Unlock Midcoast FCU member data behind clean, member-authorized APIs
Midcoast Federal Credit Union, headquartered in Maine and serving members across multiple branches, exposes a rich member surface inside its mobile app: share and loan balances, cleared check images, recurring Bill Pay payees, Remote Deposit Capture submissions, card-control toggles, travel notes, secure messages, and the SavvyMoney credit-score module added in the latest release. We turn that surface into a structured API stack your ERP, accounting tool, or member CRM can consume.
- Transaction-grade data — Posted and pending share/loan transactions with merchant, MCC, memo, and cleared check image references.
- Bill Pay payee graph — Add, edit, and delete operations against the member's Bill Pay payee list (an addition called out in the 2024 release notes).
- SavvyMoney credit data — Real-time score, delta, and report-change alerts pushed from the SavvyMoney module integrated with Midcoast Mobile.
Data available for integration
The table below summarizes the member-facing data surfaces inside Midcoast FCU Mobile Banking that we routinely package into APIs. Granularity reflects what the app itself exposes to the member; nothing is invented or scraped from outside the authorized session.
| Data type | Source (screen / feature) | Granularity | Typical downstream use |
|---|---|---|---|
| Account balances | Dashboard, Quick Balance | Per share / per loan, available + current | Cash-position dashboards, treasury sweeps, member CRM |
| Transaction history | Account details > transactions | Posted + pending, with MCC, memo, check image link | Bookkeeping sync (QuickBooks, Xero), spend analytics |
| Cleared check images | Transaction detail viewer | Front + back image URLs, scoped to member | Audit trails, dispute packages, accounts-payable archives |
| Bill Pay payee list | Bill Pay management screen | Payee name, account ref, last paid, status | AP automation, payee dedup, fraud monitoring |
| Loan & HELOC schedule | Loan detail / payoff calculator | Principal, interest, next due, payoff amount | Refinance modelling, debt aggregation, payoff alerts |
| SavvyMoney credit data | SavvyMoney module inside Midcoast Mobile | Current score, monthly delta, change alerts | Underwriting prequalification, member retention triggers |
| Card-control state | Card management screen | On/off, lost flag, travel windows | Fraud-ops workflows, automated travel-mode toggling |
| Secure messages | Secure inbox | Thread + message body + attachments | Member-support ticketing, omni-channel CRM |
Typical integration scenarios
1. Accounting sync for small business members
Pull Midcoast FCU share and loan transactions nightly into a QuickBooks or Xero ledger. Map MCC codes to chart-of-account categories, deduplicate against pending Bill Pay items, and post journal entries automatically. Driven by our /v1/midcoast/statement endpoint with a 35-day rolling window.
2. Cross-institution net-worth dashboard
Midcoast's app already lets members link external accounts in one place; we mirror that surface server-side so a personal-finance dashboard can aggregate Midcoast balances alongside brokerage and credit-card balances, using FDX core resources (Accounts, Transactions, Balances) as the wire format.
3. SavvyMoney-driven loan prequalification
When the SavvyMoney module reports a member's score crossing a threshold (e.g. into the 720+ band), a webhook fires into the credit union's marketing automation, which schedules a tailored auto-loan or HELOC offer. The same flow can trigger a hardship outreach when scores drop.
4. Remote Deposit Capture for property managers
Property managers receiving paper rent checks can use a back-office tool that wraps our RDC proxy, submitting batches of check images to a Midcoast member account and receiving confirmation IDs and posting times — replacing manual lobby drop-offs.
5. Fraud-ops travel-mode automation
A CRM integration detects a member's flight booking and calls our card-control endpoint to set a travel notification on the member's debit card for the trip window. Outside that window, calls auto-clear the flag, reducing false-positive declines while keeping authorization tight.
Technical implementation
API example: authorize a member session
POST /api/v1/midcoast/auth/login
Content-Type: application/json
{
"username": "<ONLINE_BANKING_USER>",
"password": "<ONLINE_BANKING_PASS>",
"device_fingerprint": "f4e2-2a91-…",
"biometric_assertion": "<optional WebAuthn blob>"
}
200 OK
{
"access_token": "eyJhbGciOi…",
"expires_in": 1800,
"refresh_token": "rt_8f01…",
"member_id": "mc_4d2a7…",
"scopes": ["accounts:read","transactions:read","billpay:write","cards:write"]
}
API example: transaction statement
GET /api/v1/midcoast/accounts/{account_id}/transactions
?from=2026-04-01&to=2026-04-30&page=1&page_size=100
Authorization: Bearer <ACCESS_TOKEN>
200 OK
{
"account_id": "sh_0001",
"currency": "USD",
"page": 1,
"total_pages": 2,
"items": [
{
"id": "tx_88c1",
"posted_at": "2026-04-28T14:02:11Z",
"status": "posted",
"amount": -42.17,
"merchant": "HANNAFORD #8174",
"mcc": "5411",
"check_image": null,
"memo": "DEBIT POS"
}
]
}
API example: SavvyMoney webhook
// Outbound webhook our service emits to your endpoint
POST https://your-app.example.com/hooks/savvymoney
X-OFL-Signature: t=1715450000,v1=2c9f… (HMAC-SHA256)
{
"event": "credit_score.changed",
"member_id": "mc_4d2a7…",
"score": 738,
"delta": +12,
"band": "good",
"report_alerts": [
{"type": "new_inquiry", "bureau": "Equifax"}
],
"observed_at": "2026-05-10T09:11:22Z"
}
// Recommended handling: verify signature, idempotency-key by event id,
// then fan out to CRM / marketing automation.
