Internet Banking Service API

FLEXBridge 2025 FLEXBridge API Documents Internet Banking Service API

This document provides technical details for the FLEX Internet Banking Service API, a component of the FLEXBridge System. This API facilitates the retrieval and updating of Internet Banking Profiles within the www.flexcutech.com system.

1. Overview

  • API Version: 1.77 and up
  • FLEX Release: 8.05
  • Purpose: The Internet Banking Service API manages Internet Banking Profiles, allowing for search, creation, and modification of member and account information.
  • Architecture: FLEXBridge is a RESTful API process.
  • Authentication: Built-in authentication is required. Refer to the FLEX Core System documentation for details on authentication and request headers.
  • Data Format: All data is sent and returned in JSON format.

2. Understanding FLEX Internet Banking User Profiles

FLEX supports two types of Internet Banking profiles:

  • Account Based:
    • Tied to a Member’s account number.
    • All users for that account share the same username and password for Internet Banking access.
    • Typically, credit unions convert to FLEX with all Member Internet Banking Profiles initially set up as Account Based.
  • User Based:
    • Tied to a single Member by their Tax ID.
    • Each individual (e.g., Primary Member, Joint Owner, Authorized Signer) has a separate username and password for account access.
    • Credit unions convert Member accounts to User Based profiles as needed.

Important Note: Always confirm Member and profile verification before making any changes. Incorrect actions are the responsibility of the credit union to correct.

3. API Functions and Endpoints

The following functions are available in the Internet Banking Service API:

3.1. Retrieve Internet Banking Profile List

This endpoint retrieves a list of Internet Banking Profiles associated with a given Tax ID.

  • Method: GET
  • REST URL:
    • https://{URL_ADDRESS}/api/ftuser/list/{TAX_ID}
    • https://{URL_ADDRESS}/api/ftuser/list/{TAX_ID}?suppresserror={value}
  • Request Parameters:
    • {TAX_ID}:
      • Type: String
      • Description: Individual’s Tax ID (maximum 9 characters).
      • Required: Yes
    • suppresserror:
      • Type: Boolean
      • Description: Filter option to suppress the HTTP 500 Status Code error when no profiles are found.
      • Valid Options: true or false.
      • Behavior:
        • true: Returns a blank “ftusers” object instead of an HTTP 500 error.
        • false: HTTP 500 error will still occur if no profiles are found.
      • Required: Optional
  • Example Request:
    • https://example.com/api/ftuser/list/123456789
    • https://example.com/api/ftuser/list/123456789?suppresserror=true
  • Response Object:
    • ftusers:
      • Type: List
      • Description: Lists all matching Internet Banking Profiles linked to the Tax ID.
  • Sample Success Response:
    {
      “ftusers”: [
        {
          “recordCode”: “”,
          “ssn”: 425110025,
          “userName”: “Hammer7575”,
          “firstAccountNumber”: 7979791,
          “activeUser”: true,
          “dateActivated”: “03/17/2021”,
          “disabled”: false,
          “reasonDisabled”: “”,
          “dateDisabled”: null,
          “mobileUser”: false,
          “contacts”: [
            {
              “label”: “Main Email”,
              “address”: “hankhammertime@testgmail.com”,
              “sequenceNumber”: 1
            }
          ]
        }
      ]
    }

  • Error Handling (HTTP 500):
    • If no profile is found, a 500 Internal Server Error may occur with “message”: “No profiles found with that SSN”.
    • This message can be suppressed using the suppresserror=true parameter.
    • Sample Error Response (without suppresserror=true):
      {
        “statusCode”: 500,
        “errorCode”: null,
        “message”: “No profiles found with that SSN”,
        “developerMessage”: null,
        “hostIP”: “10.201.0.9”,
        “user”: null,
        “stackTrace”: []
      }

    • Sample Response (with suppresserror=true):
      {
        “ftusers”: []
      }

3.2. Retrieve Internet Banking Profile by Username

This endpoint retrieves an Internet Banking Profile using a username when the account number or Tax ID is unknown.

