Mexico, Maine. Oxford FCU runs the Symitar Episys core through Synergent, and that one fact does most of the work in shaping how an integration goes together. The data sits in a conventional Jack Henry / Symitar ledger. The mobile front end is a thin client over a well-understood vendor auth chain. The routes a fintech actually uses to reach this kind of credit-union app are the same routes used across the wider US market: a member-permissioned aggregator pull, or a member-consented direct integration we build against the app's own traffic. For most callers the second route is what we recommend, because aggregator coverage on a $200M-asset community CU is variable, while the direct route gives you a stable, single-tenant feed you control.
What Oxford FCU actually holds for a member
The Google Play listing and the credit union's own help pages line up on the surface area. It is conventional community-CU data, with a couple of useful extras (tags, notes, check images) that most national bank apps don't expose. Per ofcu.org's account-services page, the in-app capability set is the following:
| Data domain | Where it shows up in the app | Granularity | Why an integrator wants it |
|---|---|---|---|
| Account list and balances | Customizable dashboard (Compact / Expanded / Total views) | Per-account current and available balances | PFM aggregation, cashflow scoring, business reconciliation |
| Transaction history | Account detail; tags, notes and receipt/check photos attached per transaction | Per-transaction line items with member-added metadata | Categorisation, expense tracking, audit evidence — the member-added tags and images are unusually rich for a CU this size |
| Balance alerts | Member-configured threshold alerts | Per-rule notification events | Trigger feeds for liquidity tools and overdraft prediction |
| Transfers and payments | Inter-account transfers; person-to-person; bill pay against pre-enrolled payees | Per-instruction history with status | Treasury, invoice reconciliation, payment-status webhooks |
| Mobile check deposit | Front/back image capture; $5,000 daily cap, first $225 available immediately as the credit union publishes | Per-deposit metadata and image binaries | Income verification, receipt archive, fraud-image checks |
| Card controls (myCards) | Card freeze, location and merchant-type rules, spending limits, spending insights | Per-card state and rule set | Real-time card-state sync, merchant-category analytics |
| Statements | Monthly PDFs viewable and saveable | Per-month PDF | Document-driven KYC, accounting handoff |
| Branch / ATM locator | Maps view inside the app | Static reference data | Member-facing UX inside partner apps |
The routes that actually apply here
1. Member-permissioned aggregator pull
The default route for any US credit union of this size. The member authenticates inside a Plaid, Akoya, MX, Yodlee or Finicity Link flow, the aggregator brokers credentials or tokens, and you receive a normalised feed. Coverage on a $200M-asset Maine CU is the variable to test — large CUs are universally covered, small ones less consistently. We confirm coverage on a real member before you commit to a route, and we wire fallbacks. Effort: a week if coverage is clean. Durability: high while aggregator support holds; subject to whatever shape the CFPB's Section 1033 reconsideration eventually takes.
2. Member-consented direct integration (recommended for production volume)
The route we usually recommend for callers who need a stable, single-tenant feed without aggregator coverage risk. With the member's written consent (we draft the language) we map the mobile app's own request chain — login, session, account list, transactions, statement PDF — and ship a runnable client that reproduces it under your service account. The member's credentials never leave their device or your vault; the integration runs on the same access tokens the official app produces and refreshes. Effort: 1–2 weeks. Durability: stable for months at a time, with a re-check pass scheduled whenever the credit union deploys a noticeable UI change.
3. Native export fallback
Monthly statement PDFs and on-demand CSV exports the member can pull from the web banking surface. Lower fidelity, but useful as a parallel cross-check for the higher routes — we wire it as a verification path, not a primary feed.
What lands in your repo
- OpenAPI 3.1 spec for the endpoints you actually need — accounts, transactions (with tags / notes / image links), transfers, statements, card state — written against the data shape Oxford FCU actually returns, not a generic schema.
- Auth-flow report. Login, session, token refresh, biometric handoff and step-up triggers as they behave for this app. Diagrams included; sequence is captured from a real consenting member's session during the build.
- Runnable source in Python and Node.js. One small client library plus example callers for each endpoint, with the request signing, retry, and rate-limit handling already in place.
- Automated tests against recorded fixtures and (where the consent allows) a live nightly smoke run, so you know within a day if the upstream surface has shifted.
- Interface documentation — a short technical manual a new engineer on your side can read in an afternoon and be productive against.
- Compliance pack — the consent form template, data-minimisation defaults, a retention recommendation, and the auth diagram a security reviewer will want.
