navan-reference-architecture
Use when designing a production Navan API integration architecture — API gateway, token management, data sync pipelines, ERP connectors, and monitoring stack. Trigger with "navan reference architecture" or "navan integration architecture".
Best use case
navan-reference-architecture is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when designing a production Navan API integration architecture — API gateway, token management, data sync pipelines, ERP connectors, and monitoring stack. Trigger with "navan reference architecture" or "navan integration architecture".
Teams using navan-reference-architecture should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/navan-reference-architecture/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How navan-reference-architecture Compares
| Feature / Agent | navan-reference-architecture | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when designing a production Navan API integration architecture — API gateway, token management, data sync pipelines, ERP connectors, and monitoring stack. Trigger with "navan reference architecture" or "navan integration architecture".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Navan Reference Architecture
## Overview
Production-grade architecture for Navan API integrations. Navan provides raw REST endpoints with OAuth 2.0 — no SDK, no webhooks, no sandbox. This architecture handles those constraints with five purpose-built layers.
## Prerequisites
- Navan API credentials from Admin > Travel admin > Settings > Integrations
- Cloud infrastructure (AWS, GCP, or Azure) for hosting integration services
- Data warehouse for BOOKING and TRANSACTION tables
- Understanding of OAuth 2.0 client credentials flow
## Instructions
### Architecture Overview
```
┌──────────────────────────────────────────────────────────────────┐
│ CONSUMERS │
│ Travel Dashboard │ Expense Reports │ Finance System │
└────────┬────────────┴────────┬──────────┴────────┬───────────────┘
│ │ │
┌────────▼─────────────────────▼────────────────────▼───────────────┐
│ LAYER 1: API GATEWAY │
│ ┌─────────────┐ ┌──────────────┐ ┌─────────────────────────┐ │
│ │ Rate Limiter │ │ Request Log │ │ Circuit Breaker (5xx) │ │
│ └─────────────┘ └──────────────┘ └─────────────────────────┘ │
└────────┬─────────────────────────────────────────────────────────┘
│
┌────────▼─────────────────────────────────────────────────────────┐
│ LAYER 2: TOKEN MANAGEMENT SERVICE │
│ ┌──────────────────┐ ┌──────────────┐ ┌────────────────────┐ │
│ │ OAuth Client Cred │ │ Token Cache │ │ Auto-Refresh │ │
│ │ POST /ta-auth/ │ │ (Redis/KMS) │ │ (before expiry) │ │
│ └──────────────────┘ └──────────────┘ └────────────────────┘ │
└────────┬─────────────────────────────────────────────────────────┘
│
┌────────▼─────────────────────────────────────────────────────────┐
│ LAYER 3: NAVAN API CLIENT │
│ ┌───────────────┐ ┌──────────────┐ ┌────────────────────────┐ │
│ │ /get_user_trips│ │ /get_users │ │ /get_admin_trips │ │
│ │ /get_invoices │ │ /get_itin_pdf│ │ /reauthenticate │ │
│ └───────────────┘ └──────────────┘ └────────────────────────┘ │
└────────┬────────────────────┬────────────────────────────────────┘
│ │
┌────────▼──────────┐ ┌──────▼─────────────────────────────────────┐
│ LAYER 4: DATA │ │ LAYER 5: MONITORING │
│ SYNC PIPELINE │ │ ┌──────────┐ ┌─────────┐ ┌────────────┐ │
│ ┌───────────────┐ │ │ │ API Call │ │ Error │ │ Token │ │
│ │ Fivetran / │ │ │ │ Metrics │ │ Alerts │ │ Expiry │ │
│ │ Airbyte / │ │ │ │ (volume, │ │ (PD/ │ │ Monitor │ │
│ │ Estuary │ │ │ │ latency)│ │ Slack) │ │ │ │
│ ├───────────────┤ │ │ └──────────┘ └─────────┘ └────────────┘ │
│ │ BOOKING table │ │ │ │
│ │ (weekly full) │ │ └─────────────────────────────────────────────┘
│ ├───────────────┤ │
│ │ TRANSACTION │ │
│ │ (incremental) │ │
│ ├───────────────┤ │
│ │ ERP Connector │ │
│ │ (SAP/NetSuite)│ │
│ └───────────────┘ │
└───────────────────┘
```
### Layer 1 — API Gateway
The gateway provides rate limiting, request logging, and circuit breaking before any call reaches Navan.
