RWCU Mobile API integration & OpenBanking export

OpenData · OpenFinance · CFPB §1033 · FDX Core Exchange

Connect RiverWorks Credit Union Mobile data to your accounting, ERP and analytics stack — without scraping

RWCU Mobile (package com.rwcu.imobile) is the official member channel for RiverWorks Credit Union, a Massachusetts-based, NCUA-insured credit union serving Lynn, Lynnfield and Dorchester. The app already exposes structured member data through Plaid's FDX-aligned Core Exchange, which means consent-based exports are a realistic, lawful integration path. We turn that surface area into a clean, documented API your team can call.

Member account login flow — Mirror the app's online-banking authorization (User ID, password, MFA challenge), refresh tokens, and rotate sessions; useful for partner dashboards and consumer finance aggregators that need a stable per-member identity.

Transaction history export — Pull the full 90 days of activity exposed in the app, plus extended history available through FDX endpoints, with filters by date, amount and check number — exactly the surface a member sees on the "Recent Activity" screen.

Bill Pay scheduling — Schedule, edit and delete bill payments programmatically, with confirmation callbacks suitable for AP automation, rent-collection tooling and SMB cash-management apps.

Transfers (P2P and Bank-to-Bank) — Initiate Person-to-Person and external Bank-to-Bank transfers, with idempotency keys and audit logs so reconciliation tools can match outbound flows.

What we deliver

Deliverables checklist

OpenAPI 3.1 specification for every endpoint we expose
Protocol analysis report covering the login chain, MFA challenge handling and token refresh
Runnable source for balance, statement and Bill Pay endpoints (Python requests, Node.js axios, Go net/http)
Postman collection plus pytest / vitest suites that hit a sandbox member
Compliance brief mapped to CFPB Section 1033 covered data fields and the FDX data model
Webhook contract for posted transactions, scheduled Bill Pay and transfer settlement

Engagement options

We work in two modes. Source-code delivery from $300 hands you a self-hosted module; you receive runnable code, the protocol report, and the test harness, and only pay after you have run it against your own RWCU sandbox. Pay-per-call routes traffic through our hosted gateway; you settle monthly on metered usage with no upfront commitment, which suits early-stage fintech teams that have not yet sized demand. Both options come with the same documentation set so you can move between them later without rewriting clients.

Data available for integration

The list below maps the screens visible inside the RWCU Mobile app to the data fields that can be exposed through an FDX-aligned API. It reflects what the app already shows the member; we do not invent fields.

Data type	Source screen / feature	Granularity	Typical downstream use
Account list & balances	Accounts dashboard	Per-account current and available balance, account type, masked number	Net-worth dashboards, treasury sweeps, member onboarding flows
Transaction history	Recent Activity (90 days in-app)	Posted date, amount, check number, description, debit/credit, running balance	Bookkeeping, expense categorisation, anti-fraud baselining
Bill Pay payees and schedules	Bill Pay screen	Payee, amount, frequency, next payment date, status	AP automation, rent collection, recurring invoice reconciliation
Transfers (P2P and Bank-to-Bank)	Transfers screen	Source / destination account, amount, scheduled date, idempotency key	Member-to-member apps, payroll-disbursement tooling
Branch & ATM locator	Locations screen (ZIP / address)	Lat / lon, address, hours, services	Map widgets in partner apps, branch-traffic analytics
Member profile	Manage profile	Display name, contact info, masked identifiers	KYC refresh, communication preferences
Manage My Money categories	Budgeting module	Category, monthly budget, spend-to-date	PFM widgets, CFPB §1033 covered "transaction information" surface

Typical integration scenarios

1. Bookkeeping sync for SMB members

A small business that banks at RiverWorks wants its checking activity to appear inside QuickBooks Online without manual CSV imports. We connect once via the consent flow, then poll GET /accounts/{id}/transactions nightly, normalise to FDX transaction objects and push them to the QuickBooks "Bank Feeds" endpoint. The integration also handles posted-vs-pending state changes so reconciled rows are not duplicated.

2. PFM dashboard with categorised spend

A consumer-finance partner builds a Personal Financial Management view that mixes RWCU balances with brokerage and credit-card data. We expose a GET /pfm/snapshot endpoint that joins account balances, 90-day transactions, and the Manage My Money budget categories, returning a single payload the partner can render. CFPB §1033 covered fields (balance, transaction information, terms, upcoming bill information) are tagged so the partner can prove provenance to auditors.

3. Rent-collection automation for landlords

A property-management SaaS lets landlords trigger ACH pulls from member accounts on the 1st of every month. We wrap the Transfers (Bank-to-Bank) flow with an idempotent POST /transfers/external endpoint, surface MFA challenges back to the calling partner, and emit a webhook on transfer.settled. The same pipeline handles refunds via a reverse transfer flagged with the original idempotency key.

4. Bill Pay programmatic scheduling

A subscription-billing platform schedules member rent and utility payments via the RWCU Bill Pay rails rather than card-on-file. Our POST /billpay/schedules endpoint accepts payee, amount, cadence and lead-time, then mirrors the in-app "Schedule or delete a bill payment" flow and writes back the canonical schedule ID for cancellation later.

