FedTrust Federal Credit Union API & OpenBanking

OpenData · OpenFinance · OpenBanking · CFPB 1033

Connect FedTrust FCU member accounts, transactions, and mobile deposit data to your stack

FedTrust Federal Credit Union runs on the It'sMe247 platform from CU*Answers and ships a mobile app for iOS and Android that exposes balances, transaction history, mobile check deposit, card management and a member message center. We turn those member-facing flows into authorized, OpenBanking-style APIs that downstream accounting tools, treasury dashboards and personal-finance products can consume safely.

Member authentication API — Mirror the It'sMe247 login and FFIEC-aligned multi-factor flow so your backend can establish a session, persist a refresh token, and call downstream endpoints on behalf of a consenting member.

Statement and transaction export — Paginated history across share, share-draft (checking) and loan accounts with date-range filters, posted-vs-pending flags, ACH descriptors and exports to JSON, CSV or PDF.

Mobile check deposit status — Submit a remote deposit capture image pair (front/back) with amount, then poll deposit status (received / accepted / hold / cleared) for reconciliation.

Card management hooks — Lock and unlock debit or credit cards, subscribe to authorization events, and surface the same alerts the in-app Manage My Cards screen shows.

What we deliver

Deliverables checklist

OpenAPI 3.1 specification for every endpoint we ship
Protocol report covering login flow, token rotation, MFA challenge, cookie chain and request signing
Runnable Python (FastAPI) and Node.js (Express) reference implementations
Postman collection plus pytest / vitest contract tests
Compliance notes covering CFPB 1033, FFIEC authentication, GLBA privacy and Regulation E
A Docker Compose stack that runs the connector, a mock It'sMe247 sandbox and a webhook receiver

Why FedTrust FCU data is worth integrating

FedTrust Federal Credit Union has served members since 1959 from Memphis, Tennessee, holds roughly $36.93M in assets and supports more than 3,000 members. Its mobile footprint is small enough that no public REST API exists today, yet the data it stores — debit transactions, share balances, loan amortization, mobile-deposit history and card events — is the same shape personal-finance and SMB-treasury products need. An authorized connector unlocks that data for accounting sync, member-facing budgeting, fraud monitoring and audit reporting.

Data available for integration

Data type	Source screen / feature	Granularity	Typical use
Member identity & profile	Login, member services menu	Member ID, name, contact, eligibility flags	KYC refresh, account ownership verification
Account list and balances	Home dashboard, Favorite accounts	Per-share / per-loan, available + actual balance	Cash position, treasury aggregation, PFM apps
Transaction history	Account detail, statement screens	Posted & pending lines, ACH / debit / ATM tags	Bookkeeping sync, reconciliation, expense categorization
Mobile check deposit events	Mobile Deposit flow	Image hash, amount, status, hold release date	Receivables tracking, fraud screening
Card management events	Manage My Cards menu	Card token, lock state, auth alerts, MCC	Real-time spend controls, loss prevention
Loan and amortization data	Loan account screens	Principal, rate, next due, payoff figure	Underwriting input, debt dashboards
Member messages & alerts	Message Center, notifications	Subject, body, read/unread, timestamp	Compliance archiving, secure delivery audit

Typical integration scenarios

1. Accounting sync for small-business members

A Memphis-area contractor using a FedTrust share-draft account wants daily transaction feeds in QuickBooks Online or Xero. We expose /accounts and /transactions, map ACH and debit descriptors to chart-of-accounts hints, and stream new entries via webhook. The same OpenBanking pattern is what FDX recognised aggregators implement under the CFPB's Section 1033 framework.

2. Member-facing PFM and budgeting

A personal-finance app aggregates the member's FedTrust accounts alongside a brokerage and a credit card. Our connector returns a normalized Account + Transaction schema so the consuming app can categorize spend, project cash flow and surface low-balance warnings without screen scraping.

3. Remote Deposit Capture reconciliation

An e-commerce seller deposits checks via the FedTrust mobile deposit flow. We expose POST /deposits for image submission and GET /deposits/{id} for status (received → accepted → cleared), so the seller's order system can release goods only after funds clear and a hold has expired.

4. Card-control and fraud automation

A fraud-ops team subscribes to card authorization webhooks and the lock/unlock endpoint. When an unusual MCC or geo signal fires, the team's runbook calls POST /cards/{id}/lock within seconds, mirroring the in-app Manage My Cards behaviour but driving it from a central console.

5. CFPB Section 1033 data portability

A consenting member exercises their right under the Personal Financial Data Rights rule to share data with a third-party fintech. Our connector emits an FDX-shaped JSON bundle (account, transaction, statement) and records a consent receipt with scope, expiry and revocation endpoints, ready for compliance audit.

