Radiant Credit Union API integration & OpenBanking

OpenData · OpenBanking · FDX-aligned · NCUA-aware

Connect Radiant Credit Union accounts, statements, and card controls to your stack — under a written member authorization

The Radiant Credit Union mobile app (package com.SunstateMobile.ArchProd) is the digital front door for roughly 42,300 members across 14 branches in North Central Florida. The institution rebranded from SunState Federal Credit Union after a state-charter conversion in January 2021, and as of the most recent disclosures holds more than $703 million in assets. Behind the consumer-facing screens — bill pay, mobile check deposit, transfers, ATM locator — sits exactly the structured retail-banking data that fintechs, accounting tools, and lending partners increasingly want to consume through a clean API surface.

Account login & session APIs — Authorized binding of the member credential set, refresh token rotation, MFA and device-trust echo so your backend can call subsequent endpoints without re-prompting the member on every poll.

Statement & transaction export — Date-ranged transaction history with merchant, amount, posted/pending flags, plus PDF statement and cleared-check image retrieval for reconciliation and audit.

Card Manager controls — Lock and unlock issued debit cards, set travel notices, register merchant alerts, and pull authorization events from Radiant's separate Card Manager App into a unified namespace.

Deliverables & engagement model

Every Radiant Credit Union engagement closes with a concrete artifact set rather than a slide deck. Two pricing routes — flat-fee source delivery from $300, or pay-per-call on our hosted gateway — are described under "About us" below. The deliverable bundle is the same in both cases:

Deliverables checklist

OpenAPI 3.1 specification for every endpoint, with FDX field aliases noted alongside Radiant native names
Protocol and auth-flow report covering the mobile app handshake (TLS pinning, session cookies, refresh logic)
Runnable reference clients in Python and Node.js for login, statement export, and transaction sync
Postman collection plus replayable HAR captures of the mobile app's authorized traffic
Compliance addendum aligned with NCUA cybersecurity priorities and the CFPB Personal Financial Data Rights rule

Project artifacts

Replay scripts that re-create end-to-end member sessions in CI for regression testing
Token vault wiring snippets (HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager)
Sanitized fixtures so engineers can work without touching live member data
A runbook for rotating credentials when Radiant's mobile app issues a major version bump

Data available for integration

The table below maps each data domain inside the Radiant mobile experience to its in-app surface, the granularity at which we can expose it through an authorized API, and the typical downstream use case our customers ask for. Every row reflects a feature actually visible in the published mobile app description and the institution's public eBanking and Mobile Banking pages.

Data type	In-app source	Granularity	Typical use
Member identity & profile	Login & settings screens	Member ID, masked SSN tail, contact details, joint owners	KYC refresh, identity stitching across fintech stacks
Account list & balances	Account dashboard	Per-account: type (checking, savings, money market, IRA, CD, loan), available balance, current balance, hold amount	Cash-flow dashboards, lending decisioning, treasury views
Transaction history	Account detail screen	Per-transaction: posted timestamp, amount, merchant, category, debit/credit, pending flag, running balance	Bookkeeping sync (QuickBooks, Xero), expense analytics
Cleared check images	"View copies of cleared checks"	PNG/PDF front and back per check, indexed by check number	Audit, dispute resolution, escrow verification
Bill pay payees & scheduled payments	Online Bill Pay	Payee name, masked account, schedule cadence, next-pay date, amount	Subscription tracking, vendor reconciliation
Internal transfers	Quick transfer flow	Source/destination Radiant accounts, amount, memo, status	Move-money automation between member-owned accounts
Mobile deposit (RDC)	Deposit-by-camera flow	Front/back image upload, deposit amount, hold schedule	Embedded deposit experience inside partner apps
Card Manager events	Card Manager App (companion)	Card lock state, transaction alerts, travel notice windows	Real-time fraud signaling, member self-service
Branch & ATM directory	"Find the closest ATM"	Geo-coordinates, hours, services, network membership	In-app ATM locators, drive-time analytics
Investment positions	Unifimoney module (added 2025)	Holdings, lots, cash sweep, retirement account type	Net-worth aggregation, advisor-facing dashboards

Typical integration scenarios

The following scenarios are taken from real briefs we have priced for credit union and community-bank integrations. They are written specifically against the Radiant Credit Union surface area and the data table above.