5. Branch / ATM lookup for member-services chatbots

A member-experience team adds an AI agent that answers "where is the closest open branch?" Our GET /locations endpoint takes a ZIP code or lat/lon, returns ranked branches with hours and services, and is rate-limited per session so chatbot bursts do not overwhelm the source data.

Technical implementation

Authorization (consent-based, FDX-aligned)

POST /api/v1/rwcu/auth/connect
Content-Type: application/json
Authorization: Bearer <PARTNER_KEY>

{
  "member_user_id": "<USER_ID>",
  "redirect_uri": "https://partner.example/callback",
  "scopes": ["accounts:read", "transactions:read",
             "billpay:write", "transfers:write"],
  "consent_ttl_days": 90
}

// Response
{
  "consent_id": "csn_01HZ...",
  "authorize_url": "https://auth.openfinance-lab.com/u/...",
  "expires_at": "2026-08-02T00:00:00Z"
}

Statement / transaction query

GET /api/v1/rwcu/accounts/{account_id}/transactions
Authorization: Bearer <ACCESS_TOKEN>
Query: ?from=2026-02-01&to=2026-04-30&type=all&page=1

// Response (FDX-shaped)
{
  "items": [
    {
      "transaction_id": "txn_8a2c...",
      "posted_at": "2026-04-28",
      "amount": -42.17,
      "currency": "USD",
      "description": "BILLPAY ELECTRIC CO",
      "check_number": null,
      "category": "Utilities",
      "running_balance": 1873.04
    }
  ],
  "next_cursor": "eyJwYWdl..."
}

Bill Pay scheduling + webhook

POST /api/v1/rwcu/billpay/schedules
Authorization: Bearer <ACCESS_TOKEN>
Idempotency-Key: 8e5a-4f...

{
  "payee_id": "pye_rent_landlord_42",
  "amount": 1450.00,
  "currency": "USD",
  "frequency": "monthly",
  "first_run": "2026-06-01"
}

// Webhook → POST partner.example/hooks
{
  "event": "billpay.schedule.created",
  "schedule_id": "bps_01HZ...",
  "occurred_at": "2026-05-02T11:14:09Z"
}

Errors follow RFC 7807 problem-details so partners can branch on type instead of fragile string matching. We also surface 401 → "MFA challenge required" with an embedded challenge ID so the calling app can prompt the member for the second factor without restarting the flow.

Compliance & privacy

Regulatory alignment

For a US credit union app the controlling frameworks are the CFPB Personal Financial Data Rights rule under Section 1033 (finalized in October 2024 and currently under reconsideration), the GLBA Safeguards Rule, and NCUA member-data protections. RWCU is already exposed through Plaid's FDX-aligned Core Exchange per the public coverage page on Fintable, which means a properly scoped, consent-based integration is a documented public path rather than scraping.

How we treat member data

Every export is preceded by a member-signed consent record with a defined scope and TTL. We minimise data — for example we never request SSN when the use case only needs balance and transaction objects — and we surface revocation hooks so a member can disconnect from inside the partner app. Transport is TLS 1.2+, secrets live in a managed KMS, and audit logs are append-only with hash-chained verification.

Data flow / architecture

The pipeline is intentionally short and easy to audit:

RWCU Mobile / online banking — source of member data; member authenticates with their User ID, password and MFA token.
Consent & ingestion gateway — our edge captures the signed scope, exchanges credentials for a refreshable access token, and proxies FDX-shaped reads.
Normalisation & storage — payloads land in a partition-by-member store, are normalised to the FDX data model, and tagged with provenance and consent IDs.
Partner API / webhooks — downstream apps either pull via REST (/accounts, /transactions, /billpay/schedules) or subscribe to transaction.posted, billpay.schedule.created and transfer.settled events.

Market positioning & user profile

RWCU Mobile is a community-credit-union app rather than a national consumer-finance brand. Its members are predominantly retail and small-business customers in the North Shore and Boston-metro region of Massachusetts, with a long tail of out-of-state members who joined while living locally. The app supports both Android (the bundle on this page) and iOS (App Store ID 968885892), and login is shared with online banking. Recent releases have focused on the budgeting module ("Manage My Money"), Bank-to-Bank transfers and a refreshed look and feel — all features that map cleanly to OpenBanking export endpoints. Integration partners are typically PFM tools, accounting platforms (QuickBooks, Xero, Wave), payroll vendors, and small landlord-tech SaaS that want a clean, FDX-aligned read of member activity instead of scraping.

Screenshots

Click any thumbnail to enlarge. Screenshots are sourced from the public Google Play listing and shown for editorial reference.

Similar apps & the broader credit-union integration landscape

RWCU Mobile sits inside a wide ecosystem of US credit-union and community-bank apps that hold the same kind of structured data — balances, transactions, Bill Pay schedules, P2P transfers — and present the same kind of OpenBanking opportunity. If your team already integrates with one of the apps below, the patterns and consent flows we ship for RWCU usually port over with very little rework.

