Alternatives FCU runs the kind of small-CDFI member portal where the entire account picture - posted ledger, statement PDFs, scheduled bill-pay, P2P sends, mobile-deposit history - sits behind one authenticated session, and the mobile app is the read surface most members touch. That single-session shape is the thing an integration here has to fit. The app's own description names the surfaces plainly: tags and receipt photos on transactions, balance alerts, monthly statements, remote deposit, P2P, and an aggregation panel that pulls in the member's external accounts.
What sits behind the member login
The table below maps what the app actually exposes to a logged-in member, where that data originates, and what an integrator typically does with it.
| Data domain | Where it originates | Granularity | Integrator use |
|---|---|---|---|
| Balances and posted activity | The member's checking, savings, money-market and loan accounts on the credit union's core | Per-account; per-transaction with running balance | Cash-flow feeds; small-business bookkeeping reconciliation; underwriting |
| Monthly e-statements | Statement PDFs generated on the core, surfaced in the app's statements view | One file per account per month | Audit trails; KYC document supply; document-vault sync |
| Remote check deposits | Mobile deposit (RDC) events captured in-app, with front and back images | Per-deposit; status, amount, image references | Deposit confirmation; fraud and duplicate-deposit checks downstream |
| Bill Pay - scheduled and history | The credit union's bill-pay processor, exposed inside the app | Per-payee, per-payment, with status | Payables sync; scheduled-debit reconciliation |
| Person-to-person sends | App-side P2P module, paying companies or other members | Per-event with counterparty token and memo | Member-ledger reconstruction; member-to-member transfers |
| Member-added metadata | Tags, notes and receipt images attached to a transaction by the member | Per-transaction | Carrying member-side context into bookkeeping or expense systems |
| External-account aggregation | Third-party institutions the member links inside the app's aggregation panel | Per-link, per-institution | Pass-through into a unified-view product |
| Balance and activity alerts | Member-configured rules on the alerting service | Per-rule | Routing the same triggers into an external notification system |
The map is intentionally narrower than a full-bank list - Alternatives is a small CDFI, not a multi-line bank - and that narrowness is the point. The integration ends up shorter, sharper, and faster to verify against a real test account.
Routes in
Member-permissioned read against the portal
The dependable route. A member of Alternatives signs a written consent scoped to the data domains they actually need pulled, and we run the read against the same member-portal session their browser or app would use. The consent text and the revocation path are part of what we draft. This covers everything in the table above that belongs to the member's own Alternatives accounts.
Authorized interface integration and protocol mapping
Where the credit union itself, or a partner the credit union has cleared, wants a documented interface, we map the actual request and response pairs used by the mobile app, generate an OpenAPI document, and ship a runnable client. The mapping happens against a sponsor sandbox or a consenting member account - we arrange that access with the client at the start of the engagement rather than asking the reader to bring it up front.
Member-driven export as a periodic fallback
Members can pull e-statements and CSV transaction history from the credit union's web side. For low-frequency use cases - end-of-month bookkeeping, an annual audit - a scheduled export that the member runs on a cadence can sit beneath a thin parser. It is the lowest-fidelity option and it is fine when the use case is genuinely periodic.
Aggregator pass-through
Where Alternatives is reachable through one of the established US data-aggregator networks, an integration can wrap that network instead of touching the portal directly. It comes with that network's latency, scope limits, and per-call fees, which often makes it the second-best option for a small-CDFI book; we will tell you plainly if it is the right call for your specific use.
For most teams asking about Alternatives, route one is the right backbone, with route three kept around for a slow-cadence audit feed. We say so in the proposal and we say why.
A working call
A representative shape for the posted-activity read - illustrative of the request/response pair this kind of credit-union portal returns, confirmed against the actual surfaces during the build:
POST /api/session
Content-Type: application/json
{
"username": "<member-id>",
"password": "<member-secret>",
"device_fp": "<persistent-device-token>",
"mfa_token": "<one-time-code>" // present after step-up
}
-> 200 OK
Set-Cookie: portal_sess=...; HttpOnly; Secure; SameSite=Lax
{ "session_expires_in": 900, "step_up_required": false }
GET /api/accounts/0042/postings?since=2026-04-01&limit=200
Cookie: portal_sess=...
