# Backend Flow

![](/files/-MPEQ_DEVkNT4cYMTvOj)

In the backend, authentication is handled via Firebase. App provide firebase JWT token via api and then server verifies that token using firebase admin SDK. Upon successful verification, server create new JWT tokens and send those tokens as a response. App uses these tokens for further request.

Backend uses [passport.js](http://www.passportjs.org/) for JWT verification. Once JWT is successfully verified then the requested data is either fetched or added in PostgreSQL database using [sequelize.js](https://sequelize.org/)

When the access token is expired then server create new access token after verifying the refresh token attached in header of the request. If refresh token provided in header is expired then the firebase user's refresh token in revoked and token expired message is send back to the app, after which app delete shared preference and redirect the user to login page.

Similarly, in case of logout, firebase refresh token is revoked and shared preferences is deleted from the app.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://devanshixaviers.gitbook.io/mfund-documentation/backend-flow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.