Maroon Financial API integration & FDX OpenBanking export

OpenData · OpenFinance · CFPB 1033 · FDX v6 · Credit Union

Connect Maroon Financial Credit Union accounts to your accounting, PFM, or treasury stack

Maroon Financial Credit Union (MFCU) is the credit union for the University of Chicago community in Hyde Park, Chicago, founded in 1957 and serving students, faculty, staff, alumni, and their families. Its mobile banking app (Android package maroonfcu.mbanking) holds the kind of structured member data that downstream finance tools want first-class access to: deposit balances, posted and pending transactions, check images, transfer history, bill-pay status, and loan-payment activity. We deliver a clean, FDX-aligned API surface over those flows so your team can avoid screen scraping and avoid the per-call cost of a generic aggregator on a single account.

Authentication & session handling — OAuth-style token exchange that mirrors the app login, with refresh, MFA pass-through, and idle-session policy aligned to NCUA member-authentication guidance.

Statement & transaction APIs — Posted, pending, and ledger transactions with date filters, paging, MCC/category enrichment, and JSON / CSV / OFX exports compatible with QuickBooks and Xero.

Movement of money — Member-to-member transfers, send-to-another-bank flows, and loan payments — covered with idempotency keys and retry semantics.

Remote deposit & check imaging — Capture, status polling, and check-image retrieval, returning encoded image references suitable for archival and audit.

What we deliver

Every Maroon Financial engagement ships as a self-contained package. You get a documented protocol map of the live maroonfcu.mbanking client, a generated OpenAPI 3.1 spec, runnable Python and Node.js code that exercises every documented endpoint, and a small test harness that you can run against a member sandbox before any production wiring. The deliverable is intentionally narrow and inspectable rather than a black-box library.

Deliverables checklist

OpenAPI 3.1 specification covering authentication, account, transaction, transfer, bill-pay, deposit, and loan-payment surfaces
Protocol map: discovered endpoints, headers, signing scheme, token lifetimes, and rate limits
Runnable reference clients (Python 3.11 + Node.js 20) with retry, idempotency, and structured logging
Postman / Insomnia collections aligned to the spec
Member-consent template and audit-log schema for CFPB 1033 readiness
Test plan: sandbox setup, golden-path tests, error-case tests, and rate-limit drills

Engagement models

Source-code delivery from $300. You receive the runnable API source and the documentation; payment is on satisfaction after the package runs in your environment.
Pay-per-call hosted API. We host the endpoints and you pay for the calls you actually make — useful when one team needs MFCU data for a short proof-of-concept before committing to in-house code.
Hybrid. Source code for low-volume background sync, hosted endpoints for the few flows that need ops-grade availability.

Data available for integration

The table below maps the data surfaces inferred from the published Maroon Financial mobile banking feature set to the corresponding API entities, granularity, and typical downstream uses. The field names align with Financial Data Exchange (FDX) v6.4, which now includes Section 1033 consent and additional payroll/insurance fields per the FDX standard.

Data type	Source (app screen / feature)	Granularity	Typical use
Account profile & balances	"Check your balances", "View available balances"	Per-account, current and available balance, refreshed on demand	Cash-position dashboards, treasury sweeps, bookkeeping reconciliation
Posted transactions	"View transaction history"	Per-transaction, date range filters, paging cursor	Accounting GL feeds (QuickBooks/Xero), spend categorization, anomaly detection
Pending transactions	Transaction history (pending stack)	Real-time on session refresh	Available-funds checks before disbursement, fraud signal
Check images	"View check images"	Per-cleared-check, base64 reference	Audit, dispute resolution, document archive
Mobile remote deposit	"Deposit checks"	Capture event, status transitions, hold info	Funds-availability ETA, deposit reconciliation
Internal & external transfers	"Transfer funds", "Send money to another bank or credit union"	Transfer record with status and confirmation code	P2P apps, payroll handoff, business-to-personal sweeps
Member-to-member payments	"Send money to another member"	Per-payment with member alias mapping	Campus group reimbursements, club dues, household sharing
Bill pay history	"Pay your bills"	Per-payee, per-payment, schedule status	AP aging, recurring-bill verification, late-fee alerts
Loan accounts & payments	"Make loan payments"	Loan ID, principal, interest, next-due, amortization	Debt dashboards, refinance prompts, escrow tracking
Branch & ATM directory	"Find a branch or ATM"	Geocoded list with hours and services	In-app maps, surcharge-free ATM finder, customer support

