Every screen in the Colfax Banking Company app is rendered by Apiture Xpress Mobile, the same multi-tenant platform that powers Resource Bank Mobile, Pilgrim Bank Mobile and a few hundred other community-bank apps. Colfax itself is a small Grant Parish, Louisiana institution — five branches across Colfax, Dry Prong, Pollock and Pineville, per its own site and public bank directories — but the data behind the app is shaped by Apiture, not by Colfax. The stack is the story. For an integrator that is the useful part: account, transaction and payment objects follow the Apiture Xpress schema, so work done against this tenant carries over to the next bank on the same platform with mostly configuration changes.
The bottom line: there is real per-customer data here — balances, a searchable transaction ledger, scheduled and posted bill payments, transfer history, deposit items — and because the app is a thin client over Apiture's backend, the cleanest way to it is the mobile API the app itself talks to. We treat that as the spine and keep a consent-based aggregator path alongside it for durability. What follows is what the app exposes and how we would build against it.
What Colfax's app actually holds
| Data domain | Where it originates in the app | Granularity | What an integrator does with it |
|---|---|---|---|
| Account balances | Accounts — "latest account balance" | Per account, current and available, refreshed at sign-in | Cash-position dashboards, low-balance triggers, treasury views |
| Transaction ledger | Accounts — search "by date, amount, or check number" | Per transaction: date, amount, description, check number; recent-history window | Reconciliation and bookkeeping sync; check-number matching for vendor payments |
| Internal transfers | Transfers — "between your accounts" | Transfer instruction plus status, same-customer accounts | Automated sweeps and balance rebalancing |
| Bill payments | Bill Pay — "recent and scheduled payments" | Payee, amount, date, scheduled vs posted state | Payables tracking and short-horizon cash-flow forecasting |
| Mobile deposits | Deposits — camera check capture | Deposit item, amount, capture/clearing state | Deposit confirmation and receivables matching |
| Branch & ATM list | Locations — GPS finder | Static reference set | Reference only; low value for a data integration, noted for completeness |
| Session & auth | Biometric sign-on plus token exchange | Token lifecycle, refresh, device binding | The backbone every other call depends on; documented in full |
Three ways in
1. Authorized protocol analysis of the Xpress Mobile backend
The app is a presentation layer over Apiture's mobile API. Under the customer's authorization we capture and document the auth handshake, token refresh and the request/response shapes for balances, transaction search and payments. Reachable: everything the app shows, at the app's own granularity, including the check-number search dimension. Effort is moderate; durability is good provided a re-validation step rides along with Apiture's release cadence. Onboarding and access are arranged with the client as the first step of the engagement.
2. Consent-based access through the platform and aggregators
Apiture exposes FDX-aligned data interfaces, and Colfax customers' other financial apps already reach this kind of account through Plaid, MX, Finicity or Akoya. With the account holder's consent we connect that path and normalize it. Reachable: balances and transaction history reliably, payments less richly. Effort is lower, durability is high because it sits at the platform layer rather than the screen layer. We set up the consent flow and the aggregator or FDX connection together with the client.
3. User-consented credential session
Where a customer wants their own data and aggregator coverage is thin, we drive an authenticated session under written consent and pull the full account scope for that user. Effort is low; durability tracks the platform's session model. This is the right pick for single-account or owner-operator cases, not fleet-wide sync.
For most briefs that come to us about this app, route 1 gives the exact fidelity people want — the check-number-indexed ledger in particular — and route 2 is the sensible thing to keep running underneath it so a vendor rebuild never takes the whole integration offline. We say which we would pick per project after seeing the requirement, and the recommendation is rarely a single route in isolation.
A transaction-search call, sketched
Illustrative shape, confirmed and pinned to Colfax's tenant during the build. It mirrors the app's own "by date, amount, or check number" search rather than a generic list endpoint.
