Central Penn Bank NNB API integration & FDX OpenBanking

OpenData · OpenFinance · OpenBanking · FDX · Section 1033

Connect Central Penn Bank & Trust-NNB account, transaction and deposit data to your stack — under account-holder consent

The Central Penn Bank & Trust-NNB app (package com.norrybank.imobile) is the digital channel of The Northumberland National Bank, an independent Pennsylvania community bank serving more than 44,000 customers across the Greater Susquehanna Valley. We deliver authorized, FDX-aligned API layers on top of its existing capabilities so accounting platforms, lending originators, fintech aggregators and treasury tools can read balances, ingest statements, capture mobile deposits and reconcile Zelle activity without rebuilding screen scrapers.

Why this app's data is valuable — checking, savings, mortgage and auto-loan balances; itemized transaction history; pending deposit status; Zelle send/receive logs; bill pay schedules; Credit Sense (Fiserv) credit-score signals.

Who needs the integration — small business accounting tools (QuickBooks, Xero), local CPA firms, mortgage refi shops, regional lending portals, and personal finance dashboards that today rely on slow OFX downloads or fragile aggregator sessions.

Outcome we ship — a documented OAuth/token consent flow, JSON statement export with paging, mobile deposit submission shim, and webhook fan-out for posted transactions, all aligned to FDX API v6.4 field naming.

What we deliver

Deliverables checklist

OpenAPI 3.1 specification mapped to FDX v6.4 resource names
Protocol report (auth handshake, token lifetime, header fingerprinting, MFA path)
Runnable Python and Node.js source for login, balance, statement and RDC endpoints
Postman collection plus pytest / vitest harness with sandbox fixtures
Compliance brief covering CFPB Section 1033, GLBA Safeguards and FFIEC handbook references
Operations runbook: rotation, error taxonomy, retry / idempotency keys

Feature module: Account & balance API

Mirror the in-app "Fast Balances" view server-side. Returns current and available balances for checking, savings, mortgage and auto-loan accounts in a single roll-up so accounting tools can post a daily snapshot.

Feature module: Statement & transaction history

Date-range pageable feed with merchant, memo, post date, amount and running balance. Used by reconciliation engines, audit trails and budgeting tools that need line-level detail rather than monthly PDFs.

Feature module: Mobile deposit (RDC) bridge

Upload front and back check images and receive a deposit reference plus processing status. Designed to drop into back-office tools so a teller-less branch can ingest checks alongside the consumer flow.

Feature module: Transfers, bill pay and Zelle

Initiate internal A2A transfers, list scheduled bill pay items, and read Zelle send/receive events. Useful for treasury workflows that need a unified ledger across in-house transfers and Early Warning Services rails.

Feature module: Credit Sense signal export

Surface Credit Sense (Fiserv) credit-score deltas and alert events to internal CRM or marketing automation, so a relationship manager can act when a customer's score drops or a new tradeline appears.

Data available for integration (OpenData perspective)

The table below maps each data domain inside the Central Penn Bank & Trust-NNB app to its source screen, granularity and typical downstream use. Field names follow FDX v6.4 conventions so the shape is portable across other US OpenBanking pages on this site.

Data type	Source (screen / feature)	Granularity	Typical use
Account roll-up (checking, savings, mortgage, auto loan)	Home dashboard / Fast Balances	Per account, current + available, refreshed on poll	Daily reconciliation, treasury dashboards, lending pre-checks
Transaction history	Account detail screen	Per posting, with merchant, memo, amount, post date, running balance	Bookkeeping, expense categorization, AML / fraud analytics
Pending and posted mobile deposits	Deposit Funds module	Per item, with reference, status and processing time	Customer-support tooling, cash-flow projections
Bill pay schedule & recurring payments	Make Transfers and Payments	Per payee and per scheduled instance	Cash-flow planning, vendor onboarding, ERP sync
Internal A2A transfers and external transfers	Transfers module	Per transfer event, with from / to / amount / status	Multi-account ledger consolidation
Zelle send / receive events	Zelle integration (Norry Bank)	Per P2P transaction, with counterparty and memo	Person-to-person reconciliation, anti-fraud signals
Credit Sense score and alerts	Credit Sense (Fiserv) widget	Score, change events, alert reasons	Cross-sell triggers, financial-wellness coaching
Account alerts and preferences	My Profile menu	Per channel (push, email, SMS) and per rule	Customer engagement, preference-center sync

Typical integration scenarios

1. Local CPA firm month-end close

A Northumberland or Sunbury accounting practice pulls the previous month's transactions for shared business clients each first business day. Our statement endpoint returns paged JSON keyed on postedDate; the firm pipes it into QuickBooks Online via their existing import. This replaces brittle CSV downloads from the consumer app and keeps the audit trail explicit.