  • Method: GET
  • REST URL: https://{URL_ADDRESS}/api/ftuser/username/{USER_NAME}
  • Request Parameter:
    • {USER_NAME}:
      • Type: String
      • Description: Username for lookup (maximum 16 characters).
      • Required: Yes
  • Example Request: https://example.com/api/ftuser/username/jsmith
  • Response Object:
    • ftuser:
      • Type: ftuser object
      • Description: Contains Internet Banking Profile information.
  • Sample Response:
    {
      “ftuser”: {
        “recordCode”: “”,
        “ssn”: “555221111”,
        “userName”: “Testuser1234”,
        “firstAccountNumber”: 600000,
        “activeUser”: true,
        “dateActivated”: “10/22/2015”,
        “disabled”: false,
        “reasonDisabled”: “”,
        “dateDisabled”: “01/01/2021”,
        “mobileUser”: false,
        “contacts”: [
          {
            “label”: “test@testfcu.com”,
            “address”: “test@testfcu.com”,
            “sequenceNumber”: 1
          }
        ]
      }
    }

  • Note: The credit union can change an individual’s Username at any time. If the service responds with “Unable to find the user,” review the request value.

3.3. Retrieve Internet Banking User Profile by Tax ID and Account Number

This endpoint retrieves an Internet Banking Profile using both a Tax ID and an Account Number.

  • Method: GET
  • REST URL: https://{URL_ADDRESS}/api/ftuser/{TAX_ID}/{ACCOUNT_NUMBER}
  • Request Parameters:
    • {TAX_ID}:
      • Type: String
      • Description: Individual’s Tax ID (maximum 9 characters).
      • Required: Yes
    • {ACCOUNT_NUMBER}:
      • Type: Number
      • Description: Member account number (maximum 9 characters).
      • Required: Yes
  • Example Request: https://example.com/api/ftuser/123456789/123500
  • Response Object:
    • ftuser:
      • Type: ftuser object
      • Description: Contains Internet Banking Profile information.
  • Sample Response: (Same structure as “Retrieve Internet Banking Profile by Username” sample response)
  • Error Handling: If the service responds with “Unable to find the user,” review the request values.

3.4. Create an Internet Banking Profile

This endpoint creates a new Internet Banking Profile for a credit union member. FLEX recommends creating all new profiles as Account Based.

  • Method: POST
  • REST URL: https://{URL_ADDRESS}/api/ftuser/create?tellerID={TELLER_ID}&workstation={WORKSTATION_ID}
  • Request Parameters (URL):
    • tellerID:
      • Type: String
      • Description: Teller ID for the request (maximum 4 characters).
      • Required: Optional
    • workstation:
      • Type: String
      • Description: Workstation ID for the request (maximum 10 characters).
      • Required: Optional
  • JSON Body Attributes:
    • recordCode:
      • Type: String
      • Description: Indicates if profile is Account (‘A’) or User Based (any other code or blank). FLEX recommends ‘A’.
      • Required: Optional (default ‘A’ if included)
    • ssn:
      • Type: Number
      • Description: Tax ID associated with the profile (maximum 9 characters).
      • Required: Yes
    • userName:
      • Type: String
      • Description: Internet Banking Profile username (maximum 16 characters).
      • Required: Yes
    • firstAccountNumber:
      • Type: Number
      • Description: Account number displayed first on login (maximum 9 characters).
      • Required: Yes
    • activeUser:
      • Type: Boolean
      • Description: Is profile active? (true/false).
      • Required: Optional
    • dateActivated:
      • Type: Date (MM/DD/CCYY)
      • Description: Profile activation date. API populates current system date if not included.
      • Required: Optional
    • disabled:
      • Type: Boolean
      • Description: Is profile disabled? (true/false).
      • Required: Optional
    • reasonDisabled:
      • Type: String
      • Description: Reason profile was disabled (maximum 80 characters).
      • Required: Optional
    • mobileUser:
      • Type: Boolean
      • Description: Is profile a mobile account user? (true/false).
      • Required: Optional
    • requirePasswordChange:
      • Type: Boolean
      • Description: Is password required to be changed upon login? (true/false).
      • Required: Optional
    • contacts:
      • Type: List (of contacts objects)
      • Description: List of security contacts. Used for “forgot password” and other security features.
      • Required: Yes
      • Contacts Object Attributes:
        • label:
          • Type: String
          • Description: Label for email contact (e.g., “personal”, “work”) (maximum 20 characters).
          • Required: Yes
        • address:
          • Type: String
          • Description: Email address (maximum 128 characters).
          • Required: Yes
        • sequenceNumber:
          • Type: Number
          • Description: FLEX assigned sequence number. If included, start at 1 (maximum 2 characters).
          • Required: Optional
  • Example JSON Body:
    {
      “recordCode”: “A”,
      “ssn”: 454110001,
      “userName”: “Pore12146”,
      “firstAccountNumber”: 12146,
      “activeUser”: true,
      “dateActivated”: “06/04/2021”,
      “disabled”: false,
      “reasonDisabled”: “”,
      “mobileUser”: false,
      “requirePasswordChange”: true,
      “contacts”: [
        {
          “label”: “Main Email”,
          “address”: “robert.tporemski@testgmail.com”,
          “sequenceNumber”: 1
        }
      ]
    }

