A production-oriented FastAPI backend for multi-property hotels, resorts and serviced apartments. It is implemented as a modular monolith that can later be split into identity, reservation, property inventory, front-desk, operations, billing and analytics services.
- Argon2 password hashing
- JWT access tokens and rotating refresh tokens
- Refresh-token family revocation after reuse
- Account lockout protection
- One-session and all-session logout
- Nine roles: super administrator, hotel manager, front desk, reservation agent, housekeeping, maintenance, accountant, concierge and guest
- Hotel-scoped data access
- Request IDs, security headers and audit events
- Multi-property hotel records
- Room types and physical rooms
- Floor, wing, smoking and accessibility attributes
- Room amenities
- Room status board
- Best-available and meal-plan rate plans
- Seasonal and day-of-week pricing rules
- Promotion codes with limits and minimum spend
- Occupancy limits and extra-person pricing
- Availability calculation with overlap protection
- Multi-room reservations
- Guest profiles, preferences, VIP levels and documents
- Immutable reservation totals
- Promotions, tax and service-charge calculations
- Confirmation, cancellation and no-show states
- Additional reservation guests
- Physical-room assignment with conflict detection
- Reservation timeline
- Check-in and key-card generation
- In-house guest list
- Key-card replacement
- Deposits and expected checkout
- Balance-controlled checkout
- Automatic room-dirty transition
- Automatic checkout-cleaning task generation
- Housekeeping task assignment, completion and inspection
- Maintenance tickets and room blocking
- Service requests for transport, laundry, room service, concierge and other services
- Automatic service-charge posting to guest folios
- Live room board
- One folio per reservation
- Room, tax, service, minibar, laundry, spa, transport and custom charges
- Charge voiding with reasons
- Idempotent cash, card, UPI, transfer and wallet payments
- Partial and complete refunds
- Invoice payload generation
- Dashboard KPIs
- Occupancy forecast
- Revenue by charge type
- Night audit and no-show processing
- Searchable audit logs
Web / Mobile / Kiosk / Staff Admin
|
v
FastAPI Gateway
|
+--------------+----------------+----------------+
| | | |
Identity Reservations Hotel Ops Finance
| | | |
+--------------+----------------+----------------+
|
SQLAlchemy ORM
|
PostgreSQL / SQLite
|
Redis + Celery Worker
Copy-Item .env.example .env
docker compose up --buildSeed demonstration records:
docker compose exec api python -m scripts.seedOpen:
- Swagger:
http://localhost:8000/docs - ReDoc:
http://localhost:8000/redoc - OpenAPI:
http://localhost:8000/openapi.json - Health:
http://localhost:8000/api/v1/health - Readiness:
http://localhost:8000/api/v1/ready
py -3.12 -m venv .venv
.\.venv\Scripts\Activate.ps1
pip install -r requirements.txt
Copy-Item .env.example .envUse SQLite in .env:
DATABASE_URL=sqlite:///./hotel_management.db
REDIS_URL=
TRUSTED_HOSTS=localhost,127.0.0.1,testserverThen:
alembic upgrade head
python -m scripts.seed
uvicorn app.main:app --reloadAll seeded users use Password@123.
| Role | |
|---|---|
| Super administrator | admin@hotel.example.com |
| Hotel manager | manager@hotel.example.com |
| Front desk | frontdesk@hotel.example.com |
| Reservation agent | reservations@hotel.example.com |
| Housekeeping | housekeeping@hotel.example.com |
| Maintenance | maintenance@hotel.example.com |
| Accountant | accounts@hotel.example.com |
| Concierge | concierge@hotel.example.com |
| Guest | guest@hotel.example.com |
- Create a property, room types, physical rooms and rate plans.
- Configure seasonal rates and promotions.
- Register or locate a guest and verify an identity document.
- Check availability for dates and occupancy.
- Create and confirm a reservation.
- Assign a compatible physical room.
- Check the guest in and issue a key card.
- Post minibar, food, laundry, spa and transport charges.
- Record idempotent partial or complete payments.
- Resolve service and maintenance requests.
- Check the guest out after folio reconciliation.
- Complete the generated housekeeping task.
- Review night audit, occupancy, revenue and audit reports.
curl -X POST http://localhost:8000/api/v1/finance/folios/1/payments \
-H "Authorization: Bearer ACCESS_TOKEN" \
-H "Idempotency-Key: folio-1-payment-0001" \
-H "Content-Type: application/json" \
-d '{"method":"card","amount":"25000.00","transaction_reference":"TXN-10001"}'A retry with the same key returns the original payment instead of creating a duplicate.
| Area | Base path |
|---|---|
| Authentication and staff | /api/v1/auth/* |
| Hotels, rooms and rates | /api/v1/hotels/* |
| Guest profiles | /api/v1/guests/* |
| Reservations | /api/v1/reservations/* |
| Check-in and checkout | /api/v1/stays/* |
| Folios and payments | /api/v1/finance/* |
| Housekeeping, maintenance and services | /api/v1/operations/* |
| Dashboard, reports and night audit | /api/v1/admin/* |
alembic upgrade headAfter changing models:
alembic revision --autogenerate -m "describe the change"
alembic upgrade headpytest -qThe lifecycle suite validates token rotation, availability, guest documents, promotions, reservation creation, room assignment, check-in, folio charges, service requests, maintenance room blocking, idempotent payment, checkout, housekeeping, invoice reconciliation and dashboard metrics.
Read SECURITY.md before using this code with real guests or payments. Replace mock integrations, introduce MFA/SSO, encrypt sensitive identity data, configure managed infrastructure, and complete regional legal and compliance reviews.