```bash
# Example: test gateway → Navan connectivity
curl -s -w "connect: %{time_connect}s | ttfb: %{time_starttransfer}s | total: %{time_total}s\n" \
-o /dev/null "https://api.navan.com/ta-auth/oauth/token"
```
**Key decisions:**
- **Rate limiter**: Token bucket at 80% of Navan's observed rate limit to provide buffer
- **Circuit breaker**: Open after 5 consecutive 5xx responses; half-open after 60 seconds
- **Request log**: Structured JSON with correlation ID, endpoint, response code, and latency
### Layer 2 — Token Management Service
Centralized OAuth lifecycle management. Navan uses `client_credentials` grant type via `POST /ta-auth/oauth/token`.
```bash
# Token acquisition
TOKEN_RESPONSE=$(curl -s -X POST "https://api.navan.com/ta-auth/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=$NAVAN_CLIENT_ID&client_secret=$NAVAN_CLIENT_SECRET")
TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token')
EXPIRES=$(echo "$TOKEN_RESPONSE" | jq -r '.expires_in')
echo "Token acquired, expires in: ${EXPIRES}s"
```
**Design principles:**
- Cache tokens in Redis or KMS-encrypted storage — never in application memory across restarts
- Refresh tokens proactively 5 minutes before expiry
- Support multi-tenant scenarios with per-tenant credential isolation
### Layer 3 — Navan API Client
Thin wrapper around Navan's REST endpoints with consistent error handling:
| Endpoint | Method | Purpose | Data Table |
|----------|--------|---------|------------|
| `/ta-auth/oauth/token` | POST | OAuth token acquisition | — |
| `/v1/bookings` | GET | Booking records | BOOKING |
| `/v1/users` | GET | Employee directory | — |
### Layer 4 — Data Sync Pipeline
Navan has no push/webhook mechanism — all data sync is poll-based.
| Table | Sync Strategy | Frequency | Connector |
|-------|--------------|-----------|-----------|
| BOOKING | Full refresh | Weekly | Fivetran, Airbyte, or Estuary |
| TRANSACTION | Incremental (by date range) | Daily/hourly | Fivetran, Airbyte, or custom |
**Connector selection:**
- **Fivetran**: Managed, pre-built Navan connector, minimal configuration
- **Airbyte**: Open-source, self-hosted option, custom connector support
- **Estuary**: Real-time CDC where available, hybrid approach
### Layer 5 — Monitoring Stack
| Metric | Alert Threshold | Channel |
|--------|----------------|---------|
| API error rate | > 5% over 5 minutes | PagerDuty (P2) |
| Token refresh failure | Any failure | PagerDuty (P1) |
| API response latency | p95 > 5 seconds | Slack |
| Data sync staleness | BOOKING > 8 days old | Slack |
| Rate limit proximity | > 80% utilization | Slack |
## Output
- Architecture diagram adapted to your cloud provider and tooling
- Component specifications for each of the five layers
- Technology recommendations based on existing infrastructure
- Data flow documentation for BOOKING and TRANSACTION pipelines
## Error Handling
| Failure Mode | Architecture Response |
|-------------|---------------------|
| Token expired | Layer 2 auto-refreshes; Layer 1 retries transparently |
| Rate limited (429) | Layer 1 queues requests; Layer 5 alerts on sustained throttling |
| API outage (5xx) | Layer 1 circuit breaker opens; consumers get cached data |
| Data sync gap | Layer 4 runs catch-up sync; Layer 5 alerts on staleness |
## Examples
Validate the full stack end-to-end:
```bash
# End-to-end integration test
echo "1. Auth..." && \
TOKEN=$(curl -s -X POST "https://api.navan.com/ta-auth/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=$NAVAN_CLIENT_ID&client_secret=$NAVAN_CLIENT_SECRET" \
| jq -r '.access_token') && \
echo "2. Users..." && \
curl -s -H "Authorization: Bearer $TOKEN" \
"https://api.navan.com/v1/users" | jq '.data | length' && \
echo "3. Bookings..." && \
curl -s -H "Authorization: Bearer $TOKEN" \
"https://api.navan.com/v1/bookings?page=0&size=50" | jq '.data | length'
```
## Resources
- [Navan Integrations](https://navan.com/integrations) — Connector catalog and partner ecosystem