What it looks like on the wire
Illustrative shape, refined during the build against the actual responses Oxford FCU returns. The endpoints below are typical of the Jack Henry / Symitar mobile chain — exact paths and field names are confirmed in the auth-flow report.
# Step 1 — member auth, with biometric/passcode handoff already passed on device
POST /m/auth/session
{ "deviceId": "<attested-device-id>",
"memberId": "<member-id>",
"factor": "biometric" }
→ { "sessionToken": "...", "refresh": "...", "expiresIn": 1800 }
# Step 2 — accounts and balances
GET /m/accounts (Bearer <sessionToken>)
→ [{ "id":"S1", "type":"share", "name":"Primary Savings",
"available": 4128.55, "current": 4128.55, "currency":"USD" },
{ "id":"L7", "type":"loan", "name":"Auto Loan",
"principal": 14210.02, "nextDue":"2026-06-12" }]
# Step 3 — transactions, with member-added tags/notes/images
GET /m/accounts/S1/transactions?since=2026-04-01
→ [{ "id":"t_91", "postedAt":"2026-04-18", "amount":-42.10,
"merchant":"HANNAFORD #214",
"tags":["groceries"], "note":"weekly",
"attachments":[{"kind":"receipt","url":"/m/img/r_91"}]}]
# Step 4 — token refresh (call before expiry; back off on 401)
POST /m/auth/refresh
{ "refresh": "..." } → { "sessionToken":"...", "expiresIn":1800 }Error handling and 401-on-step-up paths are written out in the report; the client library backs off, refreshes, and surfaces a single typed error your code can switch on.
Engagement
For Oxford FCU specifically: source-code delivery starts at $300, and you pay only after we hand over the build and you've confirmed it runs against a real consenting member's account. The alternative is pay-per-call against our hosted endpoint — no upfront fee, you pay only for the traffic you actually send. Either way, scope to delivery is 1–2 weeks. To start, send the brief — what data you need and what you're doing with it — through our contact page, and we'll come back with a route recommendation and a fixed price.
Engineering notes we account for
- We map the mobile auth chain against the device-attestation behaviour the app uses (passcode and biometric step-up), so the integration produces tokens the server treats the same as the official client — no spurious step-up loops in production.
- Transaction records on this app carry member-added tags, notes and image attachments. We treat those as first-class fields rather than discarding them, because they're a real part of what makes this data useful to a PFM or accounting integrator, and we set image fetches to lazy by default to keep payload sizes reasonable.
- Mobile check deposits include front/back images and a $5,000 daily ceiling. We pull only what the consent covers, encrypt images at rest if your side persists them, and pass the funds-availability state through as a flag rather than re-deriving a Reg CC hold from raw timestamps.
- Synergent / Symitar deploys can shift cosmetic and occasionally structural details on the mobile surface a few times a year. The maintenance plan includes a recurring re-check that exercises the live endpoints against fixtures, so the client library and its tests stay in step with the upstream — you find out from the smoke run, not from a member complaint.
- Access arrangements (a consenting member account, or a sandbox where the credit union or its vendor will provide one) are scoped together with you during onboarding; we draft the consent paperwork and the data-handling addendum so the legal side moves in parallel with the build, not after it.
Consent and the US data-rights picture
The dependable basis for any of this is the member's own authorization — written consent, scoped to the data domains you actually need, with a stated expiry and a revocation path. That is what we wire the integration against and what the consent paperwork records.
The forward-looking US framework is the CFPB's Personal Financial Data Rights rule under Section 1033 (12 CFR Part 1033). As of this writing it is not in force: a federal court in the Eastern District of Kentucky enjoined the CFPB from enforcing the rule on October 29, 2025, and the Bureau opened an Advance Notice of Proposed Rulemaking in August 2025 to reconsider it (comment period closed October 21, 2025). No replacement rule has been issued yet, per Cozen O'Connor's tracking of the reconsideration and the CFPB's own reconsideration page. We track this because it shapes the eventual shape of an aggregator route — fee allocation, security and privacy obligations, who counts as a "representative" — but we do not stake your integration on it being settled. Your member's consent is what the build runs on today.
How a build runs end to end
- Brief. You send the data domains you need and the use case; we come back inside a day or two with a route recommendation and a fixed price.
- Access. We arrange a consenting member account with you — yours, a colleague's, or a tester you nominate — and draft the consent form and data-handling addendum.
- Capture and mapping. We run the app under instrumentation, map the auth and data chain, and write the OpenAPI spec.
- Build. Client library, runnable callers, fixture-based tests and (where allowed) a live smoke run.
