Building a Farmers St Bank - FSB transaction connector

Per the Play Store listing, this app keeps balances, tagged transactions with note and receipt-photo attachments, mobile-deposited check images, recurring bill-pay payees, P2P payment history, debit-card on/off state, and saved monthly statements — all behind a four-digit passcode or biometric login. That is the table of records an integrator cares about. The rest of this brief is how we get those records out, on what authority, and what ends up runnable in your repository.

Distribution: iOS and Android, listed on Google Play as com.farmersstbank.grip.
Institution: One of the Farmers State Bank community banks across the US Midwest; the specific issuing institution is not asserted from public listings here.
Data feed: Consumer-permissioned reads against the bank's digital channels, with the worker shaped to drop onto an FDX feed if the issuing institution publishes one.
Ingestion cadence: Cursor-paged polling on a configurable interval; webhook fan-out wired but dormant until the upstream supports notifications.
Refresh model: Short-lived bearer plus refresh token; the worker rotates ahead of expiry rather than after a 401.
US rule status: CFPB Section 1033 enjoined and back in reconsideration as of August 2025; the connection rides on the member's own authorization today.
Engagement: From $300 source delivery, or pay-per-call.

Bottom line. This is a US community-bank app sitting in the long tail of institutions the major aggregators reach mostly through resold or screen-scraped connections, not the top tier with direct FDX API drops. The route that holds up is consumer-permissioned ingestion against a consenting member account, with the build kept ready to switch onto a direct FDX feed if and when the issuing institution surfaces one. We would not write the integration around a Section 1033 entitlement right now, given the rule's status (see below).

What sits behind the login

The surfaces the description names, mapped to where they originate and what an integrator typically does with each.

Domain	Where it surfaces in the app	Granularity	Integrator use
Accounts and balances	Account list and per-account detail	Current ledger and available, per refresh	Position snapshots; balance-threshold alerts
Transactions with tags, notes, receipt photos	Transaction detail; user-attached metadata	Per posted item, including user-added fields	Reconciliation, categorization, audit trails
Mobile-deposit check images	Front-and-back captures stored with the deposit	Per deposit	Match deposits against statement entries
Bill-pay payees and scheduled payments	Bill-pay flow	Per saved biller, per scheduled item	Reconcile to A/P; surface upcoming dated payments
P2P payment history	"Pay a friend" flow	Per transaction	Sender/recipient mapping in cash-flow tooling
Debit card on/off state	Card-control screen	Per card	Risk workflows; step-up triggers when a card is toggled
Statements	Saved monthly statements	Per month, as the bank stores	Long-term records, period close, document retention

Three plausible routes in

What is actually reachable on this app today, and how each route holds up over the life of an integration.

1. Consumer-permissioned ingestion against a consenting member account

What it covers: every domain in the table above. Effort: medium — designed and tested against a real account. Durability: the connection runs as long as the consent is live, and the worker re-validates the session ahead of token expiry. What we set up: the member account itself is arranged with you in onboarding; the build runs against an account you nominate, not against a sandbox the customer is expected to procure first.

2. FDX-aligned ingestion via an aggregator that brokers this institution

What it covers: accounts, transactions, statements at the FDX schema's intersection — the things the aggregator surfaces uniformly across community banks. Effort: lighter, but coverage depends on whether the aggregator has this institution on a direct FDX path or behind credential capture. Durability: high when on the direct side; brittle where credentials are still in play. What we set up: aggregator provisioning, the broker plumbing on our side, and the consent UI on yours.

3. Authorized interface integration of the app's own traffic

What it covers: every screen the app shows, including bill-pay scheduling and mobile check deposit, which aggregators usually do not. Effort: heavier. Durability: high once captured; the protocol pass is re-run on app updates. What we set up: a written authorization from the account holder and full request capture in an audit log.

For most projects on this app we would build route 1 as the primary worker, keep a route 3 fallback wired but dormant, and only swap onto a route 2 plane if the issuing institution surfaces a direct FDX feed worth riding.

An ingestion sketch in Python

A small slice of a worker against this app's actual surface — tagged transactions, notes, receipt-image references — with leading-edge refresh and a replayable cursor. Illustrative; field names settle once the live channel is captured during the build.

