitor with intelligent grouping (alert fatigue reduced 80%). Distributed tracing across microservices; automated incident response playbooks.
4. Complex AirAsia system integration and data synchronization
Problem: Integrating with 12+ legacy AirAsia systems (flight operations, crew management, revenue management, customer service) with real-time data sync, API rate limits, and data consistency across heterogeneous systems (different formats and update frequencies).
Solutions:
Enterprise API gateway and integration layer:Azure API Management with rate limiting (1000 req/min per system), request/response transformation, circuit breaker patterns. API versioning and backward compatibility for legacy systems. Comprehensive logging and monitoring; 99.5% SLA monitoring and automated failover.
Real-time data synchronization engine: Custom sync engine using Azure Service Bus and Event Grid. Conflict resolution (last-write-wins for non-critical; manual for booking conflicts). Data validation and cleansing pipelines; 99.9% data quality across 12+ systems.
Comprehensive integration monitoring: Health checks every 30 seconds for all 12+ integrations. Alerting for API failures, data inconsistencies, performance degradation. Retry with exponential backoff and dead letter queues. 200+ integration test cases.
5. Enterprise security and threat protection
Problem: Implementing security for a mission-critical system handling sensitive employee data and financial transactions, protecting against cyber threats, ensuring data privacy compliance, and maintaining security posture across distributed microservices.
Solutions:
Multi-layer security architecture:Azure Application Gateway WAF, DDoS protection, Azure Security Center. OWASP Top 10 protection; SQL injection/XSS prevention. Network security groups with least-privilege access; private endpoints for database access; Key Vault for secrets with 90-day key rotation.
End-to-end data encryption:AES-256 at rest in Azure SQL and Azure Storage. TLS 1.3 in transit with certificate pinning. Field-level encryption for PII via Key Vault. TDE and column-level encryption for financial data.
Security operations and incident response:24/7 monitoring with Azure Sentinel SIEM; automated threat detection; incident response playbooks. SIEM with 30-day log retention. Automated security scanning in CI/CD; vulnerability assessment and penetration testing quarterly.
Business impact and metrics
The engineering solutions delivered measurable results for AirAsia:
Performance and volume:
Booking speed:90% discount within 60 minutes
Employee savings:$15M+ annual savings
Transaction volume:3,000+ bookings/day
System uptime:99.9% availability
User base: Millions across Southeast Asia
Refund processing:95% automation rate
Technical metrics:0.8s average response time; 99.9% uptime; 3,000+ daily bookings; 90% flight discounts. API response optimisation (2.3s → 0.8s); 98.2% cache hit rate; 120ms average database query time. Booking success rate99.2%; employee satisfaction4.2/5.0; booking completion time2.5 minutes. The system successfully handles millions of Southeast Asian employees with enterprise-grade security and zero-downtime deployments.
Outcomes and lessons
Outcomes: The portal went live with secure auth (Google SSO), clear eligibility logic in the API, real-time integration with 12+ AirAsia systems, and a simple, performant booking flow. 99.9% uptime during peak travel seasons; 3,000+ daily bookings with 90% discount calculations in real time; $15M+ annual employee savings; 95% refund automation. Adoption was sustained by performance, clarity, and support.
Lessons:Internal portals need the same care as customer apps: performance, clarity, and support drive trust and adoption. Encapsulate integration in the backend so that security and business rules are enforced in one place. Real-time and caching (Redis, read replicas, cache invalidation) are critical for sub-second booking. ML and analytics (booking patterns, demand forecasting) add value when integrated without impacting real-time operations. Multi-jurisdiction compliance (GDPR, PDPA, aviation) and audit (7-year retention) must be designed in from day one.
Best practices and takeaways
Eligibility in the backend: Never trust the front end for eligibility; enforce in the API so that rules are secure and auditable.
Real-time and caching: Use Redis and read replicas with smart TTLs (flight 30s, pricing 5min, preferences 1h); distributed locking for high-concurrency booking.
Integration encapsulation: Keep 12+ airline/system calls in the backend; normalise and cache so that the front end stays simple and responsive.
Security by default:Google SSO, JWT, MFA; HTTPS only; PII encrypted; rate limiting and security headers; Key Vault and key rotation.
Observability and MLOps:Application Insights with custom telemetry; distributed tracing; ML models with MLOps (retrain, A/B test, rollback) so that analytics do not block booking.
