Auto Transfer Payment System

Payment & Security

Auto Transfer Payment System cover image

Problem & Solution

The Challenge:

Agricultural procurement hubs face a high-risk bottleneck: manual disbursement. Managing cash transfers across multiple branches requires constant manual oversight, leading to human error, delayed payments to farmers, and significant fraud risks. Without a centralized audit trail or direct bank integration, shop owners were forced into a cycle of manual SFTP report handling and redundant validation phone calls.

The Solution:

I architected a secure Payment Gateway module within the FPN-CRM ecosystem that centralizes all farmer disbursements. The system features a Document-First Approval Workflow, ensuring no bank details are modified without multi-level authorization. By implementing a custom HTTPS Agent for SCB API communication, I established a hardened, persistent link that handles mutual TLS requirements and optimizes socket reuse. This eliminated manual SFTP overhead and reduced transfer processing time from minutes to seconds, providing real-time liquidity management for branch operators.

Key Features & Business Impact

  • Persistent HTTPS Agent Integration: Custom-configured Node.js networking for secure, high-performance communication with SCB Banking APIs
  • Document-First Bank Validation: A 'Request & Approve' workflow that prevents unauthorized changes to member payment details
  • Multi-Layer Token Shield: Implementation of Shop and Operation tokens to provide two-factor style security for every API call.
  • Automated SFTP Encapsulation: Transforms complex, manual SFTP report fetching into a seamless, one-click dashboard experience.

Technical Deep Dive

Microservices & Transfer Processing

The system follows a microservices-oriented design to decouple sensitive payment logic from general CRM functions. Each service—Member Validation, Transfer Execution, and SFTP Reporting—is managed by PM2, providing cluster-mode load balancing and zero-downtime hot-reloads. This modularity ensures that high-volume payout windows at one branch do not impact the performance of the core CRM for others.

JWT, Multi-Token & Member Validation

Security is enforced through a Multi-Token Authorization (MTA) strategy. Every transfer request requires a valid Shop Token (Identity) and a short-lived Operation Token (Action), both implemented via JWT with strict TTLs and server-side blacklisting. This prevents 'replay attacks' and ensures that even if a session is hijacked, financial transactions cannot be executed without a secondary, operation-specific challenge.

Transfer Requests & SCB Partner Integration

Unlike standard fetch requests, the integration layer utilizes a custom Node.js HTTPS Agent. This allows for granular control over the TLS handshake, cipher suites, and persistent connection pooling, which is a prerequisite for banking-grade security. The pipeline manages the full lifecycle of a transaction: from initial member-active validation to real-time SCB API callbacks. To close the loop, a background worker encapsulates the complex SFTP protocol, allowing owners to pull reconciled bank statements into the CRM with a single click.

PostgreSQL & Audit Queries

To handle concurrent disbursements, the PostgreSQL schema utilizes Row-Level Security (RLS) and atomic transactions. Implemented composite indexing on (member_id, status) and (account_number) to keep validation lookups under 50ms. To ensure the system remains performant as audit logs grow, I use Materialized Views for daily financial reconciliation, offloading complex aggregation from the main transaction tables.

Technology Stack

NextJSNextJS
TypescriptTypescript
TailwindCSSTailwindCSS
PostgreSQLPostgreSQL
Drizzle ORMDrizzle ORM
PM2PM2