Heartland-GAB Mobile Banking API integration & FDX export

OpenData · OpenFinance · FDX · Section 1033 · Protocol analysis

Move Heartland-GAB Mobile Banking data into your stack — without screen-scraping

The Heartland-GAB Mobile Banking app, package com.heartlandbankohio3499a.production, replaced the standalone Heartland Bank app after Heartland BancCorp completed its $330 million merger into German American Bancorp on February 1, 2025. The combined institution now operates 94 branches across Indiana, Kentucky and Ohio with roughly $8.3 billion in assets, and the “GAB” suffix in the app name explicitly signals its alignment with German American Bank's digital channel. That makes the app a single, unified surface for retail and small-business banking data across three states.

Account & balance APIs — Authorized customer login mirrors the app's session flow and returns checking, savings, money-market and loan balances normalized to FDX account objects.

Statement & transaction export — Posted and pending entries with description, MCC where available, running balance, and direct mapping to FDX transactions/v6 for paging by date or cursor.

Mobile check deposit ingestion — Decode in-app remote deposit capture metadata (front/back image hashes, RDC reference IDs, deposit status) for accounting reconciliation.

Bill pay & P2P (Send Money) — Pull scheduled and historical bill-pay records and person-to-person transfers, including beneficiaries, amounts and processing status.

What we deliver

Deliverables checklist

OpenAPI 3.1 specification mapped to the Financial Data Exchange (FDX) v6 schema
Protocol analysis report covering OAuth-style session establishment, device-binding tokens and TLS pinning behavior
Runnable reference source for login, balance, statement, RDC and locator calls in Python and Node.js
Replayable integration test harness with sandbox fixtures and rate-limit simulator
Compliance bundle: data-minimization checklist, Section 1033 consent template, retention defaults and audit-log schema

API example: 90-day statement query

POST /api/v1/heartland-gab/statement
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>
X-FDX-Consent-Id: cnsnt_2026_05_02_abc123

{
  "accountId": "acct_xxxx7421",
  "fromDate": "2026-02-01",
  "toDate":   "2026-05-01",
  "type":     "deposit",
  "page":     { "limit": 100 }
}

200 OK
{
  "transactions": [
    {
      "transactionId": "txn_19f3...",
      "postedTimestamp": "2026-04-22T14:08:00Z",
      "amount": -85.31,
      "currency": "USD",
      "description": "ACH DEBIT - AEP OHIO",
      "category": "utilities",
      "runningBalance": 4231.04,
      "status": "POSTED"
    }
  ],
  "page": { "nextCursor": "eyJvZmZzZXQiOjEwMH0=" }
}

Typical integration scenarios

SMB accounting sync. A landscaping company in Columbus pushes Heartland-GAB checking activity nightly into QuickBooks Online via the FDX /transactions endpoint, eliminating manual CSV uploads and keeping reconciliation current within 24 hours.
Loan-origination cash-flow analysis. A non-bank consumer lender pulls 90 days of statement data through a Section 1033 consumer-authorized export to compute disposable income; data lands in the lender's underwriting model with FDX category codes preserved.
Treasury dashboards for multi-bank SMBs. Owners holding both a German American Business account and a Heartland-GAB checking account see a unified balance and 13-week cash-flow forecast through one merchant dashboard, fed by the same aggregator credentials.
Mobile-deposit reconciliation. A property-management firm reconciles tenant rent checks captured via in-app RDC: deposit-status webhooks fire when a hold is released, triggering ledger entries automatically.
Branch & ITM locator embed. A retail partner embeds the locator feed into a checkout receipt, helping in-person customers find the nearest of the combined 94 community-branch network across IN, KY and OH.

Data available for integration

The table below is derived from the customer-facing surfaces of the Heartland-GAB Mobile Banking app and from the Financial Data Exchange v6 schema commonly used in US bank data sharing. Each row represents a data class we can normalize into a stable REST contract for downstream consumers.

Data type	Source (in-app feature)	Granularity	Typical use
Account profile & balances	Account home / balance widget	Per account, real time on refresh	Treasury, KYC sync, balance display
Transaction history	Account detail / statements	Per posting, with running balance	Reconciliation, cash-flow analytics
Statement documents	eStatements PDF	Monthly per account	Lending evidence, audit, tax prep
Internal & external transfers	Transfer money flow	Per transfer, with status	Settlement tracking, alerting
Bill pay schedule & history	Pay bills	Per payee, recurring or one-off	Spend categorization, ERP feeds
P2P (Send Money) records	Send money	Per transfer, with counterparty alias	Risk control, AML pattern review
Mobile deposit (RDC)	Deposit checks in a snap	Per deposit, image hashes & status	Lockbox replacement, ledger postings
Loan & account-opening leads	Open accounts / apply for loans	Per submission, with status	CRM hand-off, decisioning
Free credit score snapshot	Credit score widget	Per refresh, score and factors	Customer engagement, lending offers
Branch / ATM / ITM locator	Find an office, ATM or ITM	Per location with hours and services	Embedded locator widgets, routing

Compliance & privacy

Our Heartland-GAB Mobile Banking integrations follow the CFPB Personal Financial Data Rights rule (Section 1033) finalized on October 22, 2024, alongside the Financial Data Exchange (FDX) API specification recognized by the CFPB as a standard-setting body. Note that as of October 29, 2025 the rule's compliance dates are stayed pending CFPB reconsideration and litigation in Forcht Bank, N.A. et al. v. CFPB, so we treat the FDX path and aggregator-mediated access as the operational baseline today.