# fsb_grip/connector.py — Farmers St Bank - FSB ingestion worker (outline)
# Authorized, consumer-permissioned. Runs as a queued task with replay-safe cursors.

from dataclasses import dataclass
from typing import Iterable

@dataclass
class Session:
    access_token: str
    refresh_token: str
    expires_at: int      # epoch seconds; rotated by the worker before the call

@dataclass
class TxnCursor:
    account_id: str
    last_posted_ts: int  # high-water mark, replayable
    last_external_id: str  # tie-breaker for items posted within the same second

def ensure_session(s: Session, refresh) -> Session:
    if s.expires_at - now() < 90:
        s = refresh(s.refresh_token)
    return s

def pull_transactions(s: Session, cur: TxnCursor) -> Iterable[dict]:
    page = api_get(
        f"/accounts/{cur.account_id}/transactions",
        token=s.access_token,
        params={
            "posted_from": cur.last_posted_ts,
            "limit": 200,
            "cursor": cur.last_external_id,
        },
    )
    for txn in page["transactions"]:
        # tags, note text, and receipt-image refs follow the app's own fields where confirmed during the build
        yield {
            "external_id":  txn["transactionId"],
            "posted_at":    txn["postedTimestamp"],
            "amount":       txn["amount"],
            "description":  txn["description"],
            "tags":         txn.get("tags", []),
            "note":         txn.get("note"),
            "receipt_refs": txn.get("attachments", []),
        }

# The shape above mirrors FDX v6.5 accounts/transactions and the bank's own tagging surface.
# The exact JSON gets pinned in the OpenAPI spec we hand you with the connector.

What ends up in your repo

A runnable Python ingestion worker — the sketch above, fleshed out with the live field names — plus a Node.js client for teams on a JavaScript stack.
A queue/stream-side handler with a replay harness: events are written to your bus with the external transaction id as the dedup key, so a re-run lands the same rows in the same order.
A webhook scaffold, dormant by default, that the worker promotes to a primary trigger if and when the upstream publishes notifications.
A batch backfill script for the historical window the connection can reach — statements as far back as the bank stores them; transactions as far back as the channel returns.
An automated test harness: fixtures captured against a consenting test account and replayed in CI, so an upstream shape change fails the build instead of leaking into production rows.
An OpenAPI spec for the endpoints the worker leans on, plus a short OAuth-and-refresh flow report sized to a code review, not a binder.
A compliance memo covering consent scope, retention guidance, and the revocation tear-down path.

Things this integration has to account for

Four engineering judgments we bake into the build before we hand it over.

Tagged transactions are first-class records. The app lets users attach tags, free-text notes, and receipt photos to transactions. We treat all three as first-class fields in the ingestion schema and persist receipt-blob references with an integrity hash — so a downstream system can fetch the image once on demand instead of pulling every byte on every sync.
State surfaces, not just events. Bill-pay scheduled payments and the debit-card on/off control are state, not transactions. We poll both on the same worker cadence so an integrator can react to "card turned off" or "payment scheduled" before the corresponding posted entry shows up — useful for risk and A/P alike.
Section 1033 is not the basis today. The CFPB rule was enjoined and reopened for reconsideration after August 2025, so we do not write the integration around a Section 1033 right. The connection rests on the member's own authorization. If the rule lands in a form that affirms direct access for this institution, the worker swaps front-doors without re-shaping its insides.
Token rotation is leading-edge, not reactive. The worker refreshes the bearer ahead of the expiry stamp; a retried event in the queue replay never burns a stale token, and a 401 from upstream is treated as a real fault, not part of normal life.

The integration is consumer-permissioned. A member of the bank logs in through our consent surface, authorizes the scopes the project actually needs — typically accounts, transactions, statements, and bill-pay and card state if those are in scope — and the connection runs against their account until they revoke. The authorization, with timestamps and the scope grant, is written to a consent log the customer gets with the deliverable.