2. Mortgage refi pre-qualification

A regional refi originator reads twelve months of checking activity, current mortgage balance and Credit Sense score under explicit consumer consent. The service returns a single incomeStability roll-up and a redacted statement export, supporting Section 1033-style data portability without forcing the borrower to fax PDFs.

3. Small business cash flow dashboard

A Greater Susquehanna Valley small business operates one NNB checking and one savings account. We expose a webhook on every posted transaction so a self-hosted dashboard can update working-capital figures in near real time, and a daily Zelle reconciliation job categorizes inbound P2P payments as revenue.

4. Mobile deposit ingestion for back office

An insurance agency receives premium checks from policyholders. Instead of a clerk shuttling envelopes to a branch, the agency posts check images via our RDC bridge, receives a processing reference, and reconciles deposits against AR — all without writing a custom Jack Henry or Fiserv connector.

5. Bill pay calendar embedded in a budgeting tool

A consumer-facing PFM app reads the customer's NNB bill pay schedule and recurring payments and overlays them on a unified calendar that includes credit cards held elsewhere. The bill pay endpoint is read-only, so the bank's payment rails stay authoritative.

Technical implementation

1. OAuth-style account consent (FDX-aligned)

POST /api/v1/nnb/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code=<CONSUMER_CONSENT_CODE>
&client_id=<PARTNER_ID>
&redirect_uri=https://partner.example/cb
&code_verifier=<PKCE_VERIFIER>

200 OK
{
  "access_token": "eyJraWQiOi...",
  "token_type":   "Bearer",
  "expires_in":   3600,
  "refresh_token":"rt_8e8c...",
  "scope":        "accounts:read transactions:read deposits:write"
}

2. FDX-style transaction list

GET /api/v1/nnb/accounts/{accountId}/transactions
   ?fromDate=2026-04-01&toDate=2026-04-30&page=1&limit=200
Authorization: Bearer <ACCESS_TOKEN>

200 OK
{
  "page": 1,
  "totalPages": 3,
  "transactions": [
    {
      "transactionId": "tx_01HXY...",
      "postedTimestamp": "2026-04-29T14:02:11Z",
      "amount":  { "value": -42.18, "currency": "USD" },
      "description": "GIANT FOOD #234 SUNBURY PA",
      "category": "GROCERY",
      "runningBalance": { "value": 1284.55, "currency": "USD" },
      "status": "POSTED"
    }
  ]
}

3. Mobile RDC submission & webhook

POST /api/v1/nnb/deposits
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: multipart/form-data

front=@check_front.jpg
back=@check_back.jpg
amount=350.00
accountId=acct_chk_001

202 Accepted
{ "depositId":"dep_92ab", "status":"PROCESSING" }

# Webhook fired on settlement
POST https://partner.example/hooks/deposit
{
  "event":   "deposit.settled",
  "depositId":"dep_92ab",
  "amount":  { "value": 350.00, "currency":"USD" },
  "settledAt":"2026-04-30T18:00:00Z",
  "signature":"sha256=..."
}

Errors follow FDX problem-detail format (type, title, status, detail). Idempotency keys are required on POST /deposits and any future write endpoints; refresh-token rotation is mandatory and rotation reuse is rejected with HTTP 401.

Compliance & privacy

Regulatory frame

US community-bank integrations sit under the CFPB Section 1033 Personal Financial Data Rights rule, the Gramm-Leach-Bliley Act safeguards, and FFIEC IT examination guidance. The Financial Data Exchange (FDX) was formally recognized by the CFPB as a Standards Setting Body in January 2025, and FDX-aligned APIs now power 130 million+ consumer connections in the US and Canada.

