Tinker FCU Business API integration & FDX OpenBanking

OpenData · OpenFinance · FDX · Credit union APIs

Connect Tinker FCU Business accounts, ACH events, and mobile deposit data to your stack

Tinker FCU Business is the Oklahoma-based credit union's app for business members, built on the Symitar/Jack Henry core (visible at the jhahosted.com session host). It holds the data treasury accountants and CFOs care about most: real-time business checking balances, recent transactions across operating and money-market accounts, ACH payments, mobile remote deposit capture (RDC) confirmations, and Bill Pay activity. We extract, normalize, and expose that data through compliant, FDX-aligned APIs.

Authorized data export — mirror the app's authentication and multifactor flow to bind a business member's session, then pull balances, statements, and pending transactions on a schedule.

ACH & Bill Pay sync — capture outbound ACH, direct deposit/payroll, and pre-authorized payments so accounting systems see them within minutes, not days.

Mobile deposit telemetry — surface RDC events (deposit accepted, holds applied, funds released) as webhook payloads for AP and treasury automation.

QuickBooks & ERP bridges — deliver QBO/QFX exports or push to QuickBooks Online and Quicken Direct Connect, mirroring the partnership Tinker FCU already exposes inside its business banking portal.

What we deliver

Each Tinker FCU Business engagement ships as a self-contained drop: a documented API surface, a runnable reference implementation in Python or Node.js, a protocol & authentication report (covering OAuth-style token exchange, device binding, and the multifactor steps the app rolled out in 2024), and a compliance brief mapped to the CFPB Section 1033 rule and FDX standard. We hand over source you can deploy in-house, or operate the endpoints for you under a pay-per-call model.

Deliverables checklist

OpenAPI 3.1 specification for every endpoint we expose
Protocol & auth flow report (token chain, device fingerprint, MFA challenge handling)
Runnable source for login, balance, statement, ACH and RDC endpoints (Python / Node.js)
Automated regression tests against sandbox or shadow accounts
Compliance guidance: CFPB 1033, NCUA examiner expectations, data retention
Operational runbook: rate limits, retry/backoff, error classification

Engagement options

Source code delivery from $300 — receive the runnable API source and full documentation; pay after delivery upon satisfaction.
Pay-per-call hosted API — call our managed endpoints, settle monthly, no upfront fee; ideal for teams that prefer usage-based pricing.
NDA and source escrow available for regulated buyers.
Optional 30/60/90-day maintenance window for app-update tracking.

Data available for integration

The table below maps the data we can surface from Tinker FCU Business to the screen or feature where it originates, the typical granularity, and downstream business uses. This inventory is the starting point for every integration brief.

Data type	Source (screen / feature)	Granularity	Typical use
Business account balances	Accounts dashboard	Per-account, near real-time	Treasury sweeps, cash forecasting
Posted & pending transactions	Account detail / transaction history	Line-item, date-ranged, paginated	Bookkeeping, reconciliation, anomaly detection
ACH credits & debits	Payments / Bill Pay / direct deposit	Trace number, counterparty, status	AP/AR automation, payroll audit
Mobile deposit (RDC) events	Mobile deposit flow	Item-level: deposit ID, hold, funds available	AR posting, deposit-in-transit clearance
Transactional alerts	Alerts & notifications	Per-user threshold rules	Fraud monitoring, employee oversight
Statements (PDF / data)	eStatements	Monthly, multi-account	Tax prep, audit packages, lending
Internal transfers	Transfer module	Source → destination, amount, memo	Inter-entity reconciliation

Typical integration scenarios

These are the end-to-end flows clients ask us to build against Tinker FCU Business. Each scenario maps a business goal to specific data calls and the OpenBanking pattern it follows.

1. Daily QuickBooks reconciliation

An Oklahoma-based SMB wants its bookkeeper to skip manual CSV uploads. We pull posted_transactions nightly, normalize them to QBO records, and write them via the QuickBooks Online API. Drift between Tinker FCU statements and QuickBooks shrinks from days to hours.

2. Cash-position dashboard for a franchise group

A multi-location operator holds operating accounts at Tinker FCU and two other US credit unions. We aggregate balances and pending ACH on a 15-minute cron and feed a Looker/Metabase dashboard. The Tinker FCU feed reuses an FDX-aligned account & transaction schema so adding more institutions later is additive.

3. Mobile deposit confirmation webhook

A property-management firm posts rent checks via mobile deposit. We subscribe to RDC events, push a webhook to their AR system when a deposit clears the hold window, and auto-mark the corresponding invoice as paid. This eliminates the gap between "deposited" and "funds available".

4. Lending underwriting bundle

A working-capital lender needs 12 months of business banking activity for a loan decision. We export statements and categorized transactions through a CFPB Section 1033-style consent flow, package them as JSON plus signed PDFs, and ship them to the lender's underwriting queue.

