Backend Verification Process
While Sarah sees a loading indicator, the backend is performing a comprehensive verification check. The system queries the secure database to validate the reference and determine the instruction's status.
โฑ๏ธ Processing Time
The entire backend check typically completes in under 2 secondsโfast enough for a seamless user experience while performing thorough validation.
Verifying Instructions...
Checking our secure records for reference REF-9F2A-47B1
๐ What the Backend Is Checking
Does This Reference Exist?
Database lookup: "SELECT * FROM instructions WHERE reference = 'REF-9F2A-47B1'". If no match, this is either a typo or a fraudulent reference.
Which Firm/Agent/Client?
Checks: Is this instruction from Shepherd+Wedderburn? Issued by David Thompson? For Sarah Mitchell's matter MITCHELL-42MAPLE?
What Type of Instruction?
Verifies the instruction type: bank details, payment information, completion instructions, etc. This helps display the right verdict message.
When Was It Issued?
Checks creation timestamp: Dec 9, 2025, 2:32 PM. This helps customers understand if the instructions are recent or old.
Has It Expired?
Checks expiry date if set. Some instructions have time limits (e.g., "valid until completion date"). Expired instructions return a warning.
Has It Been Superseded?
Checks if a newer instruction replaced this one. If solicitor sent corrected bank details, the old reference becomes invalid.
๐ ๏ธ Backend Flow
POST /api/verify { reference: "REF-9F2A-47B1", auth_token: "..." }
Verify passkey signature matches stored public key. Confirm request is from authenticated Sarah Mitchell.
Look up instruction record by reference. JOIN with firm, agent, client, matter tables.
Evaluate: status (active/revoked/superseded), expiry date, replacement references.
Confirm Sarah has permission to view this instruction (is she the client on the matter?).
Construct response: genuine/not-found/outdated with full context (firm, agent, date, instruction type).
Log verification attempt for audit trail. Return verdict to frontend (next step).
๐ Security Considerations
Rate Limiting
Prevent brute-force attempts to guess valid references. Max 10 verification requests per minute per user.
Audit Logging
Every verification attempt is logged: who, when, what reference, from what IP. Helps detect suspicious patterns.
Encrypted Storage
Instruction details stored encrypted at rest. Database compromise doesn't expose sensitive payment information.
Permission Checks
Users can only verify instructions for their own matters. Sarah can't look up references for other clients.
โก Why This Is Fast & Scalable
๐๏ธ Indexed Database Queries
Reference lookup uses database indexโconstant-time O(1) performance even with millions of instructions.
๐ Optimized Data Model
All required data (firm, agent, client, status) retrieved in a single JOIN queryโno N+1 problems.
๐พ Caching Layer
Frequently accessed instructions cached in Redisโsub-millisecond response times for repeat queries.
๐ Horizontal Scaling
Stateless API design allows adding more servers to handle increased load without architectural changes.