Michael Saravia

Seamless transition to modern API authentication: Enhancing provider security with token-based methods

Overview

The API authentication modernisation project aimed to enhance the security and usability of machine account authentication for providers partnered with Booking.com. The existing basic authentication method presented significant security vulnerabilities, leading to the decision to transition to a more robust token-based authentication system, utilising OAuth. This change required providers to adapt their backend processes and configuration setups in the Booking.com provider portal.

My role

As the senior UX designer on this project, I was responsible for leading the user experience design efforts, focusing on the provider portal interface. My role included researching user needs, creating intuitive designs, and facilitating communication among cross-functional teams to ensure a smooth transition for providers.

Team collaboration

  • Project manager: Who oversaw project milestones and stakeholder engagement.
  • Department product managers: To align the project goals with business strategies.
  • Developers and solution architects: For technical feasibility and implementation.
  • Account managers and customer service teams: To gather insights on provider needs and expectations.

Stakeholders

  • Internal stakeholders: Connectivity teams, compliance officers, and security experts who were crucial in assessing risks and validating the new authentication method.
  • External stakeholders: Key providers whowwould be affected by the authentication changes, and their feedback was essential for refining the user experience.

Project objective

The primary objective of the project was to facilitate a seamless migration for providers to the new authentication method, minimising operational overhead and business disruption. Specifically, we aimed to:

  • Ensure providers could easily adapt to the new token-based authentication system.
  • Reduce the risk of errors during the migration process by streamlining the user interface.
  • Create automation features in areas that would be possible for less manual work.
  • Improve overall security and user satisfaction metrics post-implementation.

Through this initiative, we anticipated an increase in adoption rates and a decrease in authentication-related support queries, ultimately enhancing the experience for providers.

Problem definition

The primary challenge was addressing the vulnerability posed by the current basic authentication method for providers’ machine accounts. Although no breaches had occurred, we recognised the critical need to proactively improve security and mitigate any risks of hacking or financial loss for providers. From a business standpoint, securing provider accommodations was vital for protecting revenue, maintaining trust, and reducing operational disruptions.

As the designer, I was responsible for ensuring the new authentication process not only strengthened security but also provided a seamless user experience. I collaborated with product managers, security teams, and developers to integrate user-centric solutions into the overall technical framework. My role was pivotal in aligning user needs with business objectives, ensuring providers could adopt the changes without impacting their daily operations.

Constraints

The project had several notable constraints:

  1. Time constraints: We were required to complete research, design, build, and testing within one quarter. This tight timeline demanded highly efficient cross-team collaboration and rapid iteration.
  2. Technical constraints: Many providers had set up individual machine accounts for each accommodation, which meant migrating each account would require a significant manual effort. This posed a major challenge for the providers’ teams and risked delaying adoption of the new system.
  3. Resource constraints: Limited development bandwidth required us to create a solution that was simple and efficient, both in terms of design and technical feasibility.

During the research phase, I led provider interviews and surveys, working closely with the development team to uncover specific pain points around machine account management. These insights allowed us to shape a solution that met technical constraints while addressing the needs of the providers.

Hypothesis

At the project’s outset, we hypothesised that most providers managed their accommodations through individual machine accounts rather than in bulk. This assumption was based on anecdotal evidence and would imply that providers would face the challenge of migrating each machine account one by one, resulting in a time-consuming and potentially demotivating process. How could we automate these tasks better.

I lead the research phase, conducting user interviews to test this hypothesis. The findings revealed that the assumption was mostly correct; providers indeed preferred individual machine accounts, largely due to the limitations in the existing bulk management options. This insight was essential for designing a solution that would mitigate the difficulties of manual migration.

Research and discovery

While owning the research and discovery phase of the project, ensuring that all research efforts were aligned with our technical, business, and user experience goals. My role involved leading the initial research, conducting interviews, synthesising insights, and collaborating with cross-functional teams to ensure the findings were actionable. By owning this phase, I helped shape a user-centred approach that informed the design and development process.

Research method

We adopted a mixed-methods research approach to gather comprehensive insights:

  1. Interviews and surveys: I facilitated user interviews with different types of providers, who manages either hotels, homes, chains, or villas. These interviews helped us understand how providers managed their machine accounts and identified common pain points with the current authentication process.
  2. Persona development: I collaborated with the UX research team to create detailed personas representing small and large portfolio providers, highlighting their specific needs and behaviours in managing machine accounts.
  3. Journey mapping: We created user journey maps to visualise the providers’ end-to-end process in managing authentication for their accommodations. This helped us identify pain points at different stages, from account setup to migration challenges.

Key insights

Several key insights emerged from the research phase:

  1. Manual effort concerns: The assumption that most providers would have to migrate each machine account one by one was validated. This insight refined our understanding of the scale of the problem, especially for smaller providers who lacked the resources for manual migration.
  2. Different adoption rates: Large portfolio providers were more likely to adopt the new authentication method if they had bulk migration options, whereas small portfolio providers needed more hands-on support to avoid feeling overwhelmed.
  3. Usability issues: Many providers reported confusion about how to manage their machine accounts effectively, especially when using the current interface. They needed clearer guidance and automation tools for bulk operations.