- [Navan Security](https://navan.com/security) — Infrastructure details (AWS, TLS, AES/KMS)
- [Navan Help Center](https://app.navan.com/app/helpcenter) — API documentation and support
## Next Steps
- Use `navan-prod-checklist` to validate each layer before launch
- Use `navan-data-sync` for detailed data pipeline configuration
- Use `navan-observability` for monitoring stack implementation detailsRelated Skills
workhuman-reference-architecture
Workhuman reference architecture for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman reference architecture".
wispr-reference-architecture
Wispr Flow reference architecture for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr reference architecture".
windsurf-reference-architecture
Implement Windsurf reference architecture with optimal project structure and AI configuration. Use when designing workspace configuration for Windsurf, setting up team standards, or establishing architecture patterns that maximize Cascade effectiveness. Trigger with phrases like "windsurf architecture", "windsurf project structure", "windsurf best practices", "windsurf team setup", "optimize for cascade".
windsurf-architecture-variants
Choose workspace architectures for different project scales in Windsurf. Use when deciding how to structure Windsurf workspaces for monorepos, multi-service setups, or polyglot codebases. Trigger with phrases like "windsurf workspace strategy", "windsurf monorepo", "windsurf project layout", "windsurf multi-service", "windsurf workspace size".
webflow-reference-architecture
Implement Webflow reference architecture — layered project structure, client wrapper, CMS sync service, webhook handlers, and caching layer for production integrations. Trigger with phrases like "webflow architecture", "webflow project structure", "how to organize webflow", "webflow integration design", "webflow best practices".
vercel-reference-architecture
Implement a Vercel reference architecture with layered project structure and best practices. Use when designing new Vercel projects, reviewing project structure, or establishing architecture standards for Vercel applications. Trigger with phrases like "vercel architecture", "vercel project structure", "vercel best practices layout", "how to organize vercel project".
vercel-architecture-variants
Choose and implement Vercel architecture blueprints for different scales and use cases. Use when designing new Vercel projects, choosing between static, serverless, and edge architectures, or planning how to structure a multi-project Vercel deployment. Trigger with phrases like "vercel architecture", "vercel blueprint", "how to structure vercel", "vercel monorepo", "vercel multi-project".
veeva-reference-architecture
Veeva Vault reference architecture for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva reference architecture".
vastai-reference-architecture
Implement Vast.ai reference architecture for GPU compute workflows. Use when designing ML training pipelines, structuring GPU orchestration, or establishing architecture patterns for Vast.ai applications. Trigger with phrases like "vastai architecture", "vastai design pattern", "vastai project structure", "vastai ml pipeline".
twinmind-reference-architecture
Production architecture for meeting AI systems using TwinMind: transcription pipeline, memory vault, action item workflow, and calendar integration. Use when implementing reference architecture, or managing TwinMind meeting AI operations. Trigger with phrases like "twinmind reference architecture", "twinmind reference architecture".
together-reference-architecture
Together AI reference architecture for inference, fine-tuning, and model deployment. Use when working with Together AI's OpenAI-compatible API. Trigger: "together reference architecture".
techsmith-reference-architecture
TechSmith reference architecture for Snagit COM API and Camtasia automation. Use when working with TechSmith screen capture and video editing automation. Trigger: "techsmith reference architecture".