Mashreq Bank Pakistan holds its data behind a licence the State Bank of Pakistan granted under the 2022 digital-bank framework, with the consumer NEO app reaching commercial launch around November 2025 according to the bank's own announcement and the trade press that covered it. That recency matters more than it sounds: the account model, the Shari'ah-compliant product set, and the app's request shapes are all young and moving. Pulling clean records out of it is less about a stable published interface and more about reading the authenticated session the app already runs, under the account holder's consent, and turning it into something a back office can query.
The data worth reaching is ordinary retail-banking material: a balance, a dated transaction list, the transfer and bill-payment trail, card and profile attributes. The bank itself advertises a daily transfer ceiling of up to PKR 10 million, more than 4,000 billers, and free withdrawals across roughly 19,000 ATMs, as described in its store listing — so the transaction surface is rich and categorisable. Below is what each surface gives an integrator and the route we would actually run.
Account surfaces and what they yield
| Data domain | Where it lives in NEO | Granularity | Integrator use |
|---|---|---|---|
| Account & balance | Home / accounts view after login | Per account, current and available balance, currency | Balance checks, funding gates, net-worth aggregation |
| Transaction history | Statement / activity feed | Per posting: date, amount, counterparty, channel, running balance | Reconciliation, categorisation, affordability scoring |
| Transfers | Send-money flow (Raast, IBFT, intra-bank) | Per transfer: rail, beneficiary, status, reference | Payout confirmation, ledger sync |
| Bill payments | Pay-bills against 4,000+ billers | Per payment: biller, consumer number, amount, date | Expense feeds, recurring-spend detection |
| Cards | NEO Debit card management | Card status, masked number, linked account | Card-state checks, spend attribution |
| Profile & KYC state | Onboarding / settings | Identity attributes, account tier, NRP flag | Identity reuse, eligibility logic |
Routes in
Three routes genuinely fit a bank this new. They are not equal, and the recommendation sits at the end of this section.
Consented protocol analysis of the app session
With the account holder's permission, we observe the authenticated traffic the NEO app already exchanges with its backend, document the auth handshake and the endpoints behind balances, statements and transfers, and rebuild those calls as clean, callable code. This reaches everything the user can see in-app. Effort is moderate; durability depends on how often the bank reshapes its endpoints, which for a young app is often — handled by the maintenance pass described below. Onboarding here means we agree the consent and test-account setup with you at the start of the project.
SBP open-banking consent (forward-looking)
The State Bank of Pakistan has set an open-banking direction: licensed banks exposing accounts, balances and transactions through standardised, consent-based interfaces, with a shared e-KYC effort already announced. As that hardens into something a third party can register against, a consented connection becomes the most durable path. Today it is partial and uneven across institutions, so we treat it as the model to grow into rather than the one to ship on alone.
User-driven export as a checkpoint
Where the app or web channel lets a customer pull a statement, that export is a low-effort way to seed history and to validate that a live capture matches the bank's own figures. It is not a live feed, but it is a useful reconciliation anchor on day one.
For Mashreq NEO right now, the consented session capture is the path that actually delivers complete, current records; we build on it, keep the export as a cross-check, and shape the schema so a later SBP open-banking connection can slot in without a rewrite. That ordering is dictated by the bank's age, not by preference.
What lands at the end
Each engagement is concrete output tied to NEO's real surfaces:
- An OpenAPI/Swagger description of the reconstructed endpoints — balance, statement, transfers, bill-pay lookup — with request and response fields named as the app uses them.
- A protocol and auth-flow report: the login, token issuance and refresh chain, session headers, and any device-binding the app applies.
- Runnable source for the core endpoints in Python or Node.js, with the transaction normaliser that folds Raast, IBFT and biller payments into one schema.
- Automated tests built on captured fixtures, so a contract change shows up as a failing test rather than a silent gap.
- Interface documentation plus data-retention and consent-logging guidance written for the SBP context.
A session sketch
Illustrative only — field names and the exact auth chain are confirmed against live, consented traffic during the build, not guessed here.
# Consented session against Mashreq NEO Pakistan (illustrative)
POST /neo/auth/session
device_id, mpin_or_biometric_assertion -> { access_token, refresh_token, session_id }
GET /neo/accounts
Authorization: Bearer <access_token>
-> [ { account_id, type:"NEO_ISLAMIC_CURRENT", currency:"PKR",
balance_available, balance_current } ]
GET /neo/accounts/{account_id}/transactions?from=2026-05-01&to=2026-05-31
-> [ { posted_at, amount, dir:"DEBIT",
channel:"RAAST"|"IBFT"|"BILLER"|"CARD",
counterparty, reference, running_balance } ]
# normaliser output (one schema across rails)
{ "txn_id": "...", "account_id": "...", "ts": "2026-05-14T09:21:00+05:00",
"amount_minor": 1500000, "currency": "PKR",
"rail": "RAAST", "counterparty": "biller:KE-Electric",
"status": "SETTLED" }
# 401 -> refresh once, then re-auth; never replay an expired session_id
Consent and the SBP context
The governing authority is the State Bank of Pakistan, and the dependable legal basis for the work is the account holder's own informed consent to access their data through the integration. Mashreq operates as a Shari'ah-compliant digital bank under the SBP's digital-bank licence, and the SBP's open-banking framework points toward consent-based API sharing as the long-run channel — but that channel is still being built out, so we do not lean on it as if it were finished. Consent is scoped to named data domains, carries an expiry, and is revocable; we keep consent records and access logs, minimise to the fields a use case actually needs, and work under NDA where a client requires it. Cross-border handling matters here too, because NEO onboards Non-Resident Pakistanis — we keep residency and data-location questions in scope from the design stage.