State-level requirements such as the Ohio Personal Privacy Act considerations, GLBA Safeguards Rule controls, and FFIEC mobile-banking guidance are layered on top, with bank-grade encryption at rest and in transit, principle-of-least-privilege scopes per consent, and full audit logs retained for at least 25 months.

Module catalogue

Authorized session bootstrap and refresh
Multi-account balance aggregation
Statement and transaction export (FDX v6 schema)
Mobile deposit metadata and webhook bridge
Bill pay and Send Money historical retrieval
Locator and product-marketing data feed
Consent management and revocation endpoints

Technical implementation

Authorized session bootstrap (Node.js)

// Wraps the customer authorization handshake and emits an FDX consent token
import { HeartlandGabClient } from "@openfinance-lab/heartland-gab";

const client = new HeartlandGabClient({
  appBuild: "com.heartlandbankohio3499a.production",
  device:   { id: process.env.DEVICE_ID, model: "Pixel 8" },
  channel:  "fdx-v6"
});

const consent = await client.authorize({
  username: process.env.HB_USER,
  password: process.env.HB_PASS,
  scopes:   ["account.read", "transaction.read", "statement.read"],
  ttlDays:  90
});

console.log(consent.consentId, consent.expiresAt);

Webhook for mobile-deposit status (Python)

from flask import Flask, request, abort
from openfinance_lab.heartland_gab import verify_signature

app = Flask(__name__)

@app.post("/webhooks/heartland-gab/rdc")
def rdc_event():
    if not verify_signature(request.headers, request.data):
        abort(401)
    evt = request.get_json()
    # evt = {"depositId": "...", "status": "AVAILABLE",
    #        "amount": 1250.00, "accountId": "acct_xxxx7421",
    #        "holdReleasedAt": "2026-05-02T10:00:00Z"}
    post_to_ledger(evt)
    return ("", 204)

Error envelope

{
  "error": {
    "code": "CONSENT_REVOKED",
    "message": "Customer revoked sharing for this account.",
    "fdxCode": "consent.revoked",
    "retryable": false,
    "remediation": "Trigger a fresh authorize() flow."
  },
  "requestId": "req_2026_05_02_8f1d"
}

Data flow / architecture

A typical pipeline keeps the customer's mobile experience untouched while feeding a downstream consumer:

Heartland-GAB Mobile Banking client → user grants scoped consent through the standard in-app authorization screens.
OpenFinance Lab gateway → mediates the FDX-aligned session, normalizes responses to FDX v6 and adds rate-limit and replay protection.
Storage & transformation layer → immutable event store with PII tokenized; categorization, MCC enrichment and balance reconstruction happen here.
Customer endpoint → clean REST or webhook stream out to the downstream system (ERP, lender, dashboard, accounting tool), with consent expiry and revocation enforced at the edge.

Market positioning & user profile

Heartland-GAB Mobile Banking is positioned for retail consumers and small-business owners across the Midwest community-bank footprint — primarily Ohio (the historic Heartland Bank base around Columbus), Indiana and Kentucky — with both Android (com.heartlandbankohio3499a.production) and iOS builds. Customers tend to be long-tenured depositors, local SMBs, agricultural and light-industrial accounts, plus a growing slice of remote-deposit users who replaced branch visits during the post-2024 merger transition. Although the combined organization holds roughly $8.3 billion in assets, only about 20 % of US community banks reported having a formal API roadmap in the 2023 ABA survey, so a turnkey FDX bridge meaningfully closes the gap for partners that want this customer base on a modern data plane.

Screenshots

Click any screenshot to view it at full size. The visible surfaces below correspond to the data classes our connector exposes.

Heartland-GAB Mobile Banking screenshot 1

Heartland-GAB Mobile Banking screenshot 2

Heartland-GAB Mobile Banking screenshot 3

Heartland-GAB Mobile Banking screenshot 4

Heartland-GAB Mobile Banking screenshot 5

Heartland-GAB Mobile Banking screenshot 6

Heartland-GAB Mobile Banking screenshot 7

Heartland-GAB Mobile Banking screenshot 8

Heartland-GAB Mobile Banking screenshot 9

Similar apps & integration landscape

Customers who use Heartland-GAB Mobile Banking often hold accounts at one or more of the apps below. We frequently build unified data feeds across them, so a single dashboard can read transactions, balances and statements regardless of which institution issued the account.

