At roughly $312 million in assets per its year-end 2023 reporting and a national charter dating to 1904, First National Bank of Oneida is a small Scott County, Tennessee community bank — and the FNB Oneida app on Google Play (com.fnboneida.grip) and the App Store is the single member-facing surface it now ships. The app's headline trick is in-portal aggregation: a member logs in once and the home screen pulls together their FNB deposit and loan accounts alongside accounts the member has linked from other banks and credit unions. That detail shapes the whole integration: there is the bank's own ledger view, and there is a layer that fans out to third-party institutions, and an integrator working from FNB Oneida app sees both passing through one authenticated session.
The integration question is not exotic. A US community bank with a mobile app of this shape holds per-member structured records — balances, transactions, statements, payment history, alert preferences — behind one authenticated channel. The work is in reaching it cleanly, under the member's own authorization, and turning what the app speaks into a normalized interface a back-office system can call. That is what this brief covers.
Data the member portal exposes behind the login
From the app's own description and the in-app surfaces it advertises, the data set splits into the bank's first-party records and the aggregation layer that hangs off the home screen.
| Data domain | Where it originates in the app | Granularity | What an integrator does with it |
|---|---|---|---|
| Internal deposit accounts (checking, savings, CDs) | Home screen tiles, sourced from the bank's ledger | Per-account current and available balance, last-4, type | Daily portfolio refresh; reconcile against an internal ledger |
| Loan accounts | Same accounts view, alongside deposits | Outstanding principal, next payment, payoff where visible | Surface loan exposure inside a member dashboard |
| Aggregated external accounts | The aggregation feature the app frames as pulling other banks and credit unions into one view | Lower-resolution: refreshed balance plus recent transactions per linked institution, sometimes with a lag | Carry as a normalized read-only feed with provenance flagged |
| Transaction ledger with member annotations | Transaction detail; the app stores user-added tags, notes, and receipt photos server-side | Per-transaction row plus arbitrary annotations and attached image refs | Feed a PFM tool or an audit log; preserve annotations round-trip |
| Monthly statements | The "view and save your monthly statements" surface | Per-account PDF, monthly | Archive into a document store; index for search |
| Payments and transfers | Internal account-to-account transfers, bill pay to companies, P2P to individuals | Payment record with status, recipient, schedule | Reconciliation and accounting feeds |
| Mobile deposits and card controls | Check capture front/back, debit lock and reorder | Image refs, amounts, status; card state events | Capture trail and a card-management workflow |
Consented routes for reaching that data
Three routes apply here in practice.
1. Authorized member session against the digital-banking portal
The member authenticates the way they normally do in the app and we operate the same session shape on their behalf, under their written authorization. Effort is moderate, durability is good while the bank stays on its current online-banking platform, and this is the route we would recommend as the spine of the integration. It reaches the full first-party set: deposit and loan balances, transactions with annotations, statements, payments. Onboarding for this is something we handle alongside the client — we capture the member's consent, NDA where appropriate, and the scope of accounts in writing as part of the engagement.
2. The aggregation feed as a second-class read source
The in-app aggregation layer is a separate beast. The app calls out to an aggregation provider that has the member's external credentials on file, and the results are presented inside the FNB Oneida home view. We model that layer as a distinct upstream and a lower-fidelity feed, because update cadence, field coverage, and the chance of a linked-account dropout differ from the bank's own ledger. Treating it as one and the same is where small integrations get burned later.
3. Native statement download as a fallback
When the goal is historical balances and statement archive only, the bank's own "view and save your monthly statements" surface is a clean fallback — fetching the same PDFs the member would otherwise click through. Less useful when the integrator needs real-time balance polling, very useful when a client only needs end-of-month numbers.
Our recommendation is to take route 1 as the trunk and attach route 2 as a separately-labelled feed so the difference in source and freshness is never hidden from the consuming system.
What lands in your repo at the end of the build
The output of a normal FNB Oneida app build is a small, runnable bundle, not a slide deck.
- A Python (or Node.js, on request) client that opens an authorized member session, refreshes it, lists accounts, lists transactions with annotations, fetches statement PDFs, and reads the aggregation feed as a separate object.
- An OpenAPI 3.1 specification covering the endpoints the client touches, with example payloads taken from a real session captured during the build pass.
- A protocol and auth-flow report: how the login posts, what the device-binding token does, when the session expires, where the multi-factor challenge fires, how the aggregation provider's session sits behind the FNB one.
- An automated test suite — fixture-based for the parsing layer, live for the contract tests against a consenting account.
- Interface documentation aimed at the team that will operate the integration after handover, including the re-validation checklist that flags signal of a portal change.
- Data-retention and compliance notes specific to running this in the United States with a community-bank counterparty.
What a session and statement query looks like in code
The fragment below is illustrative — names and shapes confirmed during the build pass against a consenting account, not a published vendor schema.