Typical integration scenarios

1. Accounting sync for small business members

Many MFCU members run a sole-proprietor practice or a UChicago-affiliated lab budget. The integration pulls posted transactions on a daily cadence, normalizes payee strings, and posts them through a QuickBooks Online webhook, with a manual review queue for anything the categorizer marks as low-confidence. Mapped FDX entities: Account, Transaction, Statement.

2. Personal financial management (PFM) feed

A campus-focused PFM tool ingests balances, transactions, and loan amortization data to render a unified net-worth view. Where Plaid or MX coverage of a small credit union is delayed or missing fields, the direct integration backfills Transaction.merchantCategoryCode, Loan.nextPaymentDate, and Account.availableBalance with single-call freshness.

3. Treasury reconciliation for student organizations

Recognized student organizations move money through MFCU sub-accounts. The treasurer's reconciliation tool reads transfer events, member-to-member payments, and bill-pay confirmations to close monthly books in minutes rather than hours; check images attach automatically for any item over a configurable threshold.

4. Loan-payment automation and reminders

A small-loan servicing UI uses the loan-payment endpoint to schedule payments from share-draft accounts, polls the payment status, and surfaces escrow movement and next-due dates. Failed payments emit a webhook the partner can route into a member outreach workflow.

5. Compliance evidence for member-permissioned aggregation

Where a fintech app aggregates MFCU data on behalf of a member, the integration records consent metadata (scope, granted_at, expires_at, revoked_at) into an append-only audit log. This produces a clean evidence trail consistent with the CFPB Section 1033 final rule's data-rights expectations.

Technical implementation

The reference client wraps the MFCU mobile banking surface in three layers: an auth module that handles login, MFA, and token rotation; a typed resources module that exposes accounts, transactions, transfers, deposits, bill pay, and loans; and a thin webhooks module that converts polled state changes into outbound events. Every call carries an idempotency key, a member-consent reference, and a structured-log line you can ship straight to your SIEM.

Authentication — token exchange

POST /api/v1/maroon-financial/auth/login
Content-Type: application/json

{
  "username": "member_handle",
  "password": "<encrypted>",
  "device_id": "uuid-of-pinned-device",
  "consent_ref": "consent_2026_05_02_a1b2"
}

200 OK
{
  "access_token": "eyJhbGciOi...",
  "refresh_token": "rt_8f...",
  "expires_in": 900,
  "mfa_required": false,
  "session": {
    "id": "sess_01HW...",
    "issued_at": "2026-05-02T14:01:09Z"
  }
}

Statement query — transactions

GET /api/v1/maroon-financial/accounts/{account_id}/transactions
  ?from=2026-04-01&to=2026-04-30&status=posted&page_size=100
Authorization: Bearer <ACCESS_TOKEN>
X-Idempotency-Key: stmt-2026-04-{account_id}

200 OK
{
  "account_id": "acct_share_draft_42",
  "currency": "USD",
  "transactions": [
    {
      "id": "tx_01HW...",
      "posted_at": "2026-04-12T19:33:00Z",
      "amount": -42.17,
      "description": "HYDE PARK PRODUCE",
      "category": "GROCERIES",
      "running_balance": 1284.55,
      "check_image_ref": null
    }
  ],
  "next_cursor": "eyJwYWdlIjoy"
}

Webhook — remote deposit status

POST https://your-app.example/hooks/mfcu
Content-Type: application/json
X-MFCU-Signature: t=1746194469,v1=4d2a...