Error handling & rate limiting
All endpoints return RFC 7807 problem details. Authentication failures return 401 with type=urn:ofl:auth_required; SCA / step-up returns 403 with step_up_required=true and an MFA channel hint. Rate limits are surfaced via X-RateLimit-Remaining and a Retry-After header on 429. Idempotency on write paths (Bill Pay, RDC, card control) uses the standard Idempotency-Key request header.
Compliance & privacy
Every integration we ship for a U.S. credit union is scoped under the CFPB's Personal Financial Data Rights Rule (12 CFR Part 1033). The final rule took effect on January 17, 2025, with phased compliance dates beginning April 1, 2026 for the largest data providers; smaller credit unions under the SBA size threshold remain exempt but typically still align voluntarily. Our deliverables include a consent log, a member-revocation flow, and a data-minimization mapping that strips fields not required by the downstream use case.
Where the receiving party prefers an industry-standard wire format, we emit FDX v6-aligned JSON for Accounts, Transactions, Balances and Statements, replacing legacy screen-scraping with tokenized, permission-based access. GLBA Safeguards Rule controls (encryption in transit and at rest, access logging, vendor due diligence) are baked into the reference deployment.
Module catalogue
- Member login & session refresh (with biometric step-up)
- Quick Balance + full account list
- Transaction & statement export (JSON / CSV / OFX / FDX)
- Cleared check image fetch with signed URLs
- Bill Pay payee CRUD + scheduled-payment queries
- Remote Deposit Capture submission proxy
- Card control: on/off, lost report, replacement orders, travel
- SavvyMoney score + alert webhook
- Secure-message inbox read/send
- Loan/HELOC payoff calculator wrapper
Data flow / architecture
A typical Midcoast FCU integration runs through four stages:
- Member consent & auth — The member authorizes access through a hosted consent screen; we capture scope, expiry, and revocation handle.
- Authorized ingestion — Our connector replays the mobile app's authenticated session against Midcoast online banking, calling each documented endpoint at a polite cadence (default 4 requests/sec per member).
- Normalization & storage — Raw payloads are normalized into FDX-aligned resources, deduplicated by stable IDs, and stored encrypted (AES-256 at rest); retention defaults to 13 months.
- Egress — Downstream consumers receive data via REST (pull) or signed webhooks (push). Optional batch CSV / Excel exports can land in S3, GCS, or SFTP buckets.
Market positioning & user profile
Midcoast Federal Credit Union is a Maine-based, community-rooted institution serving primarily retail members and small businesses across mid-coast Maine, with branches in Bath, Brunswick, Damariscotta, and surrounding towns. The mobile app targets two member segments: everyday consumers who want biometric sign-in, Quick Balance, mobile check deposit, and Bill Pay; and slightly more sophisticated members who use SavvyMoney to track credit health and link external accounts for a consolidated view. The platform is published for both Android (package com.midcoastfcu.midcoastfcu) and iOS, and the credit union recently completed a digital-banking refresh that unified web and mobile feature parity. Integrations we build are typically consumed by accounting tools, lending CRMs, member-engagement platforms, and small-business back offices that already serve Maine and New England.
Screenshots
Click any thumbnail to view a larger version. These are reference screens from the public Midcoast FCU Mobile Banking listing and illustrate the user-facing data points our APIs mirror.
Similar apps & integration landscape
Midcoast FCU Mobile Banking sits inside a broad U.S. credit-union mobile-banking ecosystem. Teams that integrate with Midcoast frequently need unified data extracts across several of the apps below; we treat them all as first-class integration targets rather than competitors.
Alternatives FCU Mobile
Operated by Alternatives Federal Credit Union in upstate New York; exposes a similar member-facing surface including mobile check deposit, Bill Pay, and P2P payments — a natural cross-integration target for community-finance dashboards.
Alliant Credit Union app
One of the largest digital-only credit unions in the U.S.; the app holds nationwide member balances, a built-in budgeting tool, and an 80,000-ATM network surface that downstream tools often want to combine with Midcoast data.