What this means for NNB

Depository institutions at or below the SBA size standard are currently exempt from Section 1033 subparts B and C, so a community bank like Northumberland National Bank is not forced to publish a public API. Voluntary FDX-aligned integrations remain best practice and are typically required by partner aggregators (Plaid, MX, Finicity, Akoya) before they will whitelist the institution.

Our delivery posture

We work strictly under explicit account-holder authorization or documented public APIs, capture consent records with timestamp and scope, apply data minimization on every endpoint, and ship a compliance brief that maps each route to GLBA, Section 1033 and FFIEC handbook references. NDAs are signed when the engagement requires sandbox credentials.

Data flow / architecture

A standard NNB integration pipeline has four nodes:

Client app / consumer consent — the customer authorizes scopes (accounts, transactions, deposits) through an OAuth-style screen and receives a short-lived access token plus rotating refresh token.
Ingestion gateway — our FDX-aligned API layer translates partner calls into the upstream format, enforces rate limits and idempotency, and signs outbound webhooks.
Storage & canonicalization — posted transactions, deposit events and Zelle entries are normalized to FDX v6.4 field names and persisted with consent-record references.
Analytics / partner output — downstream consumers (CPA tooling, lending originators, PFM apps) read JSON, CSV or webhook events; audit logs are exposed read-only for compliance review.

Market positioning & user profile

Central Penn Bank & Trust-NNB is the consumer mobile front-end for The Northumberland National Bank, an independent community bank headquartered in Northumberland, Pennsylvania, serving roughly 44,000 customers across the Greater Susquehanna Valley. Primary user segments are local consumers with checking and savings accounts, mortgage and auto-loan holders, and small business operators who need branch-anchored relationship banking with mobile self-service. The platform focus is mobile-first (Android and iOS) layered on top of a Fiserv-style core; recent additions include Zelle, contactless wallet support (Apple Pay, Google Pay, Samsung Pay), and the Credit Sense credit-score widget. Integration demand for this user base concentrates around bookkeeping, tax preparation, mortgage refinancing and small business cash-flow tooling rather than high-frequency fintech use cases.

Screenshots

App screenshots from the Google Play listing. Click any thumbnail to open a larger view.

Similar apps & integration landscape

Customers who use Central Penn Bank & Trust-NNB often hold accounts at other US banks too. The apps below sit in the same OpenBanking ecosystem and frequently appear alongside NNB in unified-financial-view tooling. We are not ranking them — listing them so teams searching for any of them can find the same FDX-style integration playbook.

PNC Mobile

PNC's mobile app placed second in the J.D. Power 2025 Banking Mobile App Satisfaction Study and exposes balances, statements and Zelle activity that overlap with the NNB feature set. Combined exports help users that hold a Virtual Wallet account plus an NNB checking account.

Truist Mobile

Truist's app covers consumer checking, savings, mortgage and auto loans — a similar product mix to NNB, just at national scale. Users with both relationships often need consolidated transaction exports for tax season.

Wells Fargo Mobile

Wells Fargo Mobile carries a deep transaction history feed and Zelle-native payments. It is a common counterparty for NNB customers and a typical aggregator target for cross-bank reconciliation.

Bank of America Mobile Banking

Bank of America topped the same J.D. Power study and offers Erica-driven insights. Households mixing a national BoA relationship with a local NNB community-bank account use OpenBanking exports to keep budgeting tools in sync.

Chase Mobile

Chase Mobile exposes a mature transaction and bill pay surface and is one of the most-aggregated apps via FDX-aligned partners. Cross-bank workflows that include Chase typically benefit from the same statement schema we ship for NNB.

Capital One Mobile

Capital One ranked first in the J.D. Power 2025 Online Banking Satisfaction Study. Its credit-card and 360 checking data are commonly merged with community-bank checking exports for personal cash-flow dashboards.

Chime

Chime is a digital-first platform with no branches and is frequently a secondary account for NNB customers who want early direct deposit. Combining Chime and NNB transaction streams is a common Plaid / Akoya use case.

Ally Mobile

Ally is a digital-only bank with high-yield savings. Ally + community-bank households often want a single dashboard pulling savings yields from Ally and operating cash from NNB.

