VenueConnect – B2C Venue & Hotel Booking Portal

🏠

Project Overview

Business context, goals, and key capabilities

Development Phases

Planned Tasks

RFP Workflow Steps

API Endpoints

~26

Weeks Estimate

🎯

Business Goal

Build a consumer-facing (B2C) venue and hotel booking portal similar to Cvent that allows individuals and corporate event planners to search venues, submit RFPs, manage room blocks, arrange meals and catering, and track booking lifecycle — all powered by the official Cvent Developer API at developer.cvent.com.

🔑

Key Differentiators

Consumer-first UX with simplified RFP builder · Real-time venue availability via Cvent API · Integrated meal & catering package selection · Guest room block management · Transparent pricing comparison · Mobile-responsive design · Hosted on cvent.swapunits.online

⚙️

System Requirements

Functional, non-functional, and compliance requirements

Functional — User Management

SYS-001
User self-registration with email verification Critical
SYS-002
OAuth2 social login (Google, LinkedIn) High
SYS-003
Role-based access: Guest, Planner, Venue Manager, Admin Critical
SYS-004
User profile with company details, billing address, preferences High
SYS-005
Password reset and account recovery flows Critical

Functional — Venue & Search

SYS-006
Venue search by location, capacity, amenities, date Critical
SYS-007
Interactive map view with venue pins High
SYS-008
Venue detail pages: photos, floor plans, room specs Critical
SYS-009
Availability calendar integration via Cvent API Critical
SYS-010
Save venue to shortlist / compare up to 5 venues Medium

Functional — RFP Builder

SYS-011
Multi-step RFP wizard: Event → Rooms → Meals → Contacts → Pricing Critical
SYS-012
Add multiple venues to a single RFP for competitive bidding Critical
SYS-013
Event Requirements: dates, duration, attendance, event type, setup style Critical
SYS-014
Guest Room Requirements: room types, check-in/out, block size, rate caps Critical
SYS-015
Meals & Catering: breakfast, lunch, dinner, breaks, dietary requirements Critical
SYS-016
Pricing Preferences: budget range, per-person cost, F&B minimum High
SYS-017
Custom Questions: configurable planner-defined question fields High
SYS-018
Other Information: AV needs, accessibility, parking, branding restrictions High
SYS-019
Contact Details: primary contact, billing contact, on-site coordinator Critical
SYS-020
Draft save, resume, and submit RFP with confirmation email Critical

Functional — Proposals & Booking

SYS-021
Receive and compare venue proposals side-by-side Critical
SYS-022
Contract review and e-signature integration High
SYS-023
Booking confirmation with unique booking reference Critical
SYS-024
Payment processing: deposit, installments, final payment High
SYS-025
Booking management dashboard: view, modify, cancel bookings Critical
SYS-026
Email/SMS notifications at each booking status change Critical

Non-Functional — Performance

NFR-001
Page load time < 2 seconds on 4G connection Critical
NFR-002
Support 1,000 concurrent users without degradation High
NFR-003
API response time < 500ms for venue searches High
NFR-004
99.5% uptime SLA with automated health monitoring Critical
NFR-005
Mobile-first responsive design (iOS, Android, tablet) Critical

Non-Functional — Security & Compliance

SEC-001
TLS 1.3 on all endpoints; HSTS headers enforced Critical
SEC-002
PCI-DSS compliance for payment card data handling Critical
SEC-003
GDPR-compliant data handling; cookie consent banner High
SEC-004
OWASP Top 10 mitigations: XSS, CSRF, SQLi, IDOR Critical
SEC-005
Rate limiting on auth and RFP submission endpoints High
SEC-006
Encrypted storage of PII (AES-256 at rest) Critical

🔧

Technical Requirements

Architecture, integration, infrastructure, and API specifications

Architecture Requirements

TECH-001
Microservices-ready modular monolith — Auth, Venues, RFP, Booking, Notification services
TECH-002
RESTful API backend with OpenAPI 3.0 documentation
TECH-003
React SPA frontend with server-side rendering (Next.js)
TECH-004
Redis caching for venue search results (TTL: 5 min)
TECH-005
Message queue (BullMQ) for async notifications
TECH-006
PostgreSQL primary database with read replica