Technical implementation

Member login (OAuth-style bridge)

POST /api/v1/fedtrust/auth/login
Content-Type: application/json

{
  "member_id": "0000123456",
  "credential": "<encrypted-password>",
  "device_fingerprint": "mob-9f2c…",
  "mfa_channel": "sms"
}

200 OK
{
  "access_token": "eyJhbGciOi…",
  "refresh_token": "rt_8a7b…",
  "expires_in": 900,
  "mfa_required": false,
  "consent_id": "csnt_2026_05_08_aab3"
}

Statement export with paging

GET /api/v1/fedtrust/accounts/SH-001/transactions
  ?from=2026-01-01&to=2026-04-30&cursor=eyJwYWdlIjoyfQ
Authorization: Bearer <ACCESS_TOKEN>
X-Consent-Id: csnt_2026_05_08_aab3

200 OK
{
  "account_id": "SH-001",
  "currency": "USD",
  "items": [
    {
      "id": "tx_88123",
      "posted_at": "2026-04-29T14:02:11Z",
      "amount": -42.17,
      "type": "debit_card",
      "merchant": "KROGER #1234",
      "mcc": "5411",
      "status": "posted"
    }
  ],
  "next_cursor": "eyJwYWdlIjozfQ"
}

Card-event webhook (HMAC signed)

POST https://your-app.example.com/hooks/fedtrust
X-Signature: t=1715170800,v1=8b7d…  // HMAC-SHA256 of body
Content-Type: application/json

{
  "event": "card.authorization",
  "card_id": "card_4f81",
  "amount": 19.95,
  "merchant": "NETFLIX",
  "mcc": "4899",
  "decision": "approved",
  "occurred_at": "2026-05-07T22:14:00Z"
}

# Verify with: hmac.new(secret, raw_body, sha256).hexdigest()
# Reject events older than 5 minutes to block replay attacks.

Compliance & privacy

US regulatory alignment

Every FedTrust FCU connector we ship is designed against the CFPB Section 1033 Personal Financial Data Rights rule, which became effective on 17 January 2025 and phases in compliance for covered data providers between April 2026 and April 2030 by asset size. We also follow FFIEC authentication guidance, NCUA member-data expectations, the Gramm-Leach-Bliley Act privacy and safeguards rules, and Regulation E for electronic fund transfer disclosures.

Privacy and data minimization

Connectors record an explicit consent receipt for each member, scope tokens to only the data the third party actually requested, support member-initiated revocation, and never persist raw credentials. Logging redacts PAN, full SSN and OTP values at the edge so debug bundles can be shared with engineering without exporting regulated data.

Data flow & architecture

The reference pipeline is intentionally short and auditable so that a credit-union risk team can reason about every hop:

FedTrust mobile app / It'sMe247 — origin of member events, card actions and remote deposits.
Connector gateway — handles OAuth-style login, MFA bridging, request signing and rate-limiting before it touches the credit union backend.
Normalized store — converts raw responses into FDX-aligned Account, Transaction, Statement and Card objects with a stable schema.
Outbound API + webhooks — serves your downstream products (PFM, accounting sync, fraud-ops console) over HTTPS with HMAC-signed webhooks for real-time events.

Market positioning & user profile

FedTrust Federal Credit Union is a community-focused US credit union headquartered in Memphis, Tennessee, serving federal employees, contractors and their family members across roughly 3,000 active members on iOS and Android. Its members are predominantly retail consumers and small-business owners who care about checking balances, depositing checks remotely and managing debit cards from their phone — exactly the workflows that benefit when an OpenBanking connector exposes them to bookkeeping, lending and fraud-prevention tools elsewhere in the member's stack.

Screenshots

Click any screenshot to enlarge. Images are sourced from the FedTrust FCU listing on Google Play and illustrate the in-app surfaces that an OpenBanking connector typically maps to.

Similar apps & integration landscape

FedTrust Federal Credit Union sits inside a wider US credit-union ecosystem. Members and product teams usually need to integrate against more than one of these apps; we list them here so the integration patterns transfer directly.