# fnb_oneida_client.py — illustrative; field names confirmed during build
import requests
from datetime import datetime
class FNBOneidaSession:
BASE = "https://bank.fnboneida.com"
UA = "FNBOneida/3.x (Android; consent=member-explicit)"
def __init__(self, member_id, passcode):
self.s = requests.Session()
self.s.headers["User-Agent"] = self.UA
self.member_id = member_id
self.passcode = passcode
def login(self):
# device-binding token comes off the login screen first
r = self.s.get(f"{self.BASE}/login")
device_token = self._device_token(r.text)
r = self.s.post(f"{self.BASE}/auth/session", json={
"user": self.member_id,
"pw": self.passcode,
"deviceToken": device_token,
})
r.raise_for_status()
return r.json() # sessionId, memberContext, mfaState
def accounts(self):
# drives the home-screen tiles; first-party deposit and loan rows
return self.s.get(f"{self.BASE}/api/accounts/summary").json()
def transactions(self, account_id, since: datetime):
return self.s.get(f"{self.BASE}/api/transactions", params={
"accountId": account_id,
"from": since.strftime("%Y-%m-%d"),
}).json() # rows carry tags, notes, receipt image refs
def statement_pdf(self, account_id, year, month):
# binary fetch on the same authenticated session
return self.s.get(f"{self.BASE}/api/statements/pdf", params={
"accountId": account_id,
"period": f"{year:04d}-{month:02d}",
}).content
def linked_external(self):
# the aggregation feed; lower-resolution, treat as a second source
return self.s.get(f"{self.BASE}/api/aggregation/linked").json()
Member consent, the bank's size, and where US data-rights rules sit right now
For a US integration of this size and shape, the regulatory question is narrow: does anything put a present-tense data-sharing obligation on First National Bank of Oneida itself? In practice, no. The bank's reported assets sit around $312 million for 2023, well inside the small-depository range the CFPB carved out at the bottom of the Personal Financial Data Rights framework (the so-called §1033 rule), and the framework itself is not currently being enforced — CFPB enforcement of it has been enjoined and the agency is reconsidering the rule in a separate proceeding opened in 2025. The integration is not riding on §1033. What it rides on is the member's own authorization to access their banking data, captured in writing during onboarding, scoped to named accounts, and revocable.
Operationally that means: explicit member consent on file for the accounts and the data classes in scope; an audit log of every fetched object with timestamp and consent identifier; data minimization in transit (we fetch what was authorized and nothing else); an NDA between the studio and the client; and a retention policy agreed up front. If the §1033 picture later changes and a rule comes into force giving the member the right to direct the bank to share these fields with a third party, the same client can swap our consented-session layer for a regulated-data feed without redoing the downstream contracts.
Things we account for when wiring this up
A few items deserve to be named, because they are where a community-bank integration usually surprises the team six weeks in.
- Two upstreams, one screen. The home view of FNB Oneida app shows internal deposit and loan rows next to aggregated external rows. They are not the same data. We model them as separate sources in the normalized schema, carry provenance on every row, and tag freshness per source so a downstream system never treats an external-feed balance as a real-time core balance.
- The bank's online channel is on a Jack Henry / NetTeller-class platform. The bank brands its online banking as 1st Choice NetTeller. We structure the parsing layer around the JSON endpoints the app actually calls, not against HTML scrape paths, and isolate the auth flow into a single module — so a future platform change at the bank turns into a scoped patch rather than a rewrite. We hand over a short re-validation checklist with handover so the operator team can run the same change pass.
- The aggregation provider behind the scenes. The third-party institutions the member links surface through an aggregation provider sitting behind FNB's app, not through FNB itself. We probe that layer separately during the build, document its failure modes (a linked account dropping into a re-auth state is the common one), and write the client so a dropout on one external account never poisons the rest of the session.
- MFA and device binding. The login flow carries a device-binding token and a step-up challenge on first-time-sensitive actions. We scope the build around a long-lived consented session on a single trusted device profile per member, kept in sync with whatever MFA pattern the bank is using on that account at engagement time.
- Statements and deposit images are binary objects. They share the auth chain but travel off different endpoints than the JSON calls. We treat them as a second class of object in the client — a document fetcher that resolves a statement reference or a deposit-image reference into bytes, with the same session, into whatever document store the integrator nominates.
Pricing and timing for an FNB Oneida app build
A normal FNB Oneida app build runs one to two weeks end-to-end. Source-code delivery starts at $300 for the runnable client, the OpenAPI spec, the protocol report, the test suite, and the interface documentation; payment is on delivery, once the client is satisfied with what landed in their repo. The hosted route is the same engineering work behind a metered endpoint: you call our API and pay per call, with no upfront cost. The client gives us the app name and what they need from its data; access scoping, consent capture, and compliance paperwork are arranged with the client during onboarding.