Cvent API Integration Requirements

TECH-007
OAuth2 client credentials flow via developer.cvent.com
Scope: venue:read, rfp:write, booking:read, hotel:read
TECH-008
Venue Search API: /venues with filter params
TECH-009
Venue Detail API: /venues/{id} including room inventory
TECH-010
RFP Submission API: POST /rfps with full JSON payload
TECH-011
Hotel Room Blocks API: /hotels/{id}/room-blocks
TECH-012
Proposal Retrieval API: GET /rfps/{id}/proposals
TECH-013
Webhook handling for real-time proposal status updates
TECH-014
Token refresh handling with exponential backoff retry

Infrastructure Requirements

INF-001
Nginx reverse proxy on cvent.swapunits.online (443/80)
INF-002
Let's Encrypt SSL with auto-renewal via Certbot
INF-003
PM2 process manager for Node.js in cluster mode
INF-004
PostgreSQL 16 with daily automated backups (30-day retention)
INF-005
Redis 7 for session store and job queue
INF-006
Nginx gzip compression + static file caching headers
INF-007
Loki + Grafana for log aggregation and dashboards
INF-008
Automated CI/CD pipeline (GitHub Actions)

Data Requirements

DATA-001
User PII encrypted at rest; separate encryption keys per tenant
DATA-002
RFP data model: Event + Rooms + Meals + Contacts + Pricing + Questions
DATA-003
Audit log for all RFP state transitions and booking actions
DATA-004
Media storage for venue images via S3-compatible object storage
DATA-005
Full-text search index on venue name, city, amenities (pg_trgm)
DATA-006
Data retention: RFP drafts 90 days; confirmed bookings 7 years

💻

Software Requirements

Technology stack, dependencies, and tooling

⚛️

Next.js 15

Frontend Framework (SSR/SPA)

🏳

Node.js 22 LTS

Backend Runtime

🚀

Express.js 5

REST API Server

🗃️

PostgreSQL 16

Primary Database

⚡

Redis 7

Cache & Job Queue

🔷

Prisma ORM

Database Abstraction

🎨

Tailwind CSS 4

UI Styling

🛡️

NextAuth.js

Auth & Session Mgmt

🖨

Resend / Nodemailer

Transactional Email

💳

Stripe

Payment Processing

🗺️

Mapbox GL JS

Interactive Maps

⚙️

BullMQ

Background Jobs

🔒

Zod

Schema Validation

📊

Recharts

Analytics Dashboard

🧪

Vitest + Playwright

Unit & E2E Testing

🔄

GitHub Actions

CI/CD Pipeline

Browser & Platform Support

SW-001
Chrome 120+, Firefox 120+, Safari 17+, Edge 120+ Critical
SW-002
iOS Safari 17+, Chrome on Android 120+ Critical
SW-003
Node.js 22 LTS server runtime (minimum v20 LTS) Critical
SW-004
Ubuntu 22.04 LTS production server OS High
SW-005
Nginx 1.24+ with HTTP/2 and Brotli compression modules High

📋

RFP Workflow

8-step RFP builder modeled on Cvent RFP process

Add Venue to RFP

→

Event Requirements

→

Guest Room Requirements

→

Meals & Catering

→

Contact Details

→

Pricing Preferences

→

Other Information

→

Customer Questions & Submit

Step 2 — Event Requirements

RFP-E1
Event name, type (conference, wedding, corporate, gala)
RFP-E2
Preferred dates + alternate dates; multi-day event support
RFP-E3
Expected attendance count (minimum, maximum)
RFP-E4
Meeting room setup: Theatre, Classroom, Banquet, U-Shape, Reception
RFP-E5
Function rooms required per day with timing
RFP-E6
AV requirements: projector, PA, video conferencing, streaming

Step 3 — Guest Room Requirements

RFP-R1
Check-in / check-out dates; length of stay per guest
RFP-R2
Room type mix: single, double, suite, accessible
RFP-R3
Room block size per night with peak night designation
RFP-R4
Rate cap per room per night (budget ceiling)
RFP-R5
Complimentary room ratio request (1 comp per N rooms)
RFP-R6
Attrition policy preference and cancellation terms

Step 4 — Meals & Catering

RFP-M1
Meal functions per day: breakfast, AM break, lunch, PM break, dinner, reception
RFP-M2
Cover count per meal function
RFP-M3
Meal service style: buffet, plated, stations, cocktail
RFP-M4
Dietary requirements: halal, kosher, vegan, gluten-free
RFP-M5
Beverage packages: alcoholic, non-alcoholic, hosted bar
RFP-M6
Per-person F&B budget and minimum spend expectations