PenFed Credit Union — A national credit union whose mobile app exposes Zelle, retailer cash-deposit flows and credit-card management; teams often need a unified transaction export across PenFed and FedTrust.
Navy Federal Credit Union — The largest US credit union by assets; a 2025 redesign added all-in-one checking features and credit-score tools, and aggregators routinely combine its data with smaller community CUs.
Alliant Credit Union — Online-first national credit union; product teams pair Alliant savings data with FedTrust share-draft data when building cash-position dashboards.
Connexus Credit Union — High-yield deposit accounts; common to integrate alongside community CUs to give members a consolidated rate-and-balance view.
TDECU (Texas Dow Employees CU) — Regional CU with mobile deposit and card controls similar to FedTrust; shared schemas reduce duplicate connector work.
First Tech Federal Credit Union — Tech-employer CU; often appears in PFM products that aggregate compensation, equity and CU balances.
Security Service Federal Credit Union — Multi-state CU; treasury teams aggregate its accounts with smaller CUs through a single OpenBanking layer.
Alternatives Federal Credit Union — Community-development CU based in Ithaca, NY; often consumed by mission-driven fintechs together with peers like FedTrust.
Fort Campbell Federal Credit Union — Military-community CU with overlapping member profile to FedTrust; shared compliance posture (FFIEC, NCUA) means one integration template works for both.
Meridian Mutual Federal Credit Union — Smaller community CU; benefits from the same It'sMe247-style connector pattern we ship for FedTrust.

About OpenFinance Lab

We are an independent technical studio focused on mobile-app protocol analysis and API integration for fintech, banking and credit-union clients. Our engineers come from card networks, core-banking vendors, payment gateways and security research, and we ship end-to-end connectors that pass internal risk review at regulated institutions.

Card networks, digital banking, lending and remote deposit capture
Enterprise API gateways, OAuth servers and security reviews
Custom Python, Node.js and Go SDKs plus contract test harnesses
End-to-end flow: protocol analysis → build → validation → compliance hand-off
Source code delivery from $300 — runnable API source plus full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — access our hosted endpoints and pay only per successful call

Contact

For a quote on FedTrust Federal Credit Union or any of the similar apps listed above, send us your target app and a short data-scope description through our contact page. We respond with feasibility, an indicative timeline and a fixed-fee proposal.

Contact page

Engagement workflow

Scope confirmation — which screens, which data, which downstream system.
Protocol analysis and API design (2–5 business days, depending on MFA complexity).
Build and internal validation against a sandbox member (3–8 business days).
Documentation, samples, contract tests and threat-model write-up (1–2 business days).
Hand-off and 30-day support window covering bugfixes and protocol drift.

FAQ

What information do I need to provide to start a FedTrust FCU integration?

The target app name (FedTrust Federal Credit Union, package com.fedtrustfcu.FedTrustFCU), the data scope you need (transactions, balances, statements, mobile deposit status, card events), and any existing online-banking or test-member credentials you can authorize for sandbox testing.

How long does a typical FedTrust FCU API delivery take?

A first runnable drop covering account login, balance and statement endpoints usually takes 5 to 12 business days. Adding card-management webhooks, mobile-deposit status sync or multi-account aggregation can extend the schedule to 3-4 weeks.

Is the integration compliant with US financial data regulations?

Yes. We work only under member authorization or documented public endpoints, align our connectors to the CFPB Section 1033 Personal Financial Data Rights rule, FFIEC authentication guidance, and NCUA member-data expectations, and we respect Gramm-Leach-Bliley Act privacy obligations and Regulation E for electronic transfers.

Do you support tokenized access without credential sharing?

Yes. Our preferred pattern is tokenized OAuth-style access with short-lived access tokens, refresh rotation and consent receipts, mirroring the approach used by FDX-aligned aggregators such as Akoya and Plaid for credit-union connectivity.

📱 Original app overview (appendix)

FedTrust Federal Credit Union is a member-owned, not-for-profit US credit union headquartered in Memphis, Tennessee, chartered in 1959 to serve federal employees and their families. The institution holds approximately $36.93 million in assets and supports more than 3,000 members through a small branch network plus its It'sMe247 online and mobile banking channels powered by CU*Answers.

The mobile app on Google Play (package com.fedtrustfcu.FedTrustFCU) and the App Store gives members convenient access to FedTrust's mobile website, mobile check deposit, mobile banking, branch & contact information, and help. The most recent app refresh introduced a redesigned tab bar, faster balance access, customizable favorite accounts, full tablet support including rotation, and an improved Message Center with swipe-to-delete and mark-as-read.

The Manage My Cards menu lets members review recent card activity, temporarily lock cards in an emergency and configure granular notifications for card events, mirroring controls available across other CU*Answers credit unions on the It'sMe247 platform.

Mobile banking, mobile check deposit (Remote Deposit Capture)
Card management — lock/unlock, activity, custom alerts
Message Center for secure member-to-CU messages
Branch and ATM locator, contact details, in-app help
iOS and Android, with full tablet rotation support

Authoritative reference: CFPB 12 CFR Part 1033 — Personal Financial Data Rights.