1. Accounting sync for small-business members

A bookkeeping tool wants to pull every posted transaction across a Radiant business checking account into QuickBooks Online each night. We bind the member through the login API, pull a paginated /v1/accounts/{id}/transactions window using since cursors, normalize the merchant string, and emit FDX-shaped Transaction objects. The result is a category-labelled feed without the member having to upload CSVs.

2. Lender cash-flow underwriting

A consumer lender needs 24 months of transaction history plus statement PDFs to decision an auto refinance. We expose a one-shot /v1/statements/bulk endpoint that hands back the PDFs and a JSON transaction archive in a single signed bundle, ready to feed an internal underwriting model. This pairs the data inventory's "Account list" and "Transaction history" rows.

3. Personal finance dashboard for Gainesville-area members

A regional fintech serving North Central Florida wants to aggregate Radiant accounts alongside accounts at other Florida credit unions. We push posted transactions out as webhooks (transaction.posted, transaction.pending_cleared) so the dashboard updates in seconds, instead of polling the statement endpoint hourly.

4. Embedded mobile deposit inside a payroll app

A payroll provider wants its users to deposit paper bonus checks into their Radiant account without leaving the payroll app. We wrap the RDC image upload as POST /v1/rdc/deposit, add server-side image quality checks, and stream back the hold schedule for the member to confirm — mapping directly to the "Mobile deposit (RDC)" row above.

5. Real-time card-control in a fraud-monitoring tool

A fraud platform consumes Card Manager events: when an out-of-state authorization fires, the platform calls POST /v1/cards/{id}/lock within milliseconds, then notifies the member through its own channel. This stitches the companion Card Manager App into the same authorization story as core banking — under one consent record.

Technical implementation

The snippets below are illustrative pseudocode showing field shapes our integrations actually deliver. Authentication uses a short-lived bearer token issued through the authorized login bridge; refresh logic rotates tokens before expiry. All endpoints are TLS-only and respond with FDX-compatible JSON.

Endpoint: member login

POST /v1/radiant/session/login
Content-Type: application/json
X-Client-Id: <PARTNER_KEY>

{
  "member_id": "M-2049311",
  "credential": "<encrypted>",
  "device_token": "ios-49bf...",
  "mfa": { "method": "otp", "value": "382914" }
}

200 OK
{
  "access_token": "rdc_at_...",
  "refresh_token": "rdc_rt_...",
  "expires_in": 1800,
  "scopes": ["accounts.read", "transactions.read", "rdc.write"]
}

Endpoint: statement export (FDX-aligned)

GET /v1/radiant/accounts/{accountId}/transactions
  ?fromDate=2026-04-01&toDate=2026-04-30&cursor=eyJwYWdlIjoyfQ
Authorization: Bearer <ACCESS_TOKEN>

200 OK
{
  "accountId": "ACC-CHK-77310",
  "transactions": [
    {
      "transactionId": "T-9931442",
      "postedTimestamp": "2026-04-29T14:11:09Z",
      "amount": -54.20,
      "currency": "USD",
      "description": "PUBLIX #1234 GAINESVILLE FL",
      "category": "Groceries",
      "status": "posted",
      "checkNumber": null,
      "runningBalance": 4280.11
    }
  ],
  "nextCursor": "eyJwYWdlIjozfQ",
  "schema": "FDX/v6.4#Transaction"
}

Webhook: posted transaction

POST https://your-server.example/webhooks/radiant
X-Signature: t=1714410000,v1=8b01a3...

{
  "event": "transaction.posted",
  "occurredAt": "2026-04-29T14:11:11Z",
  "memberId": "M-2049311",
  "accountId": "ACC-CHK-77310",
  "transactionId": "T-9931442",
  "amount": -54.20,
  "schema": "FDX/v6.4#Transaction"
}

Delivery guarantees: at-least-once, with idempotent transactionId. Replays are signed with the same X-Signature so consumers can deduplicate safely.