- Handover. Repo, documentation, auth-flow report, compliance pack. You confirm it runs; that's the trigger for invoice on the source-code model, or the green light to point traffic at the pay-per-call endpoint.
Interface evidence
App screenshots taken from the public Google Play listing; click to zoom.
Sources and reviewer
What we checked, for this brief: the credit union's own digital-banking pages on ofcu.org and the public help content there; the Google Play listing for org.ofcu.grip; Synergent's own announcement that Oxford FCU renewed its Symitar Episys agreement; and the current status of the CFPB Section 1033 rule via the Bureau's reconsideration page and Moore & Van Allen's tracker of the injunction.
OpenBanking Studio · integration desk notes, 2026-05-24.
Peer apps in the same integration neighbourhood
Most callers reaching us about Oxford FCU end up wanting a small portfolio of community-CU integrations, not a single one. The names below sit in the same shape — small-to-mid US credit-union mobile apps on conventional vendor stacks — and the same routes apply to each:
- Maine State Credit Union — Augusta-headquartered CU app with balances, bill pay, mobile deposit and card controls.
- Community Credit Union (Maine) — Lewiston/Auburn area CU with a weekly spending report and predictive NSF alerts in-app.
- Central Maine Credit Union — full account, transfer, loan-payment and mobile-deposit surface for members.
- OTIS Federal Credit Union — community CU also in Maine, comparable mobile feature set.
- Casco Federal Credit Union — another Synergent-hosted Symitar credit union per Synergent's published client list, so the integration shape is near-identical.
- Maine Harvest Federal Credit Union — niche federal charter focused on the state's organic farming community.
- UCU (University Credit Union, Maine) — Orono-based CU with a similar member-facing mobile app.
- Lighthouse Credit Union — Dover, NH credit union serving Maine and New Hampshire members through online and mobile banking.
Questions integrators ask
Can member data move out of Oxford FCU without involving Synergent or the credit union directly?
Yes, in the same way it does for most US credit unions of this size — through a member-permissioned aggregator pull (Plaid, Akoya, MX, Yodlee, Finicity), or through a direct member-consented integration we build against the mobile app's traffic. Neither route requires anything custom from Synergent or the credit union; both rely on the member's own authorization. If you would prefer a tokenized FDX-style feed routed through the credit union's vendor chain, that is a separate scoping conversation we are happy to run for you.
What does the member actually see during consent for a direct integration?
For a member-consented build, the member signs your consent form, then completes Oxford FCU's normal login (passcode or biometric, per the app's described auth) inside a flow we hand off to. We do not store their credentials; the integration runs on the same access tokens the official app produces and refreshes. Scope and expiry are written into the consent record and surfaced to the member in your UI.
Does the Symitar Episys backend change what we can pull?
Mostly no, because the data path you'd use is whatever the mobile app already exposes to the member: balances, transactions with tags and check images, scheduled and posted transfers, bill-pay payees, monthly statements, card status. The Synergent-hosted Symitar core is the system of record behind all of that, which is mainly useful to know because it tells us the data shape is conventional credit-union ledger data and the auth chain is a typical Jack Henry / Symitar stack — both well understood.
How is mobile check deposit data handled in an extract?
Oxford FCU exposes per-deposit metadata (amount, deposit timestamp, note) and the front/back check images the member captured. We pull only what the consent covers, store images encrypted if you persist them on your side, and respect the funds-availability rules the app shows to the member (a daily $5,000 cap is what the credit union publicly documents, with $225 immediately available). Anything resembling Reg CC hold logic we leave as a flag on the record, not a derived field.
App profile (collapsed)
Name. Oxford FCU. Issuer. Oxford Federal Credit Union, headquartered in Mexico, Maine. Membership. Around 18,000 members across ten Maine counties (Androscoggin, Cumberland, Franklin, Kennebec, Knox, Lincoln, Oxford, Sagadahoc, Somerset, York), as a third-party CU directory lists it. Assets. In the order of $200 million per the same directory; Synergent's own renewal note cites $180 million at the time of the agreement. Platforms. Android (org.ofcu.grip, 5K+ installs on Google Play) and iOS (App Store id 1630257755). Backend. Symitar Episys core, hosted by Synergent. In-app feature set. Dashboard with Compact/Expanded/Total views, transaction tagging with notes and receipt/check images, balance alerts, bill pay against pre-enrolled payees, person-to-person and inter-account transfers, mobile check deposit ($5,000 daily, first $225 immediate), card controls under "myCards" (freeze, location, merchant category, spend limits), monthly statement PDFs, branch and ATM locator, 4-digit passcode or biometric login.