About Section 1033 specifically for this app. The CFPB rule that would otherwise be the obvious basis for a third-party reading of a Farmers State Bank account is not in force — it is enjoined, reopened by the Bureau on its own initiative, and the four questions the agency is consulting on (representative status, fee assessment, the data-security picture, the data-privacy picture) all touch the exact shape any future direct-access flow at this institution would take. So we do not assert that this build exercises a Section 1033 right, and we do not state the rule's specific asset-thresholded obligations as settled. The integration we ship rests on the member's own authorization, which is the dependable basis at this bank today. If the rule re-enters force with terms that affirm direct access at this institution, the worker trades its consent-channel front-door for the Section 1033 channel and nothing downstream has to change.

Where you need it, the project picks up an NDA, a data-handling addendum, and a written authorization from the account holder.

Pricing and how the project runs

Source delivery for this build starts at $300, invoiced only after we hand over the runnable connector and you have confirmed it pulls against your consenting test account. The project ships in one to two weeks from kickoff; arranging the test account is part of kickoff, not a hurdle the customer clears before we start.

If you would rather not host the connector, we run the equivalent endpoints on our side under a pay-per-call price with no upfront fee. Same OpenAPI spec, same fields. The move from one model to the other is a single DNS swap, not a rebuild.

Either path starts the same way. Send us the app, the data you want, and where it has to land — contact us here — and we send back a scope and a fixed price.

The interface this is integrating against

The user-facing screens from the Play listing — useful as a reference for what an integrator is reaching for.

Apps an integrator working on US deposit accounts tends to encounter alongside this one. Listed for orientation, not ranked.

Chime — a neobank with a similar transaction-history-plus-alerts profile, reachable through the major aggregators.
SoFi — banking and brokerage in one app; aggregator coverage is mature on the deposit side.
Ally Mobile — online-only US bank; FDX participation through the standard aggregator paths.
Capital One Mobile — a large issuer with its own direct partner channels in addition to aggregator routes.
Marcus by Goldman Sachs — savings-focused; tighter data surface, well covered by aggregators.
Varo Bank — chartered US neobank with the same consumer-permissioned routing as this app.
PNC Mobile — large regional with a separate direct-API track for partners.
Fifth Third Mobile — regional bank with a comparable account-and-transactions surface.
First Horizon Mobile — Southeast US regional, in the same long-tail tier of institutions as this one.

Questions integrators ask about Farmers St Bank - FSB

Webhook push or polling — which fits Farmers St Bank - FSB?

Cursor-paged polling is the default because most community-bank back-ends, including the channels behind this app, do not surface a public webhook stream to third parties. We run the poll on a configurable interval per account, dedupe on the external transaction id, and persist the cursor before acking the batch — so a worker restart never replays a half-processed page. If the issuing institution stands up a notification stream later, the worker accepts it as an additional trigger without losing the polled cursor.

What does a consumer-permissioned connection actually grant?

Exactly the scopes the account holder selects on our consent surface — typically accounts, transactions, statements — and only for as long as the consent is live. They can revoke; we honour that by tearing the worker down and deleting the cached credentials, not just the access token. The consent grant, the timestamps, and the scope set are written to a consent log we hand over with the deliverable.

What happens to the build if Section 1033 is rewritten next year?

The ingestion worker, the schema, the queue, the replay — none of those change. What changes is the front-door auth: the worker switches from the consent-channel session it uses today to whatever the rewritten Section 1033 channel specifies, and we re-baseline the consent surface to the final rule's representative and fee model. We design the worker for that swap up front, because the rule's reconsideration is on the visible horizon.

What this brief is based on

For this brief I checked the Google Play listing of the app, the CFPB's own reconsideration page for the Section 1033 rule, an outside law-firm explainer on the rule's enjoined status, and the Financial Data Exchange landing for the current FDX v6.5 spec. The specific issuing institution — there are several Farmers State Banks across the US Midwest publishing FSB-branded mobile apps — was not confirmed from public listings and is not asserted in this brief.

OpenFinance Lab · ingestion engineering notes, May 2026.

App profile

Farmers St Bank - FSB (Google Play package com.farmersstbank.grip) is a US community-bank mobile banking app. The Play description lists transaction organization with tags, notes, and receipt photos; balance-threshold alerts; bill payments to companies or friends; transfers between accounts; mobile check deposit via front-and-back capture; debit-card on/off control; saved monthly statements; and a branches-and-ATMs locator. The app supports a four-digit passcode and biometric login on supported devices. The specific issuing institution among the several Farmers State Banks across the US Midwest is not asserted here.