IBBL iSmart app icon

Islami Bank Bangladesh · iBanking data

Reaching the iBanking profile behind IBBL iSmart

Behind the IBBL iSmart login sits an iBanking profile that holds a per-account statement you can download as a PDF, plus account detail, cheque-book requisitions, and a running record of transfers and bill payments — that is the material an integrator actually wants. The app is the mobile front end for Islami Bank Bangladesh's iBanking service; the balances, statements and transaction history live on the bank's servers, not on the handset. Islami Bank is one of the country's largest private commercial banks and runs on a Sharia-compliant model, which shapes how some product records read. This page is about the data that profile holds and the authorized way we reach it.

The bottom line: there is genuine server-side state here, gated by a personal iBanking login, and the account holder can authorize access to it. We would reach it by mapping the authenticated traffic between the app and the iBanking backend and rebuilding the statement, account-detail and transfer calls as a clean interface, using the app's own PDF statement download as a check on what we extract. No live national open-banking scheme is needed for that, and none is available yet in Bangladesh.

What sits behind the iBanking login

Each surface below is something the app itself exposes to a signed-in user, named the way IBBL names it. The value for an integrator is in turning those one-at-a-time screens into records you can query, reconcile and sync.

Data domainWhere it originates in the appGranularityWhat an integrator does with it
Account statementAccount Statement — per-account, downloadable as PDFTransaction-level: date, particulars, debit, credit, running balanceParse into structured rows for accounting, reconciliation, or a data warehouse
Account detailAccount Information in the iBanking profilePer account: title, number, product type, balanceSync balances and account metadata into a treasury or bookkeeping view
Intra-bank transfersiTransfer — fund transfer to IBBL accountsPer transfer: source, beneficiary, amount, timestampFeed a payment ledger; confirm settlement against the statement
Interbank transfersiTransfer (Other Bank) over EFT/NPSBPer transfer plus rail tag (EFT vs NPSB)Reconcile outbound interbank flows; separate rails for reporting
Utility-bill paymentsUtility Bill Payment — electricity, gas, waterPer payment: biller, account, amount, dateExpense categorisation; match bills against a budget system
Airtime / WiMAX rechargeiRecharge and Wimax Recharge (Banglalion, Qubee)Per top-up: operator, MSISDN, amountTrack telecom spend; audit recurring recharges
Cash / remittance eventsiCashRemit — cardless ATM withdrawal, send-to-mobilePer event: type, amount, referenceFlag cash-out activity in a monitoring or ops feed
Cheque-book requestsIssue Cheque Book RequisitionPer request: account, statusTrack instrument issuance in a back-office workflow

Getting the data out — the routes that apply here

Two routes carry the weight for this app, with a third as a check. None of them depends on a scheme Bangladesh has not turned on yet.

Consented interface integration (the one we would run)

With the account holder's authorization, we map the authenticated calls the app makes to the iBanking backend and rebuild the ones that matter — login and token handling, account detail, statement query, transfer history — as a documented interface. This reaches every surface in the table above at transaction granularity. Effort is moderate; the auth handshake and the statement query are the parts that need care. Durability is good, because those server endpoints move less often than the screens in front of them. We arrange the consenting test account and the credential handling with you as part of getting started, so the mapping runs against a real signed-in session.

Native PDF statement export (the check)

The app already lets a user download a statement as a PDF. That is the lowest-effort path to the historical ledger, and we use it two ways: as a fallback when a structured pull is not needed, and as a reference we diff our parsed rows against so the extraction is provably faithful. It is per-account and user-driven, so it suits history and audit more than live sync.

A forward path onto a national scheme

Bangladesh Bank has signalled open-banking guidelines and standardised API protocols around June 2026, per The Business Standard, with a working committee expected first. When that arrives, consent-based account access could move onto a formal channel. We design the normalized output now so it can ride that scheme later without a rebuild, but we do not wait on it — the consented route works today. For IBBL iSmart, the consented interface integration is the route we would actually build on, with the PDF export wired in as the correctness check; the national scheme is where the same work migrates when the rules are published.

A statement fetch, sketched

Illustrative pseudo-code for the statement surface — field names and the exact token step are confirmed during the build against a consenting session, not asserted here. The package identifier (com.ionicframework.icellular894076, per the Play listing) suggests an Ionic/Cordova hybrid shell, so the app talks to the iBanking backend over HTTPS calls we can observe and replay under authorization.