Steps 5-8 — Contacts, Pricing, Questions

RFP-C1
Primary planner: name, title, email, phone, company
RFP-C2
On-site coordinator details (may differ from planner)
RFP-C3
Billing / accounts payable contact
RFP-P1
Total event budget range; separate room vs F&B budget
RFP-P2
Preferred payment schedule: deposit %, milestones, final
RFP-O1
Accessibility needs, parking requirements, decor restrictions
RFP-Q1
Admin-defined custom questions with text/select/date field types
RFP-Q2
Planner-written notes / special requests free-text field

🔌

Cvent API Integration

Key endpoints from developer.cvent.com used in this platform

Method	Endpoint	Purpose	Phase
POST	/oauth2/token	Obtain access token (client credentials)	P1
GET	/venues	Search venues with filters	P2
GET	/venues/{id}	Venue detail page data	P2
GET	/venues/{id}/rooms	Meeting room inventory and capacity	P2
GET	/venues/{id}/availability	Date availability calendar	P2
GET	/venues/{id}/photos	Venue image gallery	P2
GET	/hotels	Search hotels near venue	P3
GET	/hotels/{id}/room-types	Room type catalogue with rates	P3
POST	/hotels/{id}/room-blocks	Create guest room block request	P3
GET	/hotels/{id}/room-blocks/{blockId}	Room block status and pickup	P3
POST	/rfps	Submit new RFP to venues	P3
GET	/rfps/{id}	Retrieve RFP details and status	P3
PUT	/rfps/{id}	Update draft RFP	P3
GET	/rfps/{id}/proposals	List venue proposals for RFP	P4
GET	/rfps/{id}/proposals/{pid}	Proposal detail with pricing	P4
POST	/rfps/{id}/proposals/{pid}/accept	Accept proposal and initiate contract	P4
POST	/rfps/{id}/proposals/{pid}/decline	Decline specific proposal	P4
GET	/bookings/{id}	Retrieve booking details	P4
PUT	/bookings/{id}	Modify booking (rooms, F&B)	P4
DELETE	/bookings/{id}	Cancel booking with reason	P4
GET	/caterers	List approved caterers for venue	P3
GET	/caterers/{id}/menus	Catering menu packages	P3
POST	/webhooks	Register webhook for event updates	P2
GET	/reports/bookings	Booking analytics for admin	P5

📂

Development Phases & Tasks

6-phase agile delivery plan with detailed task breakdown

Foundation & Infrastructure

Project scaffolding, server setup, CI/CD, auth, and Cvent API connectivity

Duration4 Weeks

Tasks8

PriorityCritical

1.1

Initialize monorepo (Next.js 15 + Express.js API)

Create /apps/web (Next.js) and /apps/api (Express) with TypeScript, ESLint, Prettier config and shared /packages/types

FrontendBackend
1.2

PostgreSQL 16 + Prisma schema setup

Define User, Venue, RFP, RFPVenue, GuestRoomBlock, MealFunction, Booking, Contact models with all relations

DatabaseBackend
1.3

Authentication — NextAuth.js with email + OAuth2

JWT sessions, email/password, Google and LinkedIn OAuth providers, email verification flow, RBAC middleware

BackendSecurity
1.4

Cvent API OAuth2 client + token manager

Implement developer.cvent.com OAuth2 client credentials flow, token refresh, retry with exponential backoff, env-based credential storage

APIBackend
1.5

Nginx configuration for cvent.swapunits.online

Nginx reverse proxy (port 3000 Next.js, port 4000 API), Let's Encrypt SSL, gzip, HTTP/2, security headers (HSTS, X-Frame-Options)

DevOps
1.6

GitHub Actions CI/CD pipeline

Lint, type-check, test, build, and deploy on push to main branch via SSH to production server with PM2 reload

DevOps
1.7

Redis setup for sessions and BullMQ job queues

Session store, notification job queues (email, SMS), Cvent webhook processing queue with retry logic

BackendDatabase
1.8

Design system — Tailwind config, base component library

Color tokens, typography scale, Button, Input, Select, Modal, Card, Badge components — mobile-first

Frontend

Venue Discovery & Search

Venue search, detail pages, maps integration, and availability via Cvent API

Duration4 Weeks

Tasks7

PriorityCritical

2.1

Venue search API — proxy Cvent /venues endpoint

Location, date, capacity, amenity filters; Redis cache 5 min; paginated response with cursor

APIBackend
2.2

Venue search results page with filter sidebar

List view with venue cards, sort (price/rating/distance), filter panel, pagination, skeleton loading states