-> 200 OK
{
"account_id": "0042",
"account_type": "share_draft",
"balance_posted": 1284.17,
"balance_available": 1259.17,
"postings": [
{ "id":"p_8a1...","posted_at":"2026-04-02T14:11:09Z",
"amount":-42.18,"description":"GREENSTAR COOP",
"tags":["groceries"],"note":null,
"receipt_image_ref":"r_77c..." },
{ "id":"p_8a2...","posted_at":"2026-04-02T19:02:00Z",
"amount":1500.00,"description":"ACH CREDIT PAYROLL",
"tags":[],"note":"April 1 pay" }
],
"next_cursor": "p_8a2..."
}
Three details matter on this shape. Session cookies are short-lived (around the 15-minute mark on this kind of portal) and rotate on idle, so the client carries a refresher rather than a single login attempt. The step_up_required flag fires when the credit union's risk engine sees a new device fingerprint or an unusual time of day; the client has to handle that prompt without dropping the queue of pending reads. And receipt_image_ref is a pointer, not the bytes - the image lives on a separate object endpoint and is best fetched lazily on demand, not mirrored in bulk.
What ships
- An OpenAPI 3.1 document describing every endpoint the integration calls, including the session-refresh and step-up paths.
- A protocol and auth-flow note covering cookie lifetimes, MFA prompts, device-fingerprint behavior, and the rate the portal tolerates on the postings endpoint without throttling.
- Runnable client source in Python and Node.js for the read paths: session establish-and-refresh, account listing, postings cursor walk, statement-PDF fetch, mobile-deposit history, Bill Pay listing.
- A replay rig with recorded fixtures for each endpoint plus a small live-account smoke pass we point at a sandbox or a consenting member account.
- An interface document written for a developer reading cold, plus a member-facing consent text and revocation instructions you can paste into your own UI.
- Data-minimization guidance: which fields you genuinely need to store, which to keep as references, and a default retention window aligned with the consent.
Engineering quirks we handle on this build
Two pieces of small-CDFI engineering reality that we plan around rather than discover in production.
The aggregation panel is not an Alternatives surface. When a member links a Chase or a Wells account inside the app, that link is owned by whichever aggregator the credit union has wired into that panel - it is not Alternatives' core data. Our read against the member's Alternatives accounts comes back cleanly; reading those linked external accounts means going through that aggregator under a separate scope. We make that distinction explicit in the schema and in the consent text so a downstream feature does not silently fail on accounts the integration was never given.
Session step-up is a normal event, not an error. Risk engines on credit-union portals fire MFA prompts on device-fingerprint changes, on long idle gaps, and on quiet-hours reads. The client we ship treats step-up as a state in the flow, with a deferred-request queue and a clear surface for the operator to satisfy the prompt out-of-band - rather than throwing on it and losing the in-flight reads. The rig exercises the step-up path on every release so we catch a change in the prompt shape before a member does.
If Alternatives shifts mobile vendor mid-build - small CDFIs do this occasionally - the replay rig gives us a one-page diff against the previous shape, and we re-cut the client against the new endpoints; we hold a reserved slot in the schedule for that kind of switch.
Member consent and the regulatory frame
Alternatives is federally insured by the NCUA, so the supervisory frame on the credit-union side is the usual one for a federal credit union, with Reg E governing electronic transfers and Reg Z where any credit feature is touched. The dependable basis for any data-sharing integration we deliver is the member's own written authorization to us, scoped to the data domains in the table above and revocable by them in writing or through a UI we wire into your product.
The federal personal-financial-data rule that comes up in this conversation - CFPB Part 1033 - is not in force as of this writing. The Eastern District of Kentucky has enjoined CFPB from enforcing it pending the Bureau's reconsideration, and the comment period on that reconsideration closed in October 2025. We do not build the integration as if 1033 were settled, and we do not state numeric obligations from the stayed text as present requirements. If a reworked rule eventually lands and brings a CDFI at Alternatives' asset tier in by phase, we revisit the path then. Today, the consent route is what runs and what the integration is designed around.
On the studio side, the build is logged, the data we touch during the build is minimized to what the build needs, and a mutual NDA is on the table where the work warrants one.
Build schedule
A typical Alternatives FCU build runs about 8 to 10 working days end to end.
- Days 1-2. Scope confirmation, access setup with you (sandbox member or consenting live account), consent text drafted for sign-off.
- Days 3-5. Protocol mapping against the portal: session, step-up, accounts, postings cursor, statements, Bill Pay, RDC history.
- Days 6-8. Client source generated in Python and Node.js, replay rig wired, OpenAPI document finalized.