# Authorized, consent-based session against the IBBL iBanking backend.
# Illustrative only; auth flow verified during the engagement.

session = ibbl.login(user_id, credential, device_ctx)   # returns bearer/session token
token   = session.token

def account_statement(account_no, date_from, date_to):
    resp = ibbl.get(
        "/ibanking/account/statement",
        params={"acc": account_no, "from": date_from, "to": date_to},
        headers={"Authorization": f"Bearer {token}"},
    )
    if resp.status == 401:            # token aged out mid-pull
        refresh(session); return account_statement(account_no, date_from, date_to)
    if resp.status == 429:            # backend rate cap — back off, keep the window
        backoff(resp.retry_after)

    rows = []
    for tx in resp.json()["entries"]:
        rows.append({
            "date":    tx["valueDate"],
            "detail":  tx["particulars"],
            "debit":   tx.get("debit"),
            "credit":  tx.get("credit"),
            "balance": tx["runningBalance"],
            "rail":    classify_rail(tx["particulars"]),   # IBBL vs EFT/NPSB
        })
    pdf = ibbl.get("/ibanking/account/statement.pdf", params={"acc": account_no})
    assert reconcile(rows, pdf), "parsed rows must match the downloadable PDF"
    return rows
      

What we hand over

Everything below is scoped to IBBL iSmart's own surfaces, not a stock feature list:

  • OpenAPI/Swagger spec for the reachable calls — account detail, statement query, transfer history — with request/response shapes as observed.
  • Protocol and auth-flow report covering the login handshake, the session/bearer token, refresh behaviour, and the rate-limit signals seen on the statement endpoint.
  • Runnable source for the key endpoints in Python or Node.js, including the statement pull, the PDF-versus-rows reconciliation, and rail classification for EFT/NPSB entries.
  • Automated tests that assert parsed statement rows reconcile to the downloaded PDF and that a token-expiry mid-pull recovers cleanly.
  • Interface documentation a developer can follow to run and extend the integration.
  • Compliance and retention notes written to the Personal Data Protection Ordinance's consent-and-minimization expectations, so the account holder's authorization is logged and scoped.

Where Bangladeshi rules stand, and how we stay inside them

Bangladesh does not yet run a live account-information regime, so the honest legal basis is the account holder's own explicit consent to access their own iBanking data — not a scheme we can point at. The Personal Data Protection Ordinance, 2025, approved by cabinet in October 2025 and gazetted the following month per The Daily Star's reporting, makes that consent the anchor: it must be explicit, informed and freely given, it can be withdrawn at any time, and a data controller must stop processing once it is. We build to that shape — consent captured and logged, purpose stated, only the fields the use case needs pulled, and retention bounded. Where a client's own policy calls for it, work runs under an NDA. On the rails side, the interbank transfers the app makes ride NPSB and EFT under Bangladesh Bank's payment-systems oversight; that context matters for how we tag and describe transfer records, not as something the reader must clear.

Build details specific to this app

A hybrid Ionic shell means the interesting logic is in the calls to the iBanking backend, not in native code — so we mount the integration on the observed HTTPS traffic of a consenting session and rebuild those calls cleanly, rather than trying to instrument the app container. We arrange that signed-in session and the credential handling with the account holder when the engagement opens.

Islami Bank runs Sharia-compliant products, so some statement particulars carry profit-sharing and product labels that a conventional-banking parser would mis-bucket; we map those labels explicitly during extraction so a Mudaraba or investment-account entry lands in the right category instead of a generic bucket. And because a statement pull can span a long history window, we page the statement query and design the sync around token expiry — the snippet's 401 refresh is there because a long pull will outlive a single session token — so a multi-month export completes without silently dropping a page.

What teams actually build with this

  • Bookkeeping sync — pull the statement nightly, normalize the rows, and post them into an accounting ledger with rail and biller tags already attached.
  • Cash-flow view for an SME — combine account detail (balances) with transfer and bill-payment history to show money in, money out, and what is committed.
  • Reconciliation service — match outbound iTransfer and EFT/NPSB entries against an internal payables system and flag anything unsettled.
  • Audit export — hand an auditor the parsed statement plus the source PDF for a fixed period, with the reconciliation proof attached.

Screens we mapped against

Store screenshots we used to trace the surfaces named above. Select to enlarge.