Position & Rationale
With hindsight I’d keep eligibility enforced in the backend and real-time integration encapsulated behind the API—never trust the client for discount rules or expose 12+ systems to the front end. I’d keep Redis and read replicas with smart TTLs and distributed locking for high-concurrency booking. I’d do the same on Google SSO, JWT, security headers, and Key Vault. I’d invest again in observability and MLOps so analytics and ML don’t block booking. What I’d do differently: even earlier idempotency and reconciliation on every external call; clearer contracts with each airline/system so changes don’t cascade. I’d avoid treating “real-time” as “no caching”—the right cache boundaries (flight 30s, pricing 5min) made the difference between responsive and overloaded.
Trade-Offs & Failure Modes
What we sacrificed: Simplicity—many moving parts (Service Bus, Redis, 12+ integrations, ML). Operational cost for multi-region, WAF, and MLOps. Some flexibility in discount rules in exchange for abuse prevention and audit.
Where it degrades: If one legacy system is down or slow, we had to fail gracefully and retry; without idempotency and reconciliation we’d have double bookings or inconsistent state. If caching is wrong (too long or too short), we get stale prices or overload.
How it fails when misapplied: Replicating this for a small internal travel tool—overkill. Skipping eligibility checks in the API—abuse. Exposing all integrations to the front end—latency and coupling. No distributed locking—race conditions on last seats.
Early warning signs: “We can’t prove who was eligible”; “one airline API is bringing down the portal”; “refunds are manual again”; “we don’t know why booking failed.”
What Most Guides Miss
Case studies often list architecture but skip failure handling and idempotency. With 12+ systems and real-time booking, every call can retry or duplicate—we had to design for at-least-once and idempotent handling everywhere. Reconciliation with TDP schemes and external systems is underplayed; without it you can’t detect or fix drift. Cache boundaries (what to cache, for how long, when to invalidate) and distributed locking for high-concurrency seats are rarely discussed in employee-portal posts; they were critical for ID90.
Decision Framework
If you’re building a similar employee-benefits or last-minute booking platform → Enforce eligibility and discount in the API; encapsulate integrations; use caching and locking for concurrency; design for idempotency and reconciliation.
If you have many external systems → Normalise and cache; don’t expose all of them to the client; use event-driven and async where appropriate.
If scale and real-time matter → Redis, read replicas, smart TTLs; distributed locking for scarce resources; observability and tracing.
If the context is different (e.g. B2C, different compliance, no ML) → Reuse patterns (auth, rate limit, security headers, idempotency) but simplify orchestration and integrations.
If you can’t own compliance and security → Don’t launch without eligibility enforcement, audit, and Key Vault; the risk is too high.
Key Takeaways
Enforce eligibility and discount in the backend; encapsulate integrations; cache and lock for real-time concurrency; idempotency and reconciliation on every external call.
Security and observability from day one; MLOps so analytics don’t block booking. Reuse these patterns for similar scale and domain; simplify when context is different.
Summary
The AirAsia ID90 portal delivers employee flight benefits at scale with real-time integration and event-driven processing; the main lesson is that internal portals need the same resilience and observability as customer apps. Getting integration, consistency, and abuse prevention wrong would have undermined trust and uptime; the architecture and patterns here are reusable for similar benefits or booking platforms. Next, if you are building an employee portal or high-volume booking system, map your integrations and consistency requirements, then apply the same principles: bounded contexts, event-driven updates, and zero-downtime CI/CD.
The AirAsia ID90 portal is an employee benefits platform: 90% discounted flights within 60-minute departure window; real-time flight monitoring; automated discount and refund; Google SSO; 3,000+ daily transactions; 99.9% uptime.
Challenge: Unsold seats in the last hour; need for dynamic discount management, operational efficiency, abuse prevention, and integration with 12+ legacy systems with real-time sync and data consistency.
Solution: .NET Core + Angular; Azure Service Bus; Azure SQL + Redis; real-time integration and event-driven processing; ML for booking patterns; zero-downtime CI/CD.
Business impact:99.9% uptime; 3,000+ daily bookings; $15M+ annual employee savings; 95% refund automation; millions of employees across SEA; 99.2% booking success rate; 4.2/5.0 employee satisfaction.
When I Would Use This Again — and When I Wouldn’t
I would use this approach again when I’m building or advising on an employee-facing portal with high-volume transactions and multiple legacy system integrations (flight, HR, booking, etc.). I wouldn’t use it for a simple internal tool with one or two APIs—then a lighter stack is enough. I also wouldn’t use it when the organisation can’t commit to ownership of adapters and to health monitoring; without that, integration becomes a black box. Alternative: if you’re only integrating 2–3 systems, consider a single API layer with caching and retry before adding Service Bus and full observability; scale the pattern as you add systems.