M&T Mobile Banking

M&T is a major regional bank in the Northeast US with a customer footprint that overlaps Pennsylvania. Joint M&T / NNB exports are typical inputs for local CPA firms.

Citizens Bank Mobile

Citizens covers New England and the Mid-Atlantic and is another regional counterpart to NNB. Mortgage-refi originators frequently consume both feeds when underwriting Pennsylvania borrowers.

About OpenFinance Lab

We are an independent technical studio focused on mobile fintech protocol analysis and OpenData / OpenFinance / OpenBanking API integration. Our engineers come from US and international banking, payments and core-platform backgrounds, and we have shipped integrations against Jack Henry, Fiserv, FIS-style cores as well as direct-to-app reverse-engineered surfaces for community-bank, neobank and payments apps.

Community-bank, regional-bank and neobank app integrations
FDX v6.4 alignment, OAuth and PKCE consent flows, webhook signing
Custom Python / Node.js / Go SDKs and end-to-end test harnesses
Source code delivery from $300 — runnable code plus documentation; pay after delivery upon satisfaction
Pay-per-call API billing — hit our hosted endpoints with no upfront cost; pay only for the calls you make

Contact

For quotes, scope reviews or to submit your target app and requirements, open our contact page:

Contact page

Engagement workflow

Scope confirmation: which scopes (accounts, transactions, deposits, Zelle) and which downstream system the data feeds.
Protocol analysis and API design — typically 2 to 5 business days.
Build and internal sandbox validation — typically 3 to 8 business days.
Documentation, samples, Postman collection and test cases — 1 to 2 business days.
First delivery in 5 to 15 business days; aggregator whitelisting may extend timelines.

FAQ

Do I need bank-side authorization to integrate Central Penn Bank & Trust-NNB data?

Yes. We follow account-holder consent flows and FDX-aligned authorization. For NNB-issued accounts you connect through documented OAuth-style consent and token refresh; we never bypass the bank's own authentication.

How long does delivery take?

A first API drop covering login, balance and statement endpoints typically ships in 5 to 12 business days. Mobile deposit capture or Zelle-style payment hooks may extend the timeline by 1 to 2 weeks for sandbox validation.

Which compliance frameworks apply?

US community banks fall under CFPB Section 1033 (Personal Financial Data Rights), Gramm-Leach-Bliley Act privacy rules, FFIEC IT examination guidance, and FDX API standards. Smaller depository institutions below the SBA size standard are exempt from Section 1033 subparts B and C, but FDX-aligned voluntary integrations remain best practice.

Can I just hit a hosted API instead of running source code?

Yes. We offer two engagement models: source code delivery starting at $300, and a pay-per-call hosted API with no upfront fee. Most teams start with source code for control and migrate selected endpoints to hosted billing later.

📱 Original app overview (appendix)

Central Penn Bank & Trust-NNB is the official mobile banking app of The Northumberland National Bank (NNB), an independent Pennsylvania community bank headquartered in Northumberland, PA. The app is published under package ID com.norrybank.imobile and is available on Google Play and the Apple App Store (iOS app id 1263565917). It serves the bank's 44,000+ customers across the Greater Susquehanna Valley.

The app description (verbatim, condensed) advertises:

Manage your accounts — monitor checking and savings balances (current and available); view mortgage, auto-loan and other balances; track spending and set budgets; configure account alerts; and access Credit Sense for credit score updates.
Quick access — Touch ID and Face ID for biometric login; Fast Balances for an at-a-glance view without full sign-in.
Enhanced navigation — My Profile menu for notifications and personal preferences; navigation tray for top-used features; hamburger menu for the full set of transactional tools.
Deposit funds — mobile remote deposit capture by photographing checks; immediate visibility of pending deposits.
Make transfers and payments — internal A2A transfers, transfers to other financial institutions, and management of bills and recurring payments in one place.
Disclosure — the app is free; mobile carrier message and data rates may apply; some features are restricted to eligible account holders or accounts.

Beyond the listing, the bank's site documents Zelle send/receive, contactless payments via Apple Pay, Google Pay and Samsung Pay, and the Credit Sense credit-score tool (a Fiserv product widely deployed in US community banks and credit unions).