Mashreq Pakistan app icon

Mashreq NEO · Pakistan digital bank

Getting account data out of Mashreq's Pakistan bank app

Mashreq's Pakistan app went live in November 2025 as Mashreq NEO, a fully digital, Shariah-compliant bank, and every balance, transfer and profit posting it shows sits behind an authenticated session — per its launch announcement. There is no web portal a script can quietly read. The records live inside the mobile app, reachable only after a device-bound login. That is the integration problem on this one, and it is the kind we take apart for a living: a regulated digital bank whose account, transaction and card data is exposed to the customer through the app and to nobody else by default.

The bottom line is short. The valuable data is per-customer and authenticated, the formal open-banking pipe in Pakistan is not finished yet, so the dependable route today is reading a consenting account through authorized interface work. Below is what that data looks like, how we reach it, and what you get back.

What sits behind the login

These are the surfaces the app actually exposes to a signed-in customer, named the way NEO presents them. Each maps to a structured record an integrator would want out.

Data domainWhere it shows in the appGranularityWhat you'd do with it
Accounts & profileOnboarding / KYC, account dashboardPer account: type (current, Islamic savings), account number, status, profile fieldsSeed customer records, confirm account ownership, segment by account type
Balances & profit accrualAccount dashboardLive balance per account; accrued profit on the Islamic savings accountReconciliation, profit tracking distinct from interest, personal finance views
Transaction historyStatement / activity screenPer line: date, amount, counterparty, channel, running balanceStatement export, categorisation, accounting and ledger sync
Transfers & beneficiariesSend-money module, beneficiary listOutbound and inbound transfers (Raast, IBFT), saved payees, daily limit usagePayment automation, beneficiary sync, limit monitoring
Bill & biller paymentsBills module (4,000+ billers, per the app's listing)Biller, amount, status, timestampExpense tracking, recurring-payment reconciliation
Cards & rewardsDebit card section (Mastercard Debit, PayPay Debit)Card status, controls, cashback ledger (the app advertises 10% grocery cashback, capped)Card management, rewards reconciliation

Routes in, and the one we'd actually take

A handful of authorized routes apply to NEO. They differ in reach, in how long they hold up, and in what we stand up to run them.

Authorized interface integration on the app session

We treat the app's own client-to-server traffic as the interface and rebuild it under the account holder's authorization: the login and device-binding handshake, the token, then the calls that return accounts, balances, transactions and transfers. Reach is wide — anything the customer can see, the integration can read. Effort is moderate, mostly in the auth chain and in keeping pace with a young app. Durability is good as long as we watch for app changes. Access is arranged with you during onboarding, against a consenting account or a test profile.

SBP open-banking consent rails

The State Bank of Pakistan has an open-banking framework, and its API guidelines are in development, with open banking already running as a sandbox theme. As those rails harden, consented account-information access through them becomes the cleaner long-run path. We build so the move onto them is a swap of transport, not a rewrite.

Native e-statement export

Where a client only needs periodic copies, the app's own statement download covers it — lower effort, coarser data, no live sync. Useful for accounting hand-offs rather than real-time products.

If you need something running now, the route we recommend is the first one: a consenting NEO session read through authorized interface integration, because it returns the full per-account picture today while Pakistan's open-banking pipe is still being laid. We design the same data model the SBP rails will eventually serve, so nothing is wasted when they go live.

The handover

Everything is tied to NEO's real surfaces, not a generic kit.

  • An OpenAPI / Swagger specification covering the accounts, balances, transactions, transfers and card endpoints we map.
  • A protocol and auth-flow report: the login, device-binding and OTP step-up, token issuance and refresh, written out as a sequence.
  • Runnable source for the key calls in Python or Node.js — authenticate, list accounts, page the statement, read transfers — with retries and error handling.
  • Automated tests against recorded responses, plus a normalisation layer that splits Islamic profit accrual from ordinary debits and credits.
  • Interface documentation, and compliance notes on consent capture, logging and data retention.