  • Response Attribute:
    • success:
      • Type: Boolean
      • Description: Indicates if the request was successful (true) or failed (false/exception).
  • Sample Success Response:
    {
      “success”: true
    }

3.5. Add Additional Security Contacts to Internet Banking Profile

This endpoint adds additional security contacts to an existing Internet Banking Profile. This information is used for password resets and other security options.

  • Method: POST
  • REST URL: https://{URL_ADDRESS}/api/ftuser/username/{USER_NAME}/addcontact?tellerID={TELLER_ID}&workstation={WORKSTATION_ID}
  • Request Parameters (URL):
    • {USER_NAME}:
      • Type: String
      • Description: Username for the contact (maximum 16 characters).
      • Required: Yes
    • tellerID:
      • Type: String
      • Description: Teller ID involved (maximum 4 characters).
      • Required: Optional
    • workstation:
      • Type: String
      • Description: Workstation ID involved (maximum 10 characters).
      • Required: Optional
  • JSON Body Attributes:
    • label:
      • Type: String
      • Description: Label for email contact (e.g., “personal”, “work”) (maximum 20 characters).
      • Required: Yes
    • emailAddress:
      • Type: String
      • Description: Email address (maximum 128 characters).
      • Required: Yes
  • Example Request URL: https://example.com/api/ftuser/username/jsmith/addcontact?tellerID=9898&workstation=QQ
  • Example JSON Body:
    {
      “label”: “test2”,
      “emailAddress”: “test2@test.com”
    }

  • Response Attribute:
    • success:
      • Type: Boolean
      • Description: Indicates if the request was successful (true) or failed (false/exception).
  • Sample Success Response:
    {
      “success”: true
    }

3.6. Reactivate Disabled Internet Banking Profile

This endpoint reactivates a previously disabled Internet Banking Profile.

  • Method: POST
  • REST URL: https://{URL_ADDRESS}/api/ftuser/username/{USER_NAME}/reactivate?tellerID={TELLER_ID}&workstation={WORKSTATION_ID}
  • Request JSON Body: Requires an empty JSON Body {}.
  • Request Parameters (URL):
    • {USER_NAME}:
      • Type: String
      • Description: Username for the request (maximum 16 characters).
      • Required: Yes
    • tellerID:
      • Type: String
      • Description: Teller ID for the request (maximum 4 characters).
      • Required: Optional
    • workstation:
      • Type: String
      • Description: Workstation ID for the request (maximum 10 characters).
      • Required: Optional
  • Example Request URL: https://example.com/api/ftuser/username/jsmith/reactivate?tellerID=A4G2&workstation=AZ
  • Example JSON Body: {}
  • Response Attribute:
    • success:
      • Type: Boolean
      • Description: Indicates if the request was successful (true) or failed (false/exception).
  • Sample Success Response:
    {
      “success”: true
    }

  • Error Handling: If the service responds with “Unable to find the user,” review the request value.

3.7. Clear High-Risk Security for Internet Banking Profile

This endpoint resets an individual’s challenge question, secret image, or secret words, but does not reactivate the Internet Banking profile.