Frontend
2.3

Interactive map view — Mapbox GL JS

Clustered venue markers, click-to-preview popups, sync map with list, map/list toggle

FrontendAPI
2.4

Venue detail page — photos, rooms, amenities

Photo gallery with lightbox, meeting room specs table, amenities grid, capacity chart, virtual tour embed

FrontendAPI
2.5

Availability calendar widget

Date range picker pulling Cvent /venues/{id}/availability — highlight available/blocked/pending dates

FrontendAPI
2.6

Shortlist and compare (up to 5 venues)

Save venues to shortlist, side-by-side comparison table for capacity, pricing, and amenities

FrontendBackend
2.7

Cvent webhook registration and handler

POST /webhooks on Cvent API, handle venue availability and RFP status change events via BullMQ queue

APIBackend

RFP Builder & Hotel Room Blocks

Full 8-step RFP wizard, meals configuration, and hotel room block management

Duration6 Weeks

Tasks10

PriorityCritical

3.1
RFP data model and state machine
Prisma schema for RFP with states: DRAFT → SUBMITTED → PROPOSAL_RECEIVED → NEGOTIATION → BOOKED → CANCELLED
DatabaseBackend
3.2
Step 1 — Add Venue to RFP flow
"Add to RFP" button on venue pages; multi-venue selection basket; RFP creation from shortlist with venue pre-populated
FrontendBackend
3.3
Step 2 — Event Requirements form
Event name/type, dates with multi-day support, attendance range, room setup style per day, AV requirements checklist
Frontend
3.4
Step 3 — Guest Room Requirements form
Room type mix builder per night, rate cap slider, block size, comp ratio, attrition and cancellation policy preferences
FrontendAPI
3.5
Step 4 — Meals and Catering form
Meal function builder (per-day, per-session), service style, cover count, dietary flags, F&B budget; pull caterer menus from Cvent API
FrontendAPI
3.6
Step 5 — Contact Details form
Primary planner, on-site coordinator, billing contact fields; auto-populate from user profile; add multiple contacts
Frontend
3.7
Steps 6-8 — Pricing, Other Info, and Custom Questions
Budget range sliders, payment schedule builder, AV/parking/accessibility checklist, admin-configurable custom question engine
FrontendBackend
3.8
RFP draft auto-save and resume
Debounced auto-save every 30 seconds; resume from any step; step completion indicators; progress bar at top
FrontendBackend
3.9
RFP submission — POST to Cvent /rfps
Validate and transform form data to Cvent RFP payload format, submit to API, store Cvent RFP ID, send confirmation email
APIBackend
3.10
Hotel room block management page
Create/view/modify room blocks via Cvent hotel API; room pickup tracker with visual gauge; link block to RFP
FrontendAPI

Proposals, Bookings & Payments

Proposal comparison, contract management, booking lifecycle, and Stripe payments

Duration5 Weeks

Tasks8

PriorityHigh

4.1
Proposals inbox — list and notification
Poll /rfps/{id}/proposals; push notification to user when new proposal arrives; email alert with deep link
FrontendAPI
4.2
Proposal comparison view
Side-by-side table: room rate, F&B package, AV, total cost estimate, venue score; accept/decline action buttons
Frontend
4.3
Contract review and e-signature flow
Display contract PDF from Cvent API; DocuSign embedded signing or checkbox accept for MVP phase
FrontendAPI
4.4
Stripe payment integration — deposit and milestones
Payment intent for deposit percentage, saved card for future milestones, webhook for payment confirmation, receipts
BackendSecurity
4.5
Booking confirmation page and dashboard
Booking reference, venue details, dates, payment schedule summary; downloadable booking summary PDF
Frontend
4.6
Booking modification and cancellation flows
PUT /bookings/{id} for amendments; cancellation with fee calculation display; status timeline view
FrontendAPI
4.7
Email and SMS notification system
BullMQ job processors: RFP submitted, proposal received, booking confirmed, payment due, booking modified
Backend
4.8
My Events dashboard
Cards for all bookings (upcoming, past, cancelled); RFP status pipeline view; quick actions per booking
Frontend

