A ledger-based financial transaction backend built with Node.js, Express, and MongoDB.
The system simulates core banking concepts such as accounts, transactions, ledger entries, and system treasury funding, ensuring transaction consistency and auditability.
- User authentication using JWT
- Account creation for users
- Ledger-based balance calculation
- Secure money transfers between accounts
- Idempotent transactions to prevent duplicates
- MongoDB ACID transactions for consistency
- System treasury account for initial funding
- Email notifications for transactions
- Token blacklist for secure logout
The system follows a ledger-based financial architecture.
Instead of storing account balances directly, the balance is derived from ledger entries.
User
↓
Account
↓
Transaction
↓
Ledger Entries (Credit / Debit)
This ensures:
- Auditability
- Financial integrity
- Immutable transaction history
- Node.js
- Express.js
- MongoDB
- Mongoose
- JWT (JSON Web Tokens)
- Nodemailer
- Render
Backend-ledger
│
├── src
│ ├── controllers
│ ├── middleware
│ ├── models
│ ├── routes
│ ├── services
│ └── config
│
├── server.js
├── package.json
└── README.md
Register User
POST /api/auth/register
Login User
POST /api/auth/login
Logout
POST /api/auth/logout
Create Account
POST /api/accounts
Get User Accounts
GET /api/accounts
Get Account Balance
GET /api/accounts/balance/:accountId
Transfer Money
POST /api/transactions
Create Initial Funds (System Treasury)
POST /api/transactions/system/initial-funds
A typical transfer follows these steps:
- Validate request
- Check idempotency key
- Verify account status
- Derive sender balance from ledger
- Create transaction (PENDING)
- Create debit ledger entry
- Create credit ledger entry
- Mark transaction as COMPLETED
- Commit MongoDB transaction
- Send email notification
Transfer funds between accounts.
POST /api/transactions
Request Body: json
{
"fromAccount": "ACCOUNT_ID",
"toAccount": "ACCOUNT_ID",
"amount": 200,
"idempotencyKey": "unique-key-123"
}
- JWT authentication middleware
- Token blacklist for logout protection
- Authorization checks for account ownership
- Idempotent transactions to prevent duplicate transfers