Build notes specific to NEO
Two things about this bank shape the engineering, and we handle both rather than hand them back as conditions.
- NEO and NEO BIZ are different animals. The personal app and the SME app carry different account structures, entitlements and, on the business side, signatory roles. We model them as separate profiles so a consented business sync and a personal one never bleed into each other, and so multi-user authority on a BIZ account is represented rather than flattened.
- The Shari'ah-compliant product set names things its own way — remunerative current accounts, profit on savings rather than interest. We map those product types and their profit-posting records faithfully, so a downstream system reads a NEO statement the way the bank intends rather than forcing it into a conventional-interest mould.
- It is a brand-new app on a fast release cadence. We version the captured contract, hold fixtures per build, and run a re-validation step against live traffic during maintenance so an endpoint or screen change is caught early. Access and test accounts are arranged with you during onboarding.
Pricing
Source delivery starts at $300, and you pay it only after the runnable code is in your hands and you have checked it works against your own consented account. That is the first model: you own the source, the spec, the tests and the docs outright. The second is a hosted pay-per-call API — we run the integration, you call our endpoints and pay per call with nothing up front, which suits teams that would rather not host or maintain the connection themselves. Either way the build cycle is one to two weeks. Tell us the app and what you need from its data, and we handle access, consent setup and the rest — start at /contact.html.
Where this gets used
- A lender pulling a consented NEO transaction history to assess affordability without asking the applicant to upload PDFs.
- A personal-finance app aggregating a NEO balance and spend alongside a customer's other Pakistani accounts.
- An SME accounting tool syncing NEO BIZ transfers and biller payments into its ledger in near real time.
- A payroll or marketplace service confirming Raast payouts landed, by reading the transfer status rather than waiting on a manual check.
Screens referenced
Same shelf in Pakistan
NEO sits in a small field of licensed digital banks and electronic-money platforms; an aggregator usually wants several of these behind one schema.
- Easypaisa Bank — a licensed digital bank with a very large user base, holding wallet balances, transfers and a broad bill-pay set.
- Raqami Islamic Digital Bank — another SBP-licensed digital bank with a Shari'ah-compliant footing comparable to NEO.
- SadaPay — an EMI wallet holding balances, card spend and peer transfers, known for its interface.
- NayaPay — an EMI offering wallet balances, transfers and bill splitting for consumers and small businesses.
- Keenu — a wallet and payments platform holding transaction and merchant-payment records.
- Finja — a lending and payments platform with transaction and small-business credit data.
- Digitt+ — an electronic-money platform holding wallet and payment records.
- OneZapp — an EMI wallet from EP Systems carrying balance and transfer data.
Questions an integrator asks
Is Mashreq NEO covered by an open-banking consent regime in Pakistan?
Mashreq Bank Pakistan is licensed under the State Bank of Pakistan's 2022 digital-bank framework, and the SBP has set out an open-banking direction built on consented, API-based data sharing. The framework is still maturing, so we design around customer-consented access today and keep the data model aligned with where the SBP rules are heading.
Can you separate NEO personal accounts from NEO BIZ business records?
Yes. NEO serves individuals and NEO BIZ serves SMEs, and the two carry different account structures and entitlements. We model them as distinct profiles so a consented business sync does not get tangled with a personal one, and so role and signatory differences on the BIZ side are represented correctly.
How do you handle Raast transfers and the 4,000-plus biller catalogue?
Transfers and bill payments surface as dated, categorisable records once a session is held. We normalise Raast instant transfers, IBFT and biller payments into one transaction schema with counterparty, channel and status fields, so reconciliation against the bank's own categories stays clean.
What happens when Mashreq ships an app update that changes the traffic?
A young app iterates fast, so we expect the request and response shapes to move. We version the captured contract, keep fixtures from each build, and run a re-validation pass against the live flow as part of maintenance so a UI or endpoint change is caught before it silently breaks a sync.
Sourcing
Checked in June 2026 against the bank's launch announcement, two trade-press reports of the commercial launch, the SBP's digital-bank and open-banking material, and the app's own store listing for product and limit claims. Where a figure such as the profit rate or transfer ceiling appears, it is taken from those sources and dated to them, not asserted independently.
- Mashreq — NEO Pakistan launch announcement
- Retail Banker International — Mashreq digital retail bank commercial launch
- State Bank of Pakistan — Digital Bank regulatory framework
- Open Banking Tracker — Pakistan
Mapped by the OpenBanking Studio integration desk · 2026-06-07.
App profile — Mashreq Pakistan (factual recap)
Mashreq Pakistan (package com.mashreq.pakistan, per its Play Store listing) is the mobile app for Mashreq Bank Pakistan's NEO and NEO BIZ digital banking, a Shari'ah-compliant, mobile-first bank licensed under the State Bank of Pakistan's digital-bank framework. The bank's materials describe 5-minute account opening via CNIC, free transfers and ATM withdrawals, a daily transfer ceiling of up to PKR 10 million, more than 4,000 billers, and around 19,000 ATMs nationwide, with onboarding extended to Non-Resident Pakistanis. Profit rates cited in launch coverage reach up to 5% on remunerative current accounts and up to 10% on Islamic savings. This page is an independent integration write-up and is not affiliated with or endorsed by Mashreq.