API Architecture

The figure below illustrates a technical overview of the API.

API Architecture Overview

Data Tier

There are four persistent data stores in this tier. The API uses a seperate database deployment for each category on the same or different database servers.

  • Reference Data

    Reference data contains airport, airline, country-information (including geo-locations, time zones, etc.) All data is cached at the application tier.

  • Airline Configuration Data

    Airline configuration is stored as encrypted XML data in a BLOB field in the database. Configuration includes templates, but may also include addresses and login information for SMS/Email Servers. This database contains live and archived configuration information.

  • Boarding Passes

    All boarding passes are stored with seperate tables for every airline. A hash of searchable fields is stored in seperate columns, but the entire boarding pass is stored as an encrypted XML document in a BLOB column. Searchable fields are id, PNR, ticket number, mobile number, email address, and frequent flyer number

  • Airline Certificate and Keys

    This database stores the following information per airline:

    • Apple Certificate and Key.This is optional for an airline, and allows SITA to sign the Passbook using the airline developer's Certificate and Key.
    • Barcode Signing Private Key. This is the private key used to sign the information in the barcode data.

    Each airline specific key is stored in a seperate password protected Java Keystore object as a BLOB in this database.

Network Connectivity

The data tier is firewalled and JDBC incoming connections are only allowed from the application tier.

Application Tier

The application tier processes create, revoke, and status API calls. This component also handles communication with SMS, SMTP, and Push Notification servers. It has read only access to the configuration, reference data, certificates, and keys database, and read/write access to the boarding pass database.

The application tier is composed of the following modules that may be deployed either on the same server or seperate servers.

  • Boarding Pass Server

    This module fulfils requests from passengers to serve up their barcode/boarding pass web page or passbook. This application has read/write access to the boarding pass database only.

  • Configuration Manager

    This is the administration and reporting GUI. It has read/write access to the configuration database and boarding pass database. Access is granted only to the Administrator level role resources.

  • Certificate and Key Manager

    This module supports uploading of Certificates and Keys to the database and has read/write access to the certificates and keys database. It also has read access to the configuration database.

Although the Certificate and Key Manager has read access to the keys database, it does not support viewing of certificates and keys. It only supports the uploading of certificates and keys. As part of the uploading process, summary information is extracted from the certificate and key and stored seperately. This summary is the information that is returned to the user.

Access Environments

SITA provide three environments for application development and implementation using the API:

  • Development

    Used for evaluating, customising, and testing boarding pass applications.

  • Staging

    Used for the QA of applications prior to official production release.

  • Production

    Live implementation of application.

All of the above environments are isolated from each other with seperate configurations, databases, API keys and user access rights and roles.