Based on these insights, we refined the problem statement to focus on:

  • Reducing the complexity of the migration process, especially for small providers.
  • Creating a more flexible and automated solution for large portfolio providers to handle bulk migrations.
  • Improving the usability of the interface to support the diversity in provider needs.

Problem refinement

My ownership of the research phase had a significant impact on the project’s direction. By uncovering the critical pain points and validating assumptions, we were able to refine the design and development goals to focus on the most urgent user needs. This ensured that the solution was not only technically feasible but also aligned with how different provider types interacted with their machine accounts. Additionally, the research findings helped the team prioritise the migration challenges that would have otherwise delayed provider adoption, contributing to a smoother project rollout within the given timeframe.

Ideation and conceptualisation

Brainstorming and collaboration

The ideation phase started with brainstorming sessions with the team and key stakeholders to align on potential solutions. My role was to facilitate these sessions by structuring discussions around user needs, technical constraints, and business goals. The brainstorming was crucial for surfacing initial ideas on how we could redesign the machine account management process to integrate API token-based security.

Approach

I prepared visual aids and wireframes to support ideation, helping participants envision the new process and offer suggestions.

To gather diverse input, I also presented the wireframes during design critique sessions with the UX community. Their feedback helped refine the wireframes with broader perspectives on usability and flow.

Wireframing and prototyping

After solidifying the initial ideas, I transitioned to creating wireframes in Figma. These wireframes outlined the core userflows for creating, managing, and migrating machine accounts, along with potential outcomes (success states, error states, and empty states).

Process

I iteratively developed the wireframes, incorporating feedback from the project manager and the team, as well as insights from the earlier brainstorming sessions. I ensured the wireframes reflected the complexity of different user types (small vs. large providers).

I shared sneak peeks of the designs and gathered initial thoughts, but scheduled formal feedback meetings with the team and the UX community to validate the designs more thoroughly.

Additionally, I collaborated with our UX writer, to ensure that the UI copy was clear, concise, and aligned with the new flows. This helped ensure a unified experience between design and content.

Feedback loops and refinements

To ensure the designs were practical and user-centric, I engaged in feedback loops from both colleagues and providers. The Booking.com team provided technical insights that guided revisions, ensuring the wireframes were feasible and secure. Meanwhile, feedback from the UX critique sessions offered insights on the user experience and usability improvements.

Impact of feedback

The feedback sessions helped refine the userflows, making the migration process more straightforward, particularly for small providers who were intimidated by the scale of the migration.

Suggestions from the UX community led to improvements in the error and empty states, ensuring they provided actionable guidance instead of just technical explanations.

Based on input from the provider tooling team, we adjusted the migration flow to allow bulk actions for large portfolio providers, reducing the manual effort required.

Prototyping and testing

Once the wireframes were in a solid state, I developed high-fidelity prototypes in Figma. These prototypes were used to simulate the actual experience for stakeholders and gather additional feedback before final implementation.

User testing preparation

I collaborated with Giulio to create a discussion guide for the upcoming user testing phase. This document helped us focus on the critical areas of the flow that required validation.

The prototypes and flows were shared with our UX writer again to ensure that the content would resonate with the providers’ needs.

Final outcomes

The ideation and conceptualisation phase culminated in a set of high-fidelity wireframes and prototypes that:

  • Simplified the machine account creation and migration process for all provider types.
  • Integrated comprehensive error handling and success messaging for a smoother user experience.
  • Incorporated feedback from multiple rounds of internal and external reviews, ensuring alignment across the team.

My proactive approach in gathering feedback loops at different stages of the design process enabled us to address challenges early, resulting in a more robust solution. This process not only strengthened the final product but also ensured that our design would meet both business goals and user needs efficiently.

The project concluded successfully, ahead of schedule, with the majority of key milestones completed in just over two-thirds of the original timeline. This accelerated progress allowed the development team to commence the build phase earlier than expected, with a detailed spec sheet outlining every phase of interaction. By ensuring that all phases were well-documented and signed off, I eliminated any ambiguity or missed steps, significantly reducing the need for follow-up questions and enhancing the team’s efficiency. One of the critical outcomes was securing alignment between the project manager and leadership regarding the build priorities, ensuring that all phases were clearly mapped to support a smooth and successful launch.

In preparation for the launch, I worked closely with the customer support team to develop FAQ documents and answer any potential questions from our providers. This proactive approach ensured that our 700+ providers had access to comprehensive resources, which facilitated a smooth migration process. The impact was immediate, with over two-thirds of our provider portfolio completing the migration in the first quarter following the launch. Providers with more complex setups, particularly those managing larger accommodations, understandably took longer, but the overall feedback was overwhelmingly positive. Providers expressed satisfaction with the ease of use and appreciated the level of support offered during the transition, allowing them to return to their business operations with minimal disruption.

Reflecting on my role in leading this project, I recognise that the success was largely attributed to a vigilant approach to process management and a clear understanding of what success looked like from the outset. By gaining the trust of my peers and leadership, I was able to guide the team through meticulous planning and execution, ensuring that all aspects of the project were aligned with our business goals. Additionally, I leveraged the expertise of key roles across departments, which allowed me to anticipate challenges and address them proactively. This holistic approach not only ensured the timely delivery of the project but also cemented strong relationships with both internal teams and external stakeholders. The experience reinforced the importance of cross-functional collaboration and adaptability in leading successful projects.

Posted

in