This article explores the system design considerations for building a robust event check-in system that functions reliably even with unstable or absent network connectivity. It focuses on solving tamper resistance, double-scan prevention, and offline tolerance by strategically embedding signed data in QR codes and employing various synchronization patterns for local and central state management. The key is balancing immediate verification with eventual consistency.
Read original on Dev.to #systemdesignEvent check-in systems often face a critical failure point: venue Wi-Fi becomes overwhelmed when large crowds arrive. A simple centralized validation model, where every QR scan requires a server round-trip, quickly breaks down. A robust system must address three core concerns simultaneously to ensure smooth operations: tamper resistance, double-scan prevention, and offline tolerance.
To enable offline validation of ticket authenticity, the QR code payload should include enough signed data for local verification. Instead of just a ticket ID, the QR should embed details like `ticket ID`, `event ID`, `issue/expiry timestamps`, and a digital `signature` (`sig`). The issuing system signs this payload with a private key, and scanning devices verify it using a corresponding public key. This allows the scanner to confirm the ticket's genuine origin without any network calls.
{ "tid": "EVT-20260810-A4F2", "eid": "boni-event-7291", "issued_at": 1754918400, "expires_at": 1754962800, "holder_name": "REDACTED AT PRINT", "category": "general-admission", "sig": "<base64-hmac-or-ecdsa-signature>" }Preventing double-scans (passback) requires shared state about which tickets have been used. In an offline-first environment, this cannot solely rely on a central server. Two main patterns emerge:
For multi-gate events, achieving eventual consistency across devices requires frequent sync intervals or even mesh-sync approaches where devices directly replicate state over local networks during internet outages to minimize the passback window.
Practical Offline-Tolerance
Offline tolerance is a spectrum. At minimum, a device should authenticate tickets via signature and durably store scan records locally. A stronger posture involves pre-loading valid ticket sets for immediate rejection of invalid or used tickets. Crucially, operators must ensure devices perform a sync check right before gates open to work with the most current state, especially for multi-day events or those with dynamic ticket status (e.g., refunds).