Compliance & privacy

US regulatory context

Radiant Credit Union is supervised by the National Credit Union Administration (NCUA) and operates under Florida state-charter rules following its 2021 conversion. Cybersecurity has been an explicit NCUA supervisory priority every year since 2022 and remains a top item in the 2025 Supervisory Priorities letter, so any third-party integration must demonstrate an information-security program before it is allowed near member data.

On the data-rights side, the CFPB Personal Financial Data Rights rule (issued October 2024) gives consumers the right to direct their financial data to a third party for free. The CFPB recognized the Financial Data Exchange (FDX) as a standards-setting body in January 2025; our payload schemas track the FDX v6.4 specification released the following spring so that downstream systems can interoperate with other FDX-aligned providers.

Privacy controls we ship

Written member consent stored as a signed JSON record, with scope and duration
Account number and check number masking everywhere except the secure vault
No raw credential persistence — only short-lived encrypted tokens
Audit log of every API call, retained for the consent's lifetime, exportable for examiners
Data minimization defaults: scopes narrow to the screens the customer actually integrated

Data flow / architecture

The reference deployment is intentionally simple, so security review fits on a single page:

Mobile App (Radiant) → authorized session handshake using the captured login flow.
Integration Gateway → token vault + rate limiter + scope check; all outbound calls signed and logged.
Storage layer → append-only event log for posted transactions and card events; encrypted at rest (AES-256, customer-managed keys).
API surface → REST + webhooks consumed by your accounting, lending, fraud, or PFM application.

The flow is one-way for read endpoints, two-way only for member-initiated actions (transfers, RDC, card lock). That separation makes the threat model easy to reason about for your security team.

Market positioning & user profile

Radiant Credit Union is a member-owned, state-chartered financial cooperative serving roughly 42,300 individual and small-business members across 14 branches in Alachua, Bradford, Columbia, Suwannee, and surrounding counties of North Central Florida. The mobile audience skews toward primary-bank everyday checking users, vehicle and mortgage borrowers, and a growing segment of self-directed investors who picked up the Unifimoney module added in 2025. Both Android and iOS are first-class platforms; the Android bundle com.SunstateMobile.ArchProd still carries the legacy SunState identifier from the pre-2021 era. Integration buyers tend to be regional fintechs, accounting platforms, and lenders that already serve Florida households and want to remove the "manual statement upload" step from their onboarding.

Screenshots

Click any thumbnail for a larger view of the in-app surface that backs each integration scope above.

Similar apps & integration landscape

Teams that integrate Radiant Credit Union almost always also integrate one or more of the apps below. We are not ranking them — these are simply the neighbors in the United States retail-banking and credit-union ecosystem, listed so you can see how Radiant fits next to them when you plan a multi-institution data aggregation strategy.

VyStar Credit UnionFlorida's second-largest credit union, with a digital banking app that includes Bill Pay, Zelle, and inter-FI transfers — frequently aggregated alongside Radiant for North Florida consumer dashboards.

Suncoast Credit Union (SunMobile)Florida's largest credit union by membership; SunMobile exposes account, transaction, and cleared-check surfaces very similar to Radiant's, so a unified statement export endpoint usually serves both.

Alliant Credit UnionNationally chartered, mobile-first credit union; integrators often pair it with Radiant to compare regional vs. national member behavior in PFM tools.

Bethpage Federal Credit UnionOne of the largest credit unions in the Northeast; commonly cited for mobile-app quality and a useful comparator for member-experience benchmarks.

Alternatives Federal Credit UnionCommunity-development credit union with a focused mobile experience; relevant for partners building cross-credit-union data pipelines.

Chase MobileThe largest US retail banking app; sits at the other end of the size spectrum from Radiant and is often the second account a North Florida member also holds.

Ally BankOnline-only bank with an API-friendly posture; frequently aggregated next to a credit union account for high-yield savings views.

U.S. Bank MobileTop-five US bank; common companion account in cash-flow tools that target the same Florida retail segment.

ChimeMobile-first neobank popular for fee-free everyday spending; integrators use it to compare neobank versus credit-union transaction shape.

VaroNeobank chartered as a national bank in 2020, with a compact mobile-only feature set that contrasts with Radiant's branch-plus-app model.