  • Method: POST
  • REST URL: https://{URL_ADDRESS}/api/ftuser/username/{USER_NAME}/resetsecurity?tellerID={TELLER_ID}&workstation={WORKSTATION_ID}
  • Request JSON Body: Requires an empty JSON Body {}.
  • Request Parameters (URL):
    • {USER_NAME}:
      • Type: String
      • Description: Username for the request (maximum 16 characters).
      • Required: Yes
    • tellerID:
      • Type: String
      • Description: Teller ID for the request (maximum 4 characters).
      • Required: Optional
    • workstation:
      • Type: String
      • Description: Workstation ID for the request (maximum 10 characters).
      • Required: Optional
  • Example Request URL: https://example.com/api/ftuser/username/jsmith/resetsecurity?tellerID=A4G2&workstation=AZ
  • Example JSON Body: {}
  • Response Attribute:
    • success:
      • Type: Boolean
      • Description: Indicates if the request was successful (true) or failed (false/exception).
  • Sample Success Response:
    {
      “success”: true
    }

3.8. Reset High-Risk Security and Reactivate Profile

This endpoint resets an individual’s challenge question, secret image, or secret words, and reactivates the Internet Banking Profile.

  • Method: POST
  • REST URL: https://{URL_ADDRESS}/api/ftuser/username/{USER_NAME}/reset?tellerID={TELLER_ID}&workstation={WORKSTATION_ID}
  • Request JSON Body: Requires an empty JSON Body {}.
  • Request Parameters (URL):
    • {USER_NAME}:
      • Type: String
      • Description: Username for the request (maximum 16 characters).
      • Required: Yes
    • tellerID:
      • Type: String
      • Description: Teller ID for the request (maximum 4 characters).
      • Required: Optional
    • workstation:
      • Type: String
      • Description: Workstation ID for the request (maximum 10 characters).
      • Required: Optional
  • Example Request URL: https://example.com/api/ftuser/username/jsmith/reset?tellerID=A4G2&workstation=AZ
  • Example JSON Body: {}
  • Response Attribute:
    • success:
      • Type: Boolean
      • Description: Indicates if the request was successful (true) or failed (false/exception).
  • Sample Success Response:
    {
      “success”: true
    }

3.9. Force Password Change for Internet Banking Profile

This endpoint forces an Internet Banking password change. The profile must have a security contact before a password can be successfully reset.

  • Method: POST
  • REST URL: https://{URL_ADDRESS}/api/ftuser/modifyPassword?tellerID={TELLER_ID}&workstation={WORKSTATION_ID}
  • Request Parameters (URL):
    • tellerID:
      • Type: String
      • Description: User/Teller ID involved in password change (maximum 4 characters).
      • Required: Optional
    • workstation:
      • Type: String
      • Description: Workstation ID involved in password change (maximum 10 characters).
      • Required: Optional
  • JSON Body Attributes:
    • username:
      • Type: String
      • Description: Username involved in password change (case sensitive, maximum 16 characters).
      • Required: Yes
    • currentPassword:
      • Type: String
      • Description: Current password to be changed (maximum 128 characters).
      • Required: Yes
    • newPassword:
      • Type: String
      • Description: Password to replace current password (maximum 128 characters).
      • Required: Yes
  • Example JSON Body:
    {
      “username”: “Pwalker”,
      “currentPassword”: “FasterDriver@5252”,
      “newPassword”: “FasterDriver@8989”,
      “allowPasswordToExpire”: false,
      “provideExpirationWarning”: false,
      “passwordDaysToNotify”: 10,
      “passwordExpirationInterval”: 90
    }

  • Response Attribute:
    • success:
      • Type: Boolean
      • Description: Indicates if the request was successful (true) or failed (false/exception).
  • Sample Success Response:
    {
      “success”: true
    }

3.10. Replace an Internet Banking Password

This endpoint replaces a Member’s current password when their current password is unknown.

  • Method: POST
  • REST URL: https://{BASE_URL}/api/ftuser/replacePassword?tellerID={TELLER_ID}&workstation={WORKSTATION_ID}
  • Request Parameters (URL):
    • tellerID:
      • Type: String
      • Description: User/Teller ID involved in password change (maximum 4 characters).
      • Required: Optional
    • workstation:
      • Type: String
      • Description: Workstation ID involved in password change (maximum 10 characters).
      • Required: Optional
  • JSON Body Attributes:
    • username:
      • Type: String
      • Description: Username involved in password change (maximum 16 characters).
      • Required: Yes
    • newPassword:
      • Type: String
      • Description: Password to replace the current password (maximum 128 characters).
      • Required: Yes
  • Example JSON Body:
    {
      “username”: “jsmith”,
      “newPassword”: “test123@password”
    }

  • Response Attribute:
    • success:
      • Type: Boolean
      • Description: Indicates if the request was successful (true) or failed (false/exception).
  • Sample Success Response:
    {
      “success”: true
    }

4. Object References

4.1. ftuser and ftusers Objects

These objects are used in responses for retrieving Internet Banking Profile information.