Eastman Credit Union Mobile

One of the highest-rated US credit-union apps. Members who hold accounts at both Eastman and RWCU benefit from a unified transaction export so the bookkeeping side never has to reconcile two CSV downloads.

Delta Community Credit Union Mobile

Georgia's largest credit union; the data shape (accounts + transactions + Bill Pay) is essentially the same surface as RWCU, which makes a single integration template practical.

Redstone Federal Credit Union

Used heavily in the southeast; partners that build PFM tools often want both Redstone and smaller community CUs like RWCU under one OAuth-style consent layer.

ESL Federal Credit Union

Strong upstate New York footprint; relevant when a partner wants to roll up northeast credit-union members alongside Massachusetts-based RWCU members.

Wright-Patt Credit Union

Large Ohio credit union frequently mentioned in best-app rankings; holds the same NACHA / FDX-shaped fields a bookkeeping integration needs.

Alliant Credit Union

National, digital-first credit union; commonly paired with community CUs in cross-account dashboards.

Coastal Credit Union (Coastal24)

North Carolina-based digital banking platform; relevant for partners building a multi-state credit-union aggregator.

AmeriCU Credit Union

Upstate-NY credit union, similar member size and feature set to RWCU, with the same Bill Pay and transfers surface.

Wescom Financial

California-based, NCUA-insured, with a top-rated mobile and online banking surface; useful comparator for west-coast partners.

Municipal Credit Union (NYMCU)

NYC-area institutional credit union; including it in a unified consent layer helps partners that work with public-sector members.

About OpenFinance Lab

We are an independent technical-services studio focused on mobile-app protocol analysis and OpenData / OpenFinance API delivery. The team brings hands-on experience from card networks, payment gateways, core-banking integrators and consumer-finance startups, with deep familiarity with the FDX data model, Plaid Core Exchange and CFPB §1033 covered-data definitions.

Retail banking, credit unions, payments, consumer lending, insurtech
FDX 5.x conformance, OAuth-style consent flows and MFA challenge handling
Custom Python, Node.js and Go SDKs with full test harnesses
End-to-end pipeline: protocol analysis → build → validation → compliance brief
Source-code delivery from $300 — runnable API source plus full documentation; pay after delivery on satisfaction
Pay-per-call API billing — call our hosted endpoints and pay per request, no upfront fee

Contact

Send us the target app, the data you need, and any sandbox or member-consent context you already have. We reply with a scoped quote and a delivery plan within one business day.

Open the contact page

Engagement workflow

Scope confirmation: which screens (Accounts, Recent Activity, Bill Pay, Transfers) and which fields you actually need.
Protocol analysis and API design (2–5 business days, complexity-dependent).
Build and internal validation against an RWCU sandbox or test member (3–8 business days).
Documentation, sample clients, and pytest / vitest test suites (1–2 business days).
Typical first delivery: 5–15 business days; longer when CFPB §1033 reconsideration changes the consent surface.

FAQ

What do you need from a member to start an RWCU Mobile integration?

Written member authorization, the target data scope (balances, 90-day transactions, Bill Pay, transfers), and either an existing Plaid item or sandbox credentials for the credit union's online banking. We never store the member's User ID or password beyond the duration of the consented session.

How long does a first RWCU Mobile API delivery take?

Typical first-drop delivery is 5 to 12 business days for read endpoints (balance, transactions, statements). Write endpoints such as Bill Pay scheduling and member-to-member transfers usually take an additional 5 to 8 business days because of stronger authentication and audit-logging requirements.

How is compliance handled for a US credit union app like RWCU?

We follow CFPB Section 1033 personal financial data rights, the FDX (Financial Data Exchange) data model, NCUA member-data protections, and the GLBA Safeguards Rule. All access is consent-based, scoped, time-limited, and logged; we minimise data and never resell member information.

📱 Original app overview (appendix)

RWCU Mobile is the official Android app for RiverWorks Credit Union, a Massachusetts-based credit union with branches in Lynn, Lynnfield and Dorchester. Available to all members, the app makes it possible to manage day-to-day banking from a phone or tablet without visiting a branch.

Accounts — Check the latest account balances and transactions by date, amount or check number.
Recent Activity — 90 days of account transactions are accessible directly inside the app.
Transfers — Easily transfer cash between bank accounts (Person-to-Person and Bank-to-Bank).
Bill Pay — Schedule and edit bill payments, including delete-and-resschedule flows.
Locations — Find nearby branches and ATMs by searching by ZIP code or address.

The current release notes highlight an updated look and feel, login with the same User ID and password as online banking, scheduling or deleting Bill Pay items, Bank-to-Bank and Person-to-Person transfers, the Manage My Money budgeting feature for categorising and budgeting finances, and the ability to manage profile information directly inside the app.

The credit union is federally insured (NCUA) and exposes its member data through Plaid's FDX-aligned Core Exchange, which is what makes a documented, consent-based API integration practical rather than relying on screen-scraping or unsanctioned crawling.