5. Multi-user spend oversight

Tinker FCU Business supports customizable alerts for employees. We translate those alert events into a structured stream (employee ID, threshold, transaction reference) so a controller can review out-of-policy spend in a dedicated approval tool rather than email.

Technical implementation

Our reference stack is Python 3.11 or Node.js 20 with a thin OpenAPI gateway. Below are three representative endpoint shapes: an authenticated session bootstrap, a balance + transaction pull modeled on the FDX API specification, and a webhook handler for mobile deposit events. All sample payloads are illustrative; real responses are normalized at the gateway.

Session bootstrap (MFA-aware)

POST /api/v1/tinkerfcu/session
Content-Type: application/json

{
  "member_id": "biz_member_8421",
  "device_id": "dev_a1b2c3",
  "mfa_token": "123456",
  "scope": ["accounts:read", "transactions:read", "rdc:events"]
}

200 OK
{
  "access_token": "eyJhbGciOi...",
  "token_type": "Bearer",
  "expires_in": 1800,
  "refresh_token": "rt_..."
}

Transaction pull (FDX-aligned)

GET /api/v1/tinkerfcu/accounts/{account_id}/transactions
  ?fromDate=2026-04-01&toDate=2026-04-30&limit=100
Authorization: Bearer <ACCESS_TOKEN>

200 OK
{
  "accountId": "acct_8421_oper",
  "currency": "USD",
  "transactions": [
    {
      "transactionId": "tx_8821",
      "postedTimestamp": "2026-04-12T14:02:11Z",
      "amount": -842.55,
      "category": "ACH_DEBIT",
      "description": "OK GAS & ELECTRIC",
      "status": "POSTED"
    }
  ],
  "page": {"next": "cursor_xyz"}
}

Mobile deposit webhook

POST https://your-app.example.com/hooks/tfcu-rdc
X-OFL-Signature: sha256=...

{
  "event": "rdc.funds_available",
  "deposit_id": "rdc_5512",
  "account_id": "acct_8421_oper",
  "amount": 4250.00,
  "submitted_at": "2026-05-09T16:11:00Z",
  "available_at": "2026-05-11T13:00:00Z",
  "hold_reason": null
}

Error handling: HMAC verify, 2xx ack, idempotency key on
`deposit_id` to dedupe replays; 5xx triggers exponential backoff.

Compliance & privacy

US regulatory frame

Every Tinker FCU Business integration we ship is built around CFPB Section 1033 — Personal Financial Data Rights, finalized in October 2024. We follow the Financial Data Exchange (FDX) technical specification, which the CFPB recognized as an official US open banking standard-setting body in January 2025 and which now connects more than 114 million consumer accounts.

For credit unions specifically, we also align with NCUA examiner guidance on third-party data sharing, screen-scraping deprecation, and the consent-management duties that come with being a covered data provider under 1033.

What that means operationally

Explicit, revocable member consent recorded per data category
Data-minimization defaults: only fields you scoped are returned
Token-based auth (short-lived access, refresh on demand); no stored passwords
Audit log of every access, retained on the gateway for at least 24 months
Optional shielding for sensitive fields (account number masking, hashed IDs)

Data flow & architecture

The reference pipeline runs in four hops: Tinker FCU Business app/backend → Ingestion gateway (FDX-shaped) → Normalized data store (Postgres or BigQuery) → Outbound API or sink (QuickBooks, ERP, dashboard, lender bundle). The ingestion layer is responsible for token refresh, retries, schema mapping, and consent enforcement. The data store keeps a canonical FDX-style record so downstream consumers don't have to re-parse credit-union-specific payloads. Webhooks (RDC events, alert triggers) bypass the store and fan out directly to subscribers with HMAC signatures.

Market positioning & user profile

Tinker FCU is one of Oklahoma's largest member-owned financial institutions, serving the Oklahoma City metro and surrounding counties, with deep ties to the Tinker Air Force Base community. Tinker FCU Business specifically targets small and mid-sized businesses, professional services firms, non-profits, and franchise operators who want credit-union pricing but expect the same mobile-first experience they get from megabanks. The app launched in its current form for both Android and iOS, with a 2024 release that introduced refreshed accounts, navigation, and mobile deposit screens, plus stronger multifactor authentication. The most common integration buyer is a US-based bookkeeper, fractional CFO, or fintech ISV building tooling for SMBs that hold operating accounts at credit unions on Symitar/Jack Henry cores.

Screenshots

Tap any thumbnail to enlarge. Screenshots are pulled from the public Google Play listing.

Similar apps & the broader integration landscape

Teams evaluating a Tinker FCU Business integration often work with other US business banking and fintech apps. Each one holds adjacent data and frames part of the OpenFinance landscape we cover.

Alliant Credit Union — Top-ranked national credit union app with member transactions, transfers, and mobile deposit. Customers often want unified balance and transaction feeds across Alliant and Tinker FCU.