ID90 is an industry discount program for airline employees: discounted standby or confirmed travel. The AirAsia ID90 portal lets employees access 90% discounted flights within the 60-minute departure window—turning unsold seats into employee satisfaction.
How was authentication handled?
Google SSO (OAuth 2.0, OpenID Connect) for 50,000+ AirAsia employees across 10 Southeast Asian countries. JWT with 15-minute expiry; refresh token rotation; MFA (TOTP, SMS); conditional access (location, device). Role-based access (Pilot, Cabin Crew, Ground Staff, Management, etc.); token validated in the API on every request.
What were the eligibility rules?
Backend validated tenure, department, and employment status against business rules before allowing search or booking. Rules were defined by the business and enforced in the API; the front end could not bypass them. 15+ role types with dynamic permission inheritance; ABAC for booking restrictions (grade, route, seasonal).
How did airline integration work?
The backend integrated with 12+ legacy AirAsia systems (flight operations, crew management, revenue management, customer service) via Azure API Management (rate limiting 1000 req/min per system), Azure Service Bus, and Event Grid. Real-time data sync with conflict resolution and data validation; 99.9% data quality. Custom sync engine; health checks every 30 seconds; retry and dead letter queues.
What performance optimisations were used?
Redis with 98% cache hit rate; L1/L2 caching; 30s TTL flight availability, 5min pricing, 1h preferences. Read replicas for flight availability; Dapper for high-frequency operations; connection pooling; compiled queries in EF Core. Async/await; circuit breaker and retry for external APIs. API response2.3s → 0.8s; database120ms average; distributed locking for high-concurrency booking.
What security measures were in place?
Google SSO; JWT (15min expiry); MFA; Azure Application Gateway WAF; DDoS protection; Azure Security Center. AES-256 at rest; TLS 1.3 in transit; field-level encryption for PII via Key Vault; 90-day key rotation. OWASP Top 10 protection; SQL injection/XSS prevention; network security groups; private endpoints. GDPR, PDPA, aviation compliance; 7-year audit log retention.
What was the UX approach?
Minimal screens (3–4 for main flow): login, check eligibility, search, select, confirm. Angular Material; mobile-first; PWA (offline booking history, push notifications). Clear validation and plain language errors; real-time flight updates; 2.5 minutes average booking completion time.
How were errors handled?
Clear messages so that users could correct issues; retry logic for transient failures; support channel for issues that could not be resolved in-app. Circuit breaker and exponential backoff for external APIs; dead letter queues for failed messages. Errors logged with correlation IDs for diagnosis.
How was deployment done?
Azure App Service for hosting; Azure DevOps CI/CD. Blue-green deployment for zero-downtime updates during peak booking hours. Staging slot for testing; slot swap for production. Automated testing, security scanning in pipeline.
What monitoring was used?
Application Insights for logs, metrics, and distributed tracing; 50+ metrics per booking. Custom dashboards: booking velocity, employee satisfaction, system performance, revenue impact. Azure Monitor with anomaly detection; intelligent alert grouping (alert fatigue reduced 80%). Stream Analytics30,000+ events/sec; Power BI for management reports.
How was user adoption sustained?
Clear flow and performance (0.8s response, 99.9% uptime) reduced friction; user guide and support channel helped users get started and report issues. Employee satisfaction4.2/5.0; 99.2% booking success rate; 2.5 minutes average completion time. Feedback informed improvements.
What was the booking flow?
Login (Google SSO) → Check eligibility → Search (origin, destination, dates; 60-minute window for 90% discount) → Select flight → Confirm. Typically 3–4 screens; real-time availability; instant discount application; automated refund workflow. Validation and errors in plain language.
What was the data storage approach?
Azure SQL for employee information, ID90 booking records, and flight data; encrypted at rest; geo-redundant backup; RTO 15 minutes, RPO 5 minutes; 99.9% data availability. Redis for flight availability, employee preferences, booking cache. No sensitive data in the front end.
What lessons were learned?
Internal portals need the same care as customer apps: performance, clarity, and support drive trust and adoption. Encapsulate integration in the backend so that security and business rules are enforced in one place. Real-time and caching (Redis, read replicas, TTLs, distributed locking) are critical for high-volume, sub-second booking. ML and analytics add value when integrated with MLOps (retrain, A/B test, rollback) without impacting real-time operations. Multi-jurisdiction compliance and audit (7-year retention) must be designed in from day one.
Related Guides & Resources
Explore the matching guide, related services, and more articles.