Admin Panel & Analytics

Admin dashboard, venue manager portal, custom questions engine, reporting

Duration4 Weeks

Tasks5

PriorityHigh

5.1
Admin dashboard — users, RFPs, bookings overview
KPI cards (total RFPs, conversion rate, revenue), data tables with search/filter, user management actions
FrontendBackend
5.2
Custom questions engine (admin-configurable)
CRUD for question templates; field types: text, textarea, select, multiselect, date, number; required/optional flag per question
FrontendBackend
5.3
Analytics and reporting — Recharts dashboards
Booking funnel, revenue by month, top venues, RFP response time metrics via Cvent /reports/bookings endpoint
FrontendAPI
5.4
Content management — venue spotlights and banners
Admin-managed homepage featured venues, promotional banners, destination guides with WYSIWYG editor
FrontendBackend
5.5
Audit log viewer and data export (CSV/PDF)
Filterable audit log for all RFP and booking actions; bulk CSV export for accounting; GDPR data download
BackendSecurity

QA, Security Hardening & Launch

End-to-end testing, security audit, performance optimization, and production launch

Duration3 Weeks

Tasks4

PriorityCritical

6.1
Playwright E2E test suite — full RFP booking flow
Automated: register → search → shortlist → build RFP → submit → receive proposal → accept → pay → confirm booking
FrontendBackend
6.2
Security audit — OWASP Top 10 and penetration test
XSS, CSRF, SQLi, IDOR checks; Stripe PCI-DSS verification; auth bypass testing; npm dependency vulnerability scan
Security
6.3
Performance optimization and Lighthouse audit
Target: LCP < 2s, CLS < 0.1, INP < 200ms; image optimization, code splitting, prefetch, CDN for static assets
FrontendDevOps
6.4
Production launch — DNS, SSL, monitoring go-live
DNS cutover to cvent.swapunits.online, Certbot SSL, Loki/Grafana dashboards live, Sentry error tracking, uptime monitoring
DevOps

📅

Delivery Timeline

26-week roadmap from kickoff to production launch

Weeks 1-4 · Phase 1

Foundation & Infrastructure

Monorepo setup, PostgreSQL + Prisma, auth, Cvent API OAuth2 client, Nginx config for cvent.swapunits.online, CI/CD pipeline

Weeks 5-8 · Phase 2

Venue Discovery & Search

Search pages, map view, venue detail pages, availability calendar, shortlist and compare feature

Weeks 9-14 · Phase 3

RFP Builder & Room Blocks

Full 8-step RFP wizard, meals and catering, hotel room blocks, draft auto-save, Cvent RFP submission

Weeks 15-19 · Phase 4

Proposals, Bookings & Payments

Proposal comparison, e-signature, Stripe payments, booking management, email and SMS notifications

Weeks 20-23 · Phase 5

Admin Panel & Analytics

Admin dashboard, custom questions engine, Recharts reporting, content management, audit logs

Weeks 24-26 · Phase 6

QA, Security & Launch

Playwright E2E tests, OWASP security audit, performance optimization — DNS cutover and cvent.swapunits.online goes live

🖥️

Infrastructure & Hosting

Production setup on cvent.swapunits.online

Nginx Configuration — cvent.swapunits.online

server {
    listen 80;
    server_name cvent.swapunits.online;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name cvent.swapunits.online;
    client_max_body_size 50M;

    ssl_certificate     /etc/letsencrypt/live/cvent.swapunits.online/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cvent.swapunits.online/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy no-referrer-when-downgrade;

    gzip on;
    gzip_types text/css application/javascript application/json;

    # Next.js frontend (port 3000)
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Express.js API (port 4000)
    location /api/ {
        proxy_pass http://127.0.0.1:4000/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    access_log /var/log/nginx/cvent.swapunits.online.access.log;
    error_log  /var/log/nginx/cvent.swapunits.online.error.log;
}

Port Allocation

:3000
Next.js frontend (PM2 cluster, 2 instances)
:4000
Express.js REST API (PM2 cluster, 2 instances)
:5432
PostgreSQL 16 (local only, no public access)
:6379
Redis 7 (local only, password-protected)
:80/443
Nginx (public — handles SSL termination)

Environment Variables Required

ENV
CVENT_CLIENT_ID / CVENT_CLIENT_SECRET
ENV
CVENT_API_BASE_URL (api-platform.cvent.com)
ENV
DATABASE_URL (PostgreSQL connection string)
ENV
REDIS_URL / REDIS_PASSWORD
ENV
NEXTAUTH_SECRET / NEXTAUTH_URL
ENV
STRIPE_SECRET_KEY / STRIPE_WEBHOOK_SECRET
ENV
MAPBOX_TOKEN
ENV
RESEND_API_KEY (transactional email)