Bethpage Federal Credit Union — Another well-regarded US credit union app on a similar core stack. Integration patterns (balances, RDC, statements) overlap directly with Tinker FCU Business.

Mercury — Digital business bank popular with startups. Buyers blending a Mercury operating account with a Tinker FCU savings or loan account need a single consolidated transaction export.

Bluevine — SMB-focused business banking with Bill Pay and lending. Common request: deduplicate AP from Bluevine and Tinker FCU into one accounting feed.

Relay (RelayFi) — Multi-account business banking with QuickBooks-friendly sync. Teams comparing Relay's exports with credit-union accounts often want both flowing through the same FDX schema.

Rho — Treasury and expense management for venture-backed companies. Where Rho is the spend rail, Tinker FCU may be the deposit anchor; both need to roll up into one cash dashboard.

Lili — Banking app for freelancers and solo operators with built-in tax and invoicing. Many sole proprietors also keep a Tinker FCU business account — unified statements support tax prep.

Grasshopper — Digital business bank with interest checking. Buyers ask for a side-by-side balance comparison between Grasshopper and a credit-union account like Tinker FCU.

Bankjoy — Digital banking platform serving banks and credit unions. When a credit union ships its app on Bankjoy, the integration playbook mirrors what we use for Tinker FCU.

Brex — Corporate cards and spend management for high-growth firms. Pairing Brex card data with a credit-union deposit feed is a common reconciliation request.

About us

OpenFinance Lab is an independent studio focused on fintech and open-data API integration. Our engineers have built clearing pipelines for banks, payment-gateway connectors, and aggregator-style data products. We understand the FDX specification, CFPB Section 1033, NCUA examiner expectations, and the Symitar/Jack Henry core that powers many US credit unions including Tinker FCU.

Payments, digital banking, lending, and treasury automation
Protocol analysis, gateway design, and security reviews
Custom Python / Node.js / Go SDKs and test harnesses
Full pipeline: research → build → validation → compliance handover
Source code delivery from $300 — pay after delivery upon satisfaction
Pay-per-call API billing — no upfront cost; usage-based pricing for predictable scale

Contact

To request a Tinker FCU Business integration quote, share your target data scope (balances only, full transactions, RDC events, ACH webhooks) and the system you want to populate (QuickBooks, NetSuite, Sage, a custom warehouse, or a lender dossier). We'll reply with a fixed-price or pay-per-call proposal.

Contact page

Engagement workflow

Scope confirmation: data categories, target sink, regulatory frame.
Protocol & auth analysis against the current Tinker FCU Business build (2–5 business days).
Build and internal validation against sandbox or shadow accounts (3–8 business days).
Documentation, OpenAPI spec, and test suite (1–2 business days).
Handover, optional 30-day update-tracking window for app releases.

FAQ

What do you need from me to start a Tinker FCU Business integration?

The target app name (already provided), a clear list of business data you need (balances, transaction history, mobile deposit confirmations, ACH events), and any sandbox or aggregator credentials you already hold with Plaid, FDX, or a Symitar-aligned partner.

How long does the first delivery take?

Most first-drop deliveries land in 5–12 business days. Multi-account reconciliation, ACH webhooks, or QuickBooks Direct Connect pipelines may push timelines to 3–4 weeks.

How is compliance handled for US credit union data?

We work only under member authorization or documented public/authorized APIs. Flows align with the CFPB Personal Financial Data Rights rule (Section 1033), the FDX technical specification, and standard NCUA expectations around data minimization, audit logging, and consent records.

Do you support QuickBooks and Plaid pipelines?

Yes. We routinely build bridges to QuickBooks Online and Desktop via QBO/QFX exports or Direct Connect, and we wrap Plaid-powered aggregator feeds for institutions that already publish through Plaid, including Tinker FCU.

📱 Original app overview (appendix)

Tinker FCU Business is the official business banking mobile app from Tinker Federal Credit Union (TFCU), Oklahoma's largest credit union, headquartered near Tinker Air Force Base and serving members across Oklahoma and parts of Texas. The app gives business members secure access to their commercial accounts on Android and iOS.

View business account balances and recent transactions in real time
Transfer funds between Tinker FCU business and personal accounts
Mobile remote deposit capture (RDC) for paper checks
Online Bill Pay, ACH, direct deposit/payroll, and pre-authorized payments
Multi-user access with employee-level transactional alerts
QuickBooks and Quicken Direct Connect support inside the broader business banking portal
Multifactor authentication and refreshed accounts/navigation in the 2024 release
Built on the Symitar/Jack Henry core (session host visible at tinkerfcu.symapp.jhahosted.com)
Distributed via Google Play (com.tinkerfcu.tinkerfcu) and Apple App Store

Tinker Federal Credit Union is a sample institution discussed here strictly for technical integration context.