To start a conversation about a build, write to us via the contact page with the data you need from FNB Oneida app and the system you intend to feed.
Source notes
This brief draws on: the FNB Oneida app store listings on Google Play and the App Store; the bank's own mobile-banking and online-banking pages at fnboneida.com; the OCC's July 2024 CRA public disclosure for the bank's reported assets and footprint; and the CFPB's Personal Financial Data Rights Reconsideration page for the current status of the §1033 rule.
Reviewed 2026-05-24 by the OpenBanking Studio integration desk.
Other community-bank apps integrators tend to ask about
Engineering teams that ask us about FNB Oneida app are usually mapping a wider set of US community-bank or credit-union mobile apps into one unified back-office feed. The names below come up most often in those conversations — listed neutrally, not ranked.
- Citizens Community Bank (CCB) Mobile App — a similarly-sized Tennessee community-bank app covering balances, transfers, and bill pay; the same integration pattern applies.
- Eastman Credit Union mobile app — a larger east-Tennessee credit union; richer member-portal surface than FNB Oneida and a more elaborate aggregation strategy.
- Knoxville TVA Employees Credit Union (KTVAECU) app — long-running east-Tennessee credit union app; mobile deposit, transfers, balances, and a card-controls section the parsers can share with FNB Oneida.
- Appalachian Community FCU mobile banking — a smaller regional credit union app serving Carter, Hawkins, Sullivan, Unicoi and Washington counties; similar shape to FNB Oneida's first-party surface.
- Leaders Credit Union mobile app — west-Tennessee credit union with a comparable mobile-deposit and bill-pay set.
- TENCU mobile app — Nashville, Cookeville, Knoxville, and Johnson City credit union; another Jack Henry-family digital channel that shares much of the parsing surface.
- CE Credit Union (Knoxville) mobile app — small Knoxville credit union; the relevant data domains map cleanly onto an FNB Oneida-style schema.
- Northeast Community Credit Union app — a small Carter County credit union with overlapping integration questions on consent and statement retrieval.
Questions integrators raise about FNB Oneida app specifically
Does the in-app aggregation surface that pulls other banks and credit unions into one view give us those third-party balances too, or only FNB Oneida's own accounts?
Both, but at different fidelity. Internal deposit and loan accounts come straight from the bank's own ledger view with strong granularity. The aggregated external accounts are fetched by an embedded aggregation layer the app calls out to, so they are typically lower-resolution: a refreshed balance and recent transactions per linked institution, sometimes with a lag. We carry provenance through the normalized schema so an integrator never confuses internal vs. external rows.
First National Bank of Oneida is well under $850M in assets — does that change how the integration is positioned legally in the United States?
It matters mostly because it removes one source of regulatory pressure. The bank reported total assets around $312M for year-end 2023, which is well below the $850M small-depository threshold the CFPB used when it scoped the smallest cohort under its Personal Financial Data Rights rule. That rule is currently enjoined and back at the CFPB for reconsideration, so the integration is not riding on it either way; the dependable basis is the member's own authorization to access their banking data.
Can mobile-deposit images and the monthly statement PDFs come through the same pipeline, or do those need separate handling?
They share the session and the auth chain, but they travel as binary downloads off different endpoints than the JSON balance and transaction calls. We treat them as a second class of object in the client: a document fetcher that resolves a statement reference or a deposit-image reference into bytes, with the same session, and writes them to whatever document store the integrator nominates.
If First National Bank of Oneida later changes its online-banking platform, does the integration break in a fixable way?
It breaks in a fixable way and we plan for that on day one. The bank's online channel today is branded around NetTeller, which is part of the Jack Henry family of products, so any future move would be platform-level rather than feature-level. We structure parsers around the JSON endpoints the app calls rather than HTML scrape paths, isolate the auth flow into one module, and hand over a re-validation checklist so a platform swap turns into a scoped patch rather than a rewrite.
App profile (factual recap)
Name. FNB Oneida app. Package. com.fnboneida.grip (Google Play); also published on the App Store as "FNB Oneida app". Publisher. First National Bank of Oneida — a small US community bank headquartered in Oneida, Tennessee, with branches in Helenwood and Winfield in Scott County and a LaFollette branch in Campbell County. Member FDIC; national charter (1904). Reported total assets ~$312M at year-end 2023, per the OCC's 2024 CRA public disclosure. Online-banking channel. Branded as 1st Choice NetTeller. App functions. Account aggregation across the member's FNB accounts and accounts linked from other banks and credit unions; transaction tags, notes, and receipt photos; balance alerts; account-to-account, bill pay, and P2P payments; mobile check deposit; debit-card lock and reorder; statement view and save; branch and ATM finder; 4-digit passcode plus biometric login on supported devices. Enrollment in First National Bank of Oneida digital banking is required to use the app.