FakeExpedia Demo

Proxy Mode — All traffic routed through PayFence Gateway

Big Token Quota (Steps 3-6)Not loaded
Tiny Token Quota (Step 7 Burn)Not loaded
1

Health Check

Pending

GET /healthz -- no authentication needed. Confirms the FakeExpedia origin server is running.

2

Direct Access Blocked

Pending

Try hitting the origin directly with a valid token. The origin rejects non-gateway traffic (403).

3

Proxy Access Works

Pending

Same request, but routed through the PayFence Gateway. Returns 200 with flight results.

4

Search Hotels

Pending

GET hotels via the gateway. Demonstrates the gateway proxying different endpoints.

5

Place Hold (10 units)

Pending

POST a booking hold through the gateway. Costs 10 quota units -- watch the meter decrease.

6

Confirm Booking (25 units)

Pending

POST booking confirmation. Costs 25 units. Higher-value operations cost more quota.

7

Quota Exhaustion (402)

Pending

Switch to a TINY token (5 units total). Burn through quota until we hit 402 Payment Required with a checkout URL.

What This Demonstrates

Proxy Mode means all API traffic flows through the PayFence Gateway. The origin server (FakeExpedia) rejects any request that does not come from the gateway, ensuring every call is authenticated and metered.

Quota enforcement happens at the gateway level. Each API call deducts from the token's quota based on the endpoint's configured cost. When the quota reaches zero, the gateway returns 402 Payment Required with a checkout URL.

The checkout URL redirects the API consumer to a PayFence-hosted payment page where they can purchase more credits. Once payment completes, their quota is replenished and API calls resume working.