POST /xpress/v1/accounts/{accountId}/transactions/search
Host: <colfax-tenant-host> # tenant cbccla, resolved during onboarding
Authorization: Bearer <access_token> # OAuth-style token from the biometric/token exchange
Content-Type: application/json
{
"dateRange": { "from": "2026-04-01", "to": "2026-05-17" },
"amount": { "min": null, "max": null },
"checkNumber": 1487, # the app's distinctive query dimension
"page": { "size": 50, "cursor": null }
}
200 OK
{
"transactions": [
{ "id": "txn_...", "postedDate": "2026-04-19",
"amount": -842.15, "checkNumber": 1487,
"description": "CHECK 1487", "status": "POSTED" }
],
"page": { "next": "eyJ..." }
}
# Handling we document and ship:
# 401 -> token refresh path (the biometric/session chain)
# 429 -> backoff; the platform is multi-tenant and rate-aware
# empty checkNumber -> falls back to date+amount filter, matching the app UI
What lands in your repository
Each item is tied to a surface above, not a generic checklist:
- An OpenAPI spec for the endpoints that matter here — account list and balances, the transaction search with its check-number field, transfers, bill-pay read, deposit status.
- A protocol and auth-flow report covering the biometric and token exchange, refresh behaviour and device binding as Xpress Mobile implements them for this tenant.
- Runnable source for the key calls in Python and Node.js, with the tenant-host resolution and pagination handled, not stubbed.
- Automated tests against recorded fixtures so a platform change shows up as a red test rather than a silent gap.
- Interface documentation an engineer can hand to a teammate, plus data-retention and consent-handling notes for the surfaces you choose to use.
Where teams plug this in
- A Central Louisiana bookkeeping firm syncs business-account transactions from Colfax nightly into its ledger, matching outgoing checks by check number rather than guessing from amount and date.
- A small-business cash-flow tool reads scheduled-versus-posted bill payments to project the next two weeks of outflow.
- A treasury job moves idle balance between an owner's Colfax accounts on a threshold, using the transfer surface.
- A receivables system consumes mobile-deposit capture state to confirm a deposited check has cleared before releasing goods.
Consent and the data-rights picture for a bank this small
Colfax is a small state-chartered commercial bank in Grant Parish, supervised by the FDIC, running a vendor digital-banking stack rather than anything it wrote. Whatever obligations the US data-rights rule eventually settles on for data providers, enforcement of CFPB Section 1033 is currently enjoined: a court in the Eastern District of Kentucky has barred the Bureau from enforcing the rule while it reconsiders the framework, per the CFPB's own reconsideration docket. For a bank this size that means the regulated data-rights path is not dependable yet, and the staggered compliance schedule the rule laid out should not be treated as a present-day obligation. Consent is what holds up: access mediated through the Apiture platform's FDX-aligned interfaces and the aggregators Colfax customers already use, or the account holder's own authenticated session under written consent. We operate authorized, logged and data-minimized, keep consent records, and work under NDA where the engagement calls for one.
What we handle on a shared platform
- Tenant pinning. Colfax is one tenant (
cbccla) on a codebase shared by hundreds of banks. We pin host resolution and response validation to Colfax's tenant configuration so the integration is never accidentally checked against a neighbouring bank's product set or payee shape. - Vendor rebuild cadence. Apiture has shipped a refreshed Xpress Mobile app across its tenants. We design the capture so an Apiture release that changes the mobile build is caught by a re-validation step we keep in the maintenance window keyed to Apiture release notes, rather than surfacing as a silent data gap.
- Read versus action. Bill pay, transfers and mobile deposit are stateful surfaces. We scope read endpoints and action endpoints separately so a sync job cannot initiate a payment, and we mark the action calls explicitly in the spec.
- Query fidelity. Check-number-indexed transaction search is a genuine app surface, not a UI convenience. We preserve that dimension in the delivered API instead of collapsing it to a date range, because it is what makes vendor-check reconciliation work.