Inside a statement pull

Illustrative shape only, confirmed and tightened during the build. It shows the order of operations on a device-bound session like NEO's.

# 1) Authorize on a consenting account: app login -> device binding -> OTP step-up
session = neo.authenticate(
    msisdn=USER_MSISDN,           # account holder, with consent on file
    device_id=BOUND_DEVICE_ID,    # binding survives token refresh
    otp=step_up_otp,
)
access = session.token            # short-lived bearer; refresh tracked

# 2) Enumerate accounts (current + Islamic savings come back as distinct types)
accounts = neo.get("/accounts", auth=access)

# 3) Page the statement for one account
def statement(account_id, since):
    page = neo.get(f"/accounts/{account_id}/transactions",
                   params={"from": since, "cursor": None}, auth=access)
    for txn in page["items"]:
        yield {
            "ts": txn["postedAt"],
            "amount": txn["amount"],          # signed; PKR minor units
            "rail": txn.get("rail"),          # e.g. RAAST, IBFT, BILL, CARD
            "counterparty": txn.get("payeeAlias"),
            "kind": txn["entryType"],         # PROFIT vs DEBIT vs CREDIT kept apart
        }
    # follow page["nextCursor"] until exhausted

# Errors we handle: 401 -> silent re-bind + refresh; 429 -> backoff; OTP expiry -> re-prompt
      

What people build on this

  • Nightly accounting sync that posts NEO current-account activity and books Islamic-savings profit to its own line.
  • Income aggregation for freelancers and overseas Pakistanis — a group NEO courts — pulling inbound remittance credits into one view.
  • A combined-balance personal finance app that reads NEO alongside other Pakistani wallets.
  • Consented transaction history feeding an affordability or lending decision.

NEO is supervised by the State Bank of Pakistan under its January 2022 digital-bank licensing framework; Mashreq Bank Pakistan Limited is among the licensed digital banks. The data-sharing side is younger. SBP has published an open-banking framework, its API guidelines remain in development, and open banking is one theme in the SBP regulatory sandbox rather than a finished, mandated pipe. So the dependable legal basis for an integration today is the account holder's own consent, not a statutory data-access right.

Pakistan's general personal-data law is also still taking shape, with the Personal Data Protection Bill in draft as of this writing. We work to that reality: explicit, recorded consent from the account holder; access scoped to the domains a project needs; consent expiry and revocation honoured in code; full request logging; data minimisation; and an NDA where the engagement calls for it. Authorized, documented, consented — that is the only way we touch a live account.

Details we build around

Two things on NEO need real engineering judgment, and we handle both rather than handing them back as conditions.

First, this is a brand-new app. It launched in late 2025. Its screens and endpoints are still moving, so we add a monitoring step that flags a changed field or a shifted login flow before it quietly breaks a running sync, and we fold a short re-check into maintenance instead of waiting for a failure.

Second, NEO is Islamic-first, so return on the savings account is profit under a Mudaraba arrangement, not interest, and it posts as its own entry type. We model that field explicitly so downstream systems never read profit accrual as an ordinary credit. We also normalise across the dual current-and-savings structure, and we account for the separate non-resident onboarding path where the KYC and data shape differ. Access — a consenting account or a sandbox profile — is set up with you during onboarding.

Cost and turnaround

Delivery runs on a one-to-two-week cycle. Source-code delivery starts at $300: you receive the runnable API source, the spec, tests and the interface documentation, and you pay after delivery, once the build does what you needed. The other option is our pay-per-call hosted API — we run the integration, you call our endpoints and pay only for the calls, with nothing upfront. Tell us the app and what you want out of its data, and we handle the access and compliance from there. Start the conversation on the contact page.

Screens we worked from

Store screenshots used while mapping the surfaces above. Tap to enlarge.