PenFed Credit Union app
Pentagon Federal Credit Union's mobile app holds extensive member transaction data across consumer and mortgage products; pairs well with Midcoast data when serving members of the U.S. military diaspora.
Navy Federal Credit Union app
Navy Federal is the largest credit union in the world by assets; integrations frequently aggregate Navy Federal account balances alongside community-credit-union holdings for active-duty and veteran members.
Eastman Credit Union app
Frequently cited as the highest-rated credit union app on iOS (4.9) and Android (4.8); exposes detailed share and loan data that maps cleanly to the same FDX schema we use for Midcoast.
HawaiiUSA FCU Mobile Banking
Recently redesigned to give members a better mobile experience; another regional credit union whose statement and Bill Pay endpoints share design language with Midcoast's stack.
Mid Minnesota FCU Online Banking
Regional U.S. credit union with overlapping feature set (transfers, Bill Pay, mobile deposit); often paired with Midcoast data in multi-region small-business dashboards.
Oxford FCU Mobile Banking
Another Maine-based credit union app; teams serving multiple Maine credit unions frequently consolidate Oxford FCU and Midcoast FCU data into one operational view.
Sperry FCU Mobile Banking
Brings home banking and bill payment capabilities to member phones; useful comparator when designing a vendor-neutral, FDX-aligned transaction schema.
USF Federal Credit Union app
Allows members to view balances, transactions, and statements and transfer money between accounts; a typical integration counterpart for accounting-sync tools that also pull from Midcoast.
What we deliver
Deliverables checklist
- OpenAPI 3.1 specification for every endpoint listed above
- Protocol & auth flow report (session cookies, token refresh, biometric step-up)
- Runnable reference implementation in Python 3.11 and Node.js 20
- Automated test suite (pytest + Playwright) with sandbox fixtures
- FDX-aligned wire-format adapter (Accounts / Transactions / Balances)
- Consent log + revocation flow aligned with CFPB §1033
- Operational runbook: rate limits, retries, error mapping
Engagement workflow
- Scope confirmation: which data surfaces and which downstream consumer.
- Protocol analysis & API design (2–5 business days).
- Build & internal validation against a member-authorized sandbox (3–8 business days).
- Docs, samples, and test cases (1–2 business days).
- First delivery: typically 5–15 business days; aggregator approvals can extend timelines.
About OpenFinance Lab
OpenFinance Lab is an independent technical studio focused on credit-union and fintech protocol analysis, FDX-aligned API integration, and OpenBanking enablement. Our engineers have shipped consumer-bank, payments-rail, and credit-union integrations on three continents and stay current with CFPB §1033 implementation, FDX schema updates, and GLBA Safeguards Rule expectations.
- Consumer banking, credit unions, lending, and insurtech integrations
- Enterprise API gateways, consent management, and security reviews
- Custom Python / Node.js / Go SDKs and test harnesses
- End-to-end pipeline: analysis → build → validation → compliance review
- Source code delivery from $300 — runnable API source and full documentation; pay after delivery on acceptance
- Pay-per-call API billing — hosted endpoint with usage-based pricing, no upfront commitment
Contact
For quotes or to share your target scope (which Midcoast FCU surfaces you need and which downstream consumer they feed), open our contact page:
FAQ
What do you need from me to start a Midcoast FCU integration?
How long does delivery take for a credit union mobile banking integration?
How do you handle compliance with CFPB Section 1033 and GLBA?
Can the integration cover SavvyMoney credit score data?
Original app overview (Midcoast FCU Mobile Banking — appendix)
Midcoast FCU Mobile Banking (package com.midcoastfcu.midcoastfcu) is the official mobile app of Midcoast Federal Credit Union, a Maine-based community credit union. The app brings the credit union's full digital-banking experience to iOS and Android, with biometric sign-in, Quick Balance, transfers, loan payments, and mobile check deposit available within seconds of opening the app.
Headline capabilities, taken from the official listing:
- 24/7 secure access to member accounts
- Account information including transaction details, cleared check images, and available balances
- Apply for auto loans, home equity lines of credit, and credit cards directly inside the app
- Add, edit, and delete Bill Pay payees (free and unlimited for members enrolled in Bill Pay)
- Remote Deposit Capture — deposit checks using the device's camera
- Turn on/off lost or stolen debit cards and order replacement cards from the app
- Set travel notifications for uninterrupted debit card usage
- View current rates and information on loans and savings products
- Send secure messages to the credit union from inside the app
- Credit-score monitoring through the integrated SavvyMoney module
The most recent app update introduced full add/edit/delete management of Bill Pay payees, expanded debit-card controls, in-app access to SavvyMoney, and general bug fixes. Member support is available at 877.964.3262, and the app is free for all Midcoast Federal Credit Union members — sign-in uses the same online banking username and password as the web platform.