German American Mobile Banking — Sister app from the same parent organization (com.ifs.banking.fiid1491); we frequently bridge accounts so users with both legacy Heartland and German American profiles see a single FDX feed.

Huntington Mobile — Columbus-based regional bank app with strong overlap in central Ohio; integrations often pair Huntington and Heartland-GAB statement exports for SMB borrowers comparing offers.

PNC Mobile Banking — Climbed to second place in J.D. Power's 2025 Banking Mobile App Satisfaction Study with its Virtual Wallet system; commonly aggregated alongside community-bank accounts for spend tracking.

Fifth Third Bank Mobile — Cincinnati-headquartered regional with broad Ohio coverage; appears alongside Heartland-GAB in cross-bank cash-flow dashboards.

KeyBank Mobile — Cleveland-based regional offering budgeting and savings tools that are often surfaced in unified personal-finance views with community-bank checking.

Bank Midwest — Mid-size Midwestern app whose statement layout maps cleanly to FDX v6, useful as a reference normalization target.

Osgood Bank Digital Banking — Western Ohio community bank offering Zelle, mobile deposit and card controls; a common second account for shared-deposit treasury workflows.

7 17 Credit Union Mobile — Northeastern Ohio credit union app; integrations align share-account data with Heartland-GAB checking for household budgeting tools.

Heartland Credit Union (different institution) — Frequently confused with Heartland Bank; we explicitly disambiguate the two in connector metadata so end users select the correct provider.

Peoples Bank Ohio Mobile — Marietta-based community bank app; a typical companion account for SMBs operating along the Ohio River corridor.

About OpenFinance Lab

We are an independent technical studio focused on App interface integration and authorized API integration for fintech, banking and consumer apps. Our engineers come from US and EU banks, payment processors, and protocol-analysis teams, and we ship production-grade connectors under strict compliance constraints.

US community-bank and credit-union data integrations
FDX v6 normalization and aggregator failover routing
Section 1033 consent management and revocation pipelines
Custom Python, Node.js and Go SDKs with replayable test fixtures
End-to-end pipeline: protocol analysis → build → validation → compliance review
Source-code delivery from $300 — receive runnable API source code and full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — access our hosted endpoints and pay only per call, no upfront cost

Contact

For quotes or to submit your target app and requirements, open our contact page:

Contact page

Engagement workflow

Scope confirmation: which Heartland-GAB surfaces (login, balances, statements, RDC, P2P) you need and which downstream system consumes them.
Protocol analysis and FDX mapping (2–5 business days).
Build, internal validation against fixture sandboxes, and aggregator failover wiring (3–8 business days).
Documentation, sample integrations, and replayable test cases (1–2 business days).
Typical first delivery: 5–15 business days; multi-account or webhook deliveries can extend the schedule.

FAQ

Does Heartland-GAB Mobile Banking offer a public developer API?

Heartland Bank, a division of German American Bank, does not publish a public developer portal. Programmatic access is delivered through authorized FDX-aligned aggregator channels (Plaid, MX, Finicity, Yodlee) and through Section 1033 consumer data rights once compliance dates are confirmed by the CFPB. Our integrations wrap these channels with a normalized REST API.

What data can be exported from a Heartland-GAB account?

Account profile, balances, transaction history with running balance, posted and pending items, statement PDFs, mobile check deposit metadata, bill-pay history, internal transfer records, person-to-person Send Money records, free credit-score snapshots and ATM/ITM locator data exposed by the app's customer screens.

How long does an integration take to deliver?

A first delivery covering authorization, balances and 90-day statement export typically takes 5 to 12 business days. Multi-account aggregation, mobile deposit ingestion or webhook-based notifications add another 1 to 3 weeks depending on counterparty cooperation.

Is the integration compliant with US open-banking rules?

Yes. We follow the Financial Data Exchange (FDX) API specification, observe the CFPB Section 1033 Personal Financial Data Rights framework, log explicit user consent, minimize stored data and encrypt all credentials. We do not use screen-scraping where an FDX or aggregator path exists.

Original app overview (appendix)

The mobile app offered through Heartland Bank, a division of German American Bank, makes it easy to bank from a smartphone or tablet. It is fast, secure and free, and is the unified Android and iOS channel that replaced the standalone Heartland Bank app after the February 1, 2025 merger of Heartland BancCorp into German American Bancorp. Customers must already be a Heartland Bank, a division of German American Bank, customer and enrolled in online banking; more information is available at heartland.bank.

Check account balances
Transfer money between accounts
Pay bills
Open accounts online and apply for loans
Send money
Check your credit score for free
Deposit checks in a snap
Chat securely with our Customer Care team
Find an office, ATM or ITM near you

Package ID: com.heartlandbankohio3499a.production. The combined German American — Heartland organization operates a 94-branch community network across Indiana, Kentucky and Ohio with roughly $8.3 billion in total assets as of December 31, 2024.