  • recordCode:
    • Type: String
    • Description: Indicates if profile is Account Based (‘A’) or User Based (any other code or blank).
    • Max Characters: 1
  • ssn:
    • Type: String
    • Description: Tax ID associated with Internet Banking Profile.
    • Max Characters: 9
  • userName:
    • Type: String
    • Description: Internet Banking Profile username.
    • Max Characters: 16
  • firstAccountNumber:
    • Type: Number
    • Description: Account number displayed first when user logs in. For User Based, any accessible account. For Account Based, Primary account number.
    • Max Characters: 9
  • activeUser:
    • Type: Boolean
    • Description: Is Internet Banking Profile considered active? (true/false). Internal credit union tracking field.
  • dateActivated:
    • Type: Date (MM/DD/CCYY)
    • Description: Profile activation date.
  • disabled:
    • Type: Boolean
    • Description: Is profile considered disabled? (true/false).
  • reasonDisabled:
    • Type: String
    • Description: Reason profile was disabled.
    • Max Characters: 80
  • dateDisabled:
    • Type: Date (MM/DD/CCYY)
    • Description: Profile disabled date.
  • mobileUser:
    • Type: Boolean
    • Description: Is Internet Banking Profile a mobile account user? (true/false).
  • contacts:
    • Type: List of contacts objects
    • Description: List of security contacts for Internet Banking Profile. Used with “forgot password” and other security features.

4.2. contacts Object (within ftuser/ftusers and for Add Contact)

This object defines contact information for security purposes.

  • label:
    • Type: String
    • Description: Label for email contact (e.g., “personal”, “work”).
    • Max Characters: 20
  • address:
    • Type: String
    • Description: Email address.
    • Max Characters: 128
  • sequenceNumber:
    • Type: Number
    • Description: FLEX assigned sequence number associated with an email contact record.
    • Max Characters: 2

5. HTTPS Status Code 500 Error Messages (FLEX Validation Checks)

FLEX provides additional information in 500 HTTP Status Code errors to assist with troubleshooting. These errors often occur due to invalid attribute values, missing values, or values not present in the credit union’s database configuration.

  • “message”: “Not authorized to replace passwords.”
    • Cause: The Teller ID used in the request is not authorized to maintain Internet Banking passwords.
    • Resolution: Adjust the teller’s authorization in FLEX (under the FTPSWD Security Program Profile), or use a different authorized Teller ID.
  • “message”: “Internal server error – Unable to find user”
    • Cause: The username provided in the request is invalid or does not exist in the database.
    • Resolution: Verify the username and resubmit the request.
  • “message”: “The value provided for the current password is incorrect.”
    • Cause: The currentPassword value in Replace or Force password change requests is incorrect.
    • Resolution: Provide the correct current password.
  • “Username {username} is already being used”
    • Cause: Attempting to create a profile with a username that already exists in the credit union database.
    • Resolution: Provide a different, unique username.
  • “message”: “No profiles found with that SSN”
    • Cause: Internet Banking Profile search by Tax ID yielded no results due to an invalid Tax ID.
    • Resolution: Review the Tax ID value and resubmit the request.
  • “message”: “Account number must be greater than zero”
    • Cause: When creating an Internet Banking Profile, the firstAccountNumber attribute is set to zero.
    • Resolution: Enter a valid, existing account number for the credit union Member.
  • “message”: “Contact label is required”
    • Cause: When adding an Internet Banking Profile or an additional security profile, the label attribute is missing under the contacts object.
    • Resolution: Provide a label for the contact (e.g., “personal”, “work”).
  • “message”: “Contact address is required”
    • Cause: When adding an Internet Banking Profile, the address attribute is missing under the contacts object.
    • Resolution: Provide the contact’s email address.
  • “Please provide a valid email address”
    • Cause: When adding a profile contact, the emailAddress attribute is missing in the request JSON data.
    • Resolution: Provide a valid email address.
  • “message”: “A matching email address already exists for this user”
    • Cause: Attempting to add a profile contact with an email address that already exists for the profile user.
    • Resolution: Provide a different email address.