Aggregation context: third-party data providers Plaid, MX, and Mastercard Finicity all advertise broad credit-union coverage, with MX particularly strong in community-bank and credit-union connections. Where their public connectors are sufficient and authorized for your use case, we will recommend them; where they are not, we deliver a direct integration that still emits FDX-shaped payloads so you can swap providers later without a schema migration.

About us

OpenFinance Lab is an independent technical studio focused on retail-banking and credit-union API integration in the United States and abroad. The team has shipped protocol analysis and API delivery work for credit unions, community banks, neobanks, lenders, and fintech aggregators. We are familiar with FDX field shapes, NCUA examiner expectations, and the operational realities of supporting a small institution's mobile app.

Engineers with credit-union, payments, and protocol-analysis backgrounds
Experience aligning deliverables with NCUA cybersecurity priorities and CFPB Personal Financial Data Rights expectations
Custom Python, Node.js, and Go SDKs plus signed Postman collections
End-to-end pipeline: protocol analysis → build → validation → compliance review
Source-code delivery from $300 — pay only after you have run the deliverable
Pay-per-call hosted API option for teams that prefer usage-based pricing with no upfront cost

Contact

To request a quote or share your Radiant Credit Union integration scope, open the contact page below. Briefs typically receive a response within one business day.

Contact page

Please include the data scopes you need, your jurisdiction, and any deadline tied to a partner go-live.

Engagement workflow

Scope confirmation: data domains, target throughput, member-consent process.
Authorization check: confirm the member account holder has signed the access mandate.
Protocol analysis and API design (2–5 business days).
Build and internal validation against fixtures (3–8 business days).
Documentation, sample clients, and acceptance test cases (1–2 business days).
Delivery, runbook handover, and a 30-day support window for production hardening.

FAQ

What do you need from me to integrate Radiant Credit Union?

The target app name (Radiant Credit Union, package com.SunstateMobile.ArchProd), specific data scopes you need (transactions, balances, statements, cleared check images, profile), at least one test member account or sandbox credentials you are authorized to use, and a written authorization from the account holder. We then deliver a protocol analysis report and runnable API source.

How long does delivery take for a credit union mobile banking API drop?

For login, statement export, and transaction history endpoints we typically deliver a working build in 5 to 12 business days. Mobile-deposit pipelines, cleared check image retrieval, and Card Manager flows can extend the timeline by another week.

How do you handle NCUA, CFPB, and FDX compliance?

We use authorized or documented public APIs only, log all consent events, encrypt access tokens at rest, mask account numbers in logs, and align field naming with the Financial Data Exchange (FDX) v6.4 schema where applicable. Deliverables include a privacy and retention guidance document for your security team.

Can the integration cover the Card Manager App as well?

Yes. The Radiant Card Manager App is a separate bundle from the main banking app. We can analyze its protocol, expose card-control endpoints (lock and unlock, travel notice, transaction alerts), and merge them into a single hosted API namespace alongside the core banking endpoints.

Original app overview (appendix)

Radiant Credit Union's free mobile banking application is the official Android and iOS client for the Gainesville, Florida-based credit union, published under the legacy Sunstate Mobile package com.SunstateMobile.ArchProd. Members use it to manage their accounts 24/7, pay bills, view copies of cleared checks, view transaction history, and make quick transfers within Radiant accounts. The app also helps members find the closest ATM in Radiant's network.

The institution itself was originally chartered as SunState Federal Credit Union and rebranded to Radiant Credit Union after a state-charter conversion that took effect in January 2021. Following the rebrand, Radiant continued to expand across North Central Florida — running 14 branches today, with operations exceeding $703 million in assets and a membership above 42,300. The downtown Gainesville branch at 405 SE 2nd Pl offers a full-service lobby, drive-up service, ATM, night deposit drop, and instant-issue debit cards.

In 2025 Radiant added Unifimoney, a digital wealth platform accessible through online and mobile banking, giving members access to self-directed investment services including ETFs, digital assets, retirement accounts, precious metals, and equities. The same year, Radiant began upgrading its ATM fleet to provide faster service. A separate Card Manager App lets members lock and unlock cards, set travel notices, and configure alerts. Public references: radiantcu.org and the Radiant Credit Union mobile support pages.