- Days 9-10. Smoke pass against a live member account, interface doc handed over, sign-off, invoice.
Engagement
Source-code delivery starts at $300 for this app and is paid only after the build runs end-to-end against an Alternatives member account and you have signed off; the hosted-API alternative charges per call with nothing upfront and no commitment. You give us the app name and what you need from its data - access arrangements, the member-consent draft, and the compliance pieces are handled on our side as part of the engagement. Send the scope through the contact form and we will come back with a delivery date and a price for your specific read.
Peer apps in the same integration shape
Apps that sit in a comparable place to Alternatives FCU Mobile from an integration standpoint - small to mid community or CDFI credit unions whose member-portal data has the same shape and where a member-consented read works the same way:
- CFCU Community Credit Union - the other Ithaca-headquartered credit union, much larger asset base; same member-portal data shape with broader account-line coverage.
- Hope Credit Union - Mid-South CDFI with a comparable mission-driven member base; mobile app exposes the same posted-activity, statement and deposit surfaces.
- Self-Help Federal Credit Union - Carolinas-rooted CDFI with branches across several states; member-portal data follows the same model.
- Latino Community Credit Union - North Carolina CDFI with a heavy mobile-first member base; integration shape lines up.
- Municipal Credit Union (NY) - large New York-state credit union; mobile data domains are the same with more transactional volume per member.
- Freedom Federal Credit Union - Mid-Atlantic credit union; mobile-deposit, Bill Pay and transfer surfaces match.
- TruStone Financial Federal Credit Union - Upper-Midwest credit union running on a Banno-style mobile front end; integration considerations rhyme.
An integration that maps cleanly onto Alternatives' surfaces tends to map cleanly onto these as well, with the per-institution adjustments being on the order of a day or two of work each.
Sources and review
What was checked during this review: the credit union's own mobile-app page and online-banking page for the surface list; the Google Play and App Store listings for the package identifier and the member-facing description; the Federal Register and CFPB site for the current status of the Part 1033 reconsideration. Specific deep links:
- Alternatives FCU - Mobile App page
- Google Play listing -
org.alternatives.grip - Federal Register - Personal Financial Data Rights Reconsideration (Aug 2025)
- CFPB - Personal Financial Data Rights Reconsideration (status)
Mapped by the OpenBanking Studio integration desk, May 2026.
Questions integrators tend to ask about this app
Does the build cover the cross-account aggregation feature, or only Alternatives FCU's own accounts?
Both can be in scope, but they are different jobs. Pulling Alternatives' own checking, savings, loan and statement data goes through the member portal directly. The external accounts a member has linked inside the app are owned by whichever aggregator the credit union uses on that screen; reading those means routing through that aggregator under the same member consent, not a second hop into the member's other banks.
We are an Alternatives member running a small bookkeeping product. Can we ship this without involving the credit union legal team?
For a member-permissioned read into the member's own accounts, the consent is between the member and you; we draft the consent text and the data-retention notice as part of the build. If you plan to white-label the integration to other Alternatives members and store their data, a conversation with the credit union becomes worth having early, mostly to align on rate limits and incident contact - not because the law is blocking you.
How do you keep the integration working when Alternatives or its mobile vendor pushes an app update?
The build ships with a small replay rig that hits the critical request paths against a sandbox member account on a schedule. When a payload shape shifts or a field is renamed, the rig flags it before production sees a 500. On a typical small-CDFI release cadence we have to touch the client a few times a year; that maintenance is quoted separately from the initial build.
Does the data include the tags, notes and receipt images members add inside the app?
Yes - that member-added metadata is part of the transaction record on the portal side, and a member-consented integration pulls it alongside the underlying transaction. Receipt images are byte-larger; we usually fetch them lazily on demand rather than mirroring them in bulk.
App profile (collapsed)
Alternatives FCU Mobile is the member-facing mobile app of Alternatives Federal Credit Union, an Ithaca, New York credit union certified as a Community Development Financial Institution and federally insured by the NCUA. The app, published under org.alternatives.grip on Google Play and id6444346429 on the Apple App Store, gives members access to balances and transaction history, monthly statements, remote check deposit, bill pay, person-to-person sends, configurable balance alerts, transaction tagging and receipt photo attachment, an external-account aggregation panel, and a branch-and-ATM locator. The credit union's primary service area is Tompkins County, NY. App names and marks belong to Alternatives Federal Credit Union; this page references the app for the purpose of documenting authorized integration paths into its data.