IBBL iSmart screen 1 IBBL iSmart screen 2 IBBL iSmart screen 3 IBBL iSmart screen 4 IBBL iSmart screen 5 IBBL iSmart screen 6 IBBL iSmart screen 7
IBBL iSmart screen 1 enlarged
IBBL iSmart screen 2 enlarged
IBBL iSmart screen 3 enlarged
IBBL iSmart screen 4 enlarged
IBBL iSmart screen 5 enlarged
IBBL iSmart screen 6 enlarged
IBBL iSmart screen 7 enlarged

What we checked, and when

We read the app's own store description and feature list for the surfaces it exposes, cross-checked Bangladesh's payment-systems and open-banking status against Bangladesh Bank and national press, and confirmed the data-protection basis against the Personal Data Protection Ordinance, 2025 as reported in July 2026. Primary sources:

OpenBanking Studio integration desk · mapping reviewed July 2026.

Other Bangladeshi banking and MFS apps in the same picture

A unified integration usually spans more than one institution. These are the neighbours we see most often alongside IBBL iSmart, each holding its own server-side records:

  • bKash — the largest mobile financial service in Bangladesh; wallet balance, send-money and bill-pay history.
  • Nagad — MFS wallet from Bangladesh Post, with transfers, top-ups and merchant payments.
  • Rocket — Dutch-Bangla Bank's mobile money service, one of the early MFS players.
  • Citytouch — The City Bank's internet-banking app, with account and card records.
  • EBL Sky Banking — Eastern Bank's app, oriented to account and business banking.
  • NexusPay — Dutch-Bangla Bank's cardless app spanning accounts and cards.
  • Upay — UCB's mobile financial service for transfers and payments.
  • iPay — an e-wallet with recharge, send-money and bill-payment records.

Questions integrators ask about IBBL iSmart

Can you retrieve the PDF account statement the iBanking profile generates?

Yes. The app already renders a per-account statement and exposes a PDF download, per its Play Store description, so that document is a native artefact of a consented session. We capture the same request the app makes, keep the statement PDF, and also parse the line items into structured rows (date, particulars, debit, credit, running balance) so the output is queryable rather than just a file.

Bangladesh has not switched on a standardised open-banking scheme yet. Does that block the work?

No. The dependable basis is the account holder's own authorization to reach their own iBanking profile, which stands today. Bangladesh Bank has signalled open-banking guidelines and standardised API protocols around June 2026, per The Business Standard; we build the integration so the same normalized output can move onto that scheme when it lands, without a rewrite.

Which transfer rails show up in the data, just IBBL, or interbank too?

Both. iTransfer moves funds between IBBL accounts, and iTransfer (Other Bank) sends to other banks or cards over the EFT/NPSB channel, per the app's own feature list. In the extracted transaction records we tag each entry with the rail it used so downstream reconciliation can tell an intra-bank transfer from an NPSB-routed one.

If Islami Bank changes the iBanking front end, does the integration keep working?

The account and statement endpoints behind the app tend to be stabler than the screens, but a front-end change can still shift a field or a token step. We ship a small re-validation suite that flags a broken field before it reaches your data, and we treat front-end drift as ordinary maintenance rather than a surprise.

Delivery and how to start

Delivery runs one to two weeks from the point we agree which surfaces to map. You can take it either way: pay from $300 for the source-code delivery — runnable API source, the OpenAPI/auth-flow spec, tests and interface documentation, settled only after it lands and you are satisfied — or skip any upfront cost and call our hosted endpoints, paying only for the calls you make. All we need to begin is the app name and what you want out of its data; the consenting session, credential handling and compliance paperwork are arranged with you as the work gets going. Tell us the surfaces you care about at /contact.html and we will scope it.

App profile — IBBL iSmart at a glance

IBBL iSmart is the mobile companion to Islami Bank Bangladesh's iBanking service, published for Android (package com.ionicframework.icellular894076, per Google Play) and iOS. Its features, per the store listing, include iRecharge airtime top-up, iTransfer and iTransfer (Other Bank) over EFT/NPSB, utility bill payment, iCashRemit cardless withdrawal and send-to-mobile, WiMAX recharge for Banglalion and Qubee, cheque-book requisition, account information, a downloadable PDF account statement, and an ATM/branch locator. The bank operates on a Sharia-compliant model. This is a neutral factual recap for context; OpenBanking Studio is not affiliated with Islami Bank.

Mapping reviewed 2026-07-01.