Screens we mapped
Sources we opened
This brief was put together on 2026-05-17. We read the app's Play Store listing for the feature set and tenant id, Colfax Banking Company's own site for the branch footprint, the Apiture Digital Banking API reference for the platform's account, transaction and transfer object model, and the CFPB's reconsideration docket plus a legal summary of the Eastern District of Kentucky injunction for the Section 1033 status. Citations: colfaxbanking.com, Apiture Digital Banking API reference, CFPB Section 1033 reconsideration, summary of the E.D. Ky. injunction.
Mapped by the OpenBanking Studio integration desk, 2026-05-17.
Other community-bank apps on the Apiture stack
These run on the same Apiture Xpress Mobile platform, which is exactly why a single normalized integration can span them — the object model is shared and the per-bank differences are configuration:
- Resource Bank Mobile — checking, transfers and deposit capture for a regional bank, same Xpress schema.
- Pilgrim Bank Mobile — balances and transaction history for a Texas community bank.
- Century Next Bank Mobile — accounts and bill pay for a Louisiana-area community bank.
- Traditional Bank Mobile — account and transfer surfaces on the same platform.
- Flatirons Bank Mobile — Colorado community bank, balances and transactions.
- Redwood Capital Bank Mobile — California community bank, deposit and transfer features.
- Quail Creek Bank Mobile — Oklahoma community bank, accounts and payments.
- Community Bank Delaware Mobile — another Xpress Mobile tenant with the same data shape.
- Community State Bank Mobile — Oklahoma community bank on the shared platform.
Questions integrators ask about this app
Is the data the same as on other Apiture Xpress bank apps?
Largely, yes. Colfax runs as tenant cbccla on the shared Xpress Mobile codebase, so account, transaction and transfer objects follow Apiture's schema. The differences are tenant configuration — which products Colfax enables, payee lists, branch reference data — not the object model. We pin the build to Colfax's tenant so responses are validated against its shape, not a neighbouring bank's.
Can transactions be queried by check number, like the app's own search?
Yes. The app exposes search by date, amount and check number, which means check number is a real indexed field on the transaction object, not a client-side filter. We keep that query dimension in the delivered API, which is useful for vendor-check reconciliation, rather than flattening everything to a date range.
What happens when Apiture ships a new Xpress Mobile build?
Apiture pushes vendor rebuilds across all tenants at once. We capture the auth and data flow with that in mind and keep a re-validation step in the maintenance window keyed to Apiture release notes, so a platform update is caught and corrected rather than silently breaking the sync.
Is CFPB Section 1033 a usable route for a bank this size today?
Not as a dependable one right now. The rule was finalized and then enjoined; a federal court has stopped the CFPB from enforcing it while the Bureau reconsiders, so the regulated data-rights path is not something to build on yet for a small Louisiana state-chartered bank. The practical route is consent-based access through the Apiture platform and the aggregators Colfax customers already use, or authorized protocol analysis of the app itself. Timing from a green light to a working query against balances and transactions is about one to two weeks.
How an engagement runs
Source-code delivery starts at $300, and you pay only after we deliver and you are satisfied — you get the runnable integration, the spec, the tests and the documentation, sized to a one-to-two-week cycle. The other model is the hosted API: call our endpoints for Colfax's surfaces and pay per call, with nothing upfront. You give us the app name and what you need from its data; access, authorization and compliance are arranged with you as part of the work, not asked of you before it starts. Tell us which surfaces you want at /contact.html and we will scope it.
App profile — Colfax Banking Company
Colfax Banking Company is a community bank headquartered in Colfax, Grant Parish, Louisiana, founded in 1901 per public bank directories and serving Central Louisiana through five branches in Colfax, Dry Prong, Pollock and Pineville. It is a state-chartered commercial bank supervised by the FDIC. Its mobile app, package com.apiture.xpressmobile.cbccla.sub per the Play Store, is built on Apiture Xpress Mobile and offers balance and transaction lookup (searchable by date, amount or check number), transfers between a customer's accounts, bill pay with recent and scheduled payments, camera-based mobile check deposit, a GPS branch and ATM finder, and biometric sign-on. Colfax Banking Company and Apiture are independent third parties; this page is an integration reference and is not affiliated with or endorsed by either.