{
  "event": "deposit.status_changed",
  "deposit_id": "dep_01HW...",
  "previous_status": "received",
  "current_status": "available",
  "amount": 250.00,
  "available_at": "2026-05-03T13:00:00Z",
  "consent_ref": "consent_2026_05_02_a1b2"
}

Compliance & privacy

Regulatory alignment

U.S. credit-union data sharing sits under several overlapping frameworks. The CFPB's Personal Financial Data Rights Rule under Section 1033 establishes a member's right to authorize a third party to retrieve covered data; the largest data providers must comply by April 1, 2026, with smaller institutions phasing in through 2030. Even where MFCU's asset size places it outside the immediate compliance perimeter, designing the integration to FDX v6.x patterns now avoids a rebuild later. NCUA member-authentication guidance and NIST 800-63B identity-assurance levels inform the auth design.

Privacy & data minimization

We work only under documented authorized access or explicit member consent. Every API call is paired with a consent_ref, every payload carries a scope tag (e.g. balances:read, transactions:read, transfers:write), and retention windows default to the shortest period required by the use case. We exclude PAN, full SSN, and security questions from any persisted log unless the customer's compliance team explicitly requests otherwise in writing.

Data flow & architecture

A typical MFCU integration follows four nodes:

Client app or backend — obtains member consent, issues a request with a scoped token.
OpenFinance Lab adapter — performs auth, signs, retries, and rate-limits against the MFCU mobile banking surface.
Normalization & storage — FDX-shaped JSON stored in your warehouse (Postgres / BigQuery / Snowflake) with an append-only audit log table.
Downstream output — APIs, webhooks, or scheduled exports (CSV, OFX, JSON) into PFM, accounting, or analytics tooling.

Each node is replaceable. Customers who already run an MX or Plaid pipeline can drop just the adapter and storage layer in front of their existing warehouse.

Market positioning & user profile

Maroon Financial Credit Union has served the University of Chicago community since 1957 from its Hyde Park location, with membership open to current and former UChicago students, faculty, staff, employees of the University of Chicago Medical Center and its subsidiaries, and family members of existing members. Members tend to be highly digital: graduate students and post-docs juggling stipends and student debt, dual-career faculty households, on-campus medical staff, and small UChicago-affiliated organizations that need clean transaction exports rather than a flashy dashboard. Platform focus is mobile-first on Android and iOS via the maroonfcu.mbanking app, with online banking on the web for back-office tasks. That profile makes API access genuinely useful: account holders here are exactly the people who run side projects, lab budgets, and freelance invoicing where automated reconciliation pays back its setup cost within a couple of months.

Screenshots from the Maroon Financial app

Click any thumbnail to view the full-size screenshot. These are the publicly listed Play Store screenshots and are used here only to illustrate which UI surfaces correspond to the data points in the integration table above.

Similar apps & integration landscape

Teams that integrate Maroon Financial usually integrate other U.S. credit-union and consumer-banking apps in the same data pipeline. The names below are part of that broader ecosystem; we mention them so this page is useful to anyone arriving from a search for any of them, not to rank or compare offerings.

Eastman Credit Union — A widely cited U.S. credit-union app with deposit accounts, loans, and bill pay; integration patterns for transaction history and check images map cleanly to MFCU's data shapes.

Alliant Credit Union — National-footprint credit union whose mobile app exposes balances, ACH transfers, and rewards data; aggregation customers often need a unified view across Alliant and a community CU like MFCU.

ESL Federal Credit Union — New York–based CU with strong app ratings on iOS and Android; transaction-export and bill-pay flows resemble those documented for Maroon Financial.

TopLine Financial Credit Union — Minnesota CU with a similar feature set (mobile deposit, transfers, loan payments); useful in multi-CU dashboards.

Alternatives Federal Credit Union — Community-focused CU; comparable mobile feature surface for member-permissioned exports.

Capital One Mobile — Large-bank reference for spend tracking, transfers, and alerts; useful for households that hold both a CU account and a Capital One account.

