HomeProjectsBanking Backend API
BackendMay 2026

Banking Backend API

ACID-compliant banking engine that achieved zero balance drift under concurrent transaction testing.

Node.jsExpress.jsMongoDBJWTBcryptNodemailer

The Problem

Race Conditions & Balance Drift

Traditional ledger systems fail under high concurrency due to race conditions and partial transaction failures. When multiple users transfer funds simultaneously, database read-write cycles can drift, leading to orphaned transactions and inaccurate ledger states. Building a financial backend requires ensuring absolute consistency, idempotency, and crash recovery, even during network disconnects or API failures.

The Solution

Immutable Ledger + 4-State Transaction Machine

Architected a double-entry bookkeeping ledger using MongoDB ACID transactions, 9 Mongoose pre-hook mutation guards, and a real-time state machine to process transactions through a strict workflow.

Key Technical Decisions

01Eliminated partial transfer failures by building a 4-state transaction machine (PENDING → COMPLETED | FAILED | REVERSED) that tracks each transfer state.
02Prevented race conditions and balance drift by implementing 9 Mongoose pre-hook mutation guards to validate ledger integrity before database writes.
03Stopped duplicate transaction processing and replay attacks by enforcing unique-key deduplication with idempotency keys.
04Recovered orphaned states and stuck transfers by writing a 5-minute stale-timeout recovery worker that auto-failed unresolved transactions.
05Secured user accounts and session states by configuring a 3-tier auth layer (JWT + Bcrypt auth with token blacklists via MongoDB TTL indexes).
06Handled automated transactional communication with a dual cookie/Bearer extraction system and OAuth2-gated email services via Nodemailer.

Impact & Results

Zero

Balance Errors

4 states

Transaction States

Zero Balance Drift Under Load

The financial backend achieved 100% data integrity with zero balance drift or database mismatch under simulated concurrent transfer tests. Audit logs recorded every ledger mutation, ensuring full accountability and compliance with double-entry accounting standards.

Key Learnings

01

Pre-hook mutation guards catch invalid database updates early — learned that validation at the API layer is not enough, database integrity must be protected at the model level.

02

Idempotency keys are non-negotiable for payment APIs — without unique client-side tokens, network retries lead to duplicate charges and ledger discrepancies.

Tech Stack

nodejs
express
mongodb
Previous Project

1Not2 Productions

Next Project

Harshtal - Japanese Cultural Festival Portal