Mashreq Pakistan app screen Mashreq Pakistan app screen Mashreq Pakistan app screen Mashreq Pakistan app screen Mashreq Pakistan app screen Mashreq Pakistan app screen Mashreq Pakistan app screen
Mashreq Pakistan screenshot enlarged
Mashreq Pakistan screenshot enlarged
Mashreq Pakistan screenshot enlarged
Mashreq Pakistan screenshot enlarged
Mashreq Pakistan screenshot enlarged
Mashreq Pakistan screenshot enlarged
Mashreq Pakistan screenshot enlarged

How we checked this

We read NEO's Play Store listing (package com.mashreq.pakistan, per that listing) and its screenshots to map the surfaces, then cross-checked the bank and regulatory picture against primary sources in June 2026: Mashreq's own NEO launch announcement, the State Bank of Pakistan's digital-bank framework page, the SBP open-banking sandbox cohort report, and SBP's Raast page. Where a number comes from the app's marketing — profit rates, transfer ceilings, biller counts — it is described as advertised, not asserted as audited fact.

Mapping compiled at the OpenBanking Studio integration desk, 2026-06-26.

Other Pakistani apps that hold the same kind of per-user financial data; a unified integration usually wants several of them side by side. Listed for context, not ranking.

  • Easypaisa — licensed digital bank with savings, lending and a broad wallet; holds wallet balances and transaction history.
  • JazzCash — large mobile-money platform with wallet, bill payments and transfers per account.
  • SadaPay — neobank-style app popular with freelancers; cards, balances and spending records.
  • NayaPay — e-money wallet with payments, transfers and bill-splitting data.
  • Raqami Islamic Digital Bank — Shariah-compliant digital bank with current, savings and term-deposit records.
  • Finja — payments and lending platform serving underbanked segments, holding credit and collection data.
  • UBL Omni — branchless-banking service with account and agent-transaction history.

Questions integrators ask about NEO

Can you split out the profit accrued on the Islamic savings account from ordinary transactions?

Yes. Mashreq NEO runs Shariah-compliant accounts where return is profit under a Mudaraba arrangement, not interest, and it posts as its own entry type. We model that field separately so accounting or PFM systems read profit accrual and ordinary debits and credits as distinct streams rather than lumping them together.

Is Pakistan's open-banking API far enough along to build on, or do you read the app session?

The State Bank of Pakistan published an open-banking framework and its API guidelines are still in development, with open banking running as a theme in the SBP regulatory sandbox. For a build that works today we read a consenting NEO account through authorized interface integration, and we keep the design ready to move onto the SBP rails as they go live.

How do Raast and inter-bank transfers appear in the data you pull?

Outbound and inbound transfers surface in the transaction history with the rail, counterparty alias or IBAN, amount and timestamp. Raast and IBFT entries carry enough detail to reconcile against a beneficiary list and to track usage against the daily transfer ceiling the app advertises.

Mashreq NEO only went live in late 2025 — does that affect the integration?

It does, and we plan for it. A young app changes its screens and endpoints often, so we add a monitoring step that flags a shifted field or login flow before it breaks a running sync, and we schedule a quick re-check into maintenance rather than waiting for a failure.

App profile: Mashreq Pakistan

Mashreq Pakistan (Mashreq NEO) is the Pakistan digital-banking app from Mashreq, published under package com.mashreq.pakistan on Google Play and also on the App Store, with an iOS build too. Per Mashreq, it launched in November 2025 as the country's first Islamic-first digital bank, operated by Mashreq Bank Pakistan Limited under the State Bank of Pakistan's digital-bank framework. The app advertises five-minute account opening, current and Islamic savings accounts, profit on the savings account, money transfers up to a high daily ceiling, debit cards, payments across thousands of billers, nationwide ATM access and grocery cashback rewards. It targets salaried workers, freelancers, women entrepreneurs and overseas Pakistanis, including non-residents onboarding from the UAE.

Updated 2026-06-26.