Chase Mobile — National retail bank app with credit-score tools and budgeting; pairs with credit-union exports for a complete net-worth view.

Citi Mobile — Major-bank app frequently aggregated alongside community CU data for households with multi-bank exposure.

Ally Bank — Online-first bank with savings buckets and round-up features; common companion account to a primary CU checking.

Cash App — Mobile-first money-movement app; transfer activity often crosses MFCU's external-transfer rails and is reconciled in the same downstream system.

About OpenFinance Lab

We are an independent technical studio focused on app interface integration and authorized API integration. Our engineers come from banking, payments, mobile reverse-engineering, and cloud platforms, and we ship end-to-end financial APIs under defined security and compliance constraints. The team works in English with overseas clients, and operates a clean separation between research, build, and validation phases so each deliverable is auditable.

Banking, credit-union, and payments app integrations across the U.S. and Europe
Custom Python, Node.js, and Go SDKs with test harnesses
Protocol analysis → OpenAPI 3.1 spec → reference client → sandbox validation pipeline
Source-code delivery from $300 — runnable API source plus full documentation; pay after delivery upon satisfaction
Pay-per-call hosted API — access a managed endpoint and pay only per call, no upfront cost

Contact

For quotes, NDAs, or to submit your target app and requirements, please use our contact page. Tell us which data scopes you need (balances, transactions, transfers, deposits, loans), the volume you expect, and any aggregator you already use.

Open contact page

Engagement workflow

Scope confirmation — data scopes, volumes, downstream system, and authorization model.
Protocol analysis & API design (2–5 business days, complexity-dependent).
Build and internal validation against a sandbox member account (3–8 business days).
Documentation, samples, and test cases (1–2 business days).
Typical first delivery: 5–15 business days; multi-account or audit-heavy stacks may run longer.

FAQ

What do you need from me to start a Maroon Financial integration?

The target app name (Maroon Financial Credit Union mobile banking, package maroonfcu.mbanking), the data scope you need (balances, transaction history, bill pay status, deposits, loan payments), and any existing aggregator credentials or sandbox accounts you already work with (Plaid, MX, Finicity, Yodlee, Akoya). We design the integration around your downstream system.

How long does delivery take for a credit union mobile-banking integration?

A typical first drop covering authentication, balances and transaction history runs 5 to 12 business days. Adding remote deposit capture, bill pay status, member-to-member transfers and webhooks for posted transactions usually adds another 1 to 3 weeks depending on your volume and audit needs.

How do you handle CFPB Section 1033 and member privacy?

We work only under documented authorized access or a member-consented data-sharing flow, log every API call with consent timestamps, and minimize the data we retain. Field naming and category taxonomy follow Financial Data Exchange (FDX) v6.x so your stack is ready when 1033 obligations apply to your providers.

Can the integration coexist with Plaid, MX or Finicity?

Yes. Many fintech teams keep an aggregator for broad coverage and add a direct credit-union integration where the aggregator is missing fields, posts data with delay, or charges per call. Our deliverable is designed to plug into the same data model so you can route either source.

Original app overview (appendix)

As a Maroon Financial Credit Union member, you have 24-hour access to your accounts through the mobile banking app, where you can quickly, easily, and safely manage all of your accounts right from your cell phone. Maroon Financial Credit Union is wherever you are.

App features (per the official Play Store listing):

Check your balances
View transaction history
Transfer funds
Pay your bills
Deposit checks
Send money to another member
Send money to another bank or credit union
View check images
View available balances
Make loan payments
Find a branch or ATM

Visit maroonfinancial.org for complete details and the Online Banking disclosure. Maroon Financial Credit Union has served the University of Chicago community since 1957 and is open to UChicago students, alumni, faculty, staff, the University of Chicago Medical Center community, and family members of existing members.

Note: this page is an integration-services positioning page produced by OpenFinance Lab. Maroon Financial Credit Union is the rights holder of its own brand, app, and data; we provide third-party integration engineering on behalf of customers who hold the necessary authorization to access member data.