Unofficial Python client for the Netspend internal API.
Netspend has no public API and no support for Plaid, Mint, or any third-party aggregator. Millions of people use Netspend prepaid cards — mostly for direct deposit of government benefits — with no programmatic access to their own transaction data.
This library fills that gap. The API endpoints were discovered by capturing traffic from the Netspend web app using mitmproxy.
Note: This accesses your own account data. Use it responsibly and only for your own account.
- Fetch monthly statements (all posted transactions)
- Fetch pending transactions
- Authenticate directly (no browser required once you have the device fingerprint)
pip install requestsNo package installation yet — just copy netspend.py into your project.
from netspend import NetspendClient
client = NetspendClient("your-token-here")
# Fetch April 2026 statement
stmt = client.get_statement(2026, 4)
for t in stmt["transactions"]:
amt = t["amount"] / 100
print(f"{t['date'][:10]} {'+'if t['credit'] else '-'}${amt:.2f} {t['memo']}")
# Fetch pending
pending = client.get_pending()
# Convenience: last 2 months + pending, normalized and sorted
txns = client.get_transactions(months_back=2)Netspend tokens expire every few days. There are two ways to get one.
- Install mitmproxy:
pip install mitmproxy - Start the proxy:
mitmproxy --listen-port 8080 - Configure your browser to use
localhost:8080as an HTTP/S proxy - Install the mitmproxy CA certificate in your browser
- Log in to app.netspend.com
- In mitmproxy, search for
profile-api/login— the response body contains your token:{"token": "abc123...", "ooba_required": false} - Copy the token and the
device_fingerprintfrom the request body
from netspend import login, OOBARequired
# device_fingerprint: captured once via mitmproxy (see above)
DEVICE_FP = "0400..." # your captured fingerprint
try:
token = login("your_username", "your_password", DEVICE_FP)
print("Token:", token)
except OOBARequired as e:
# Netspend sent a one-time code to your phone or email
from netspend import verify_ooba
code = input("Enter one-time code: ")
token = verify_ooba(e.partial_token, code)
print("Token:", token)The device_fingerprint is a browser fingerprint generated by Netspend's
frontend. You capture it once via mitmproxy (it's in the login POST request body).
The same fingerprint can be reused across sessions — Netspend uses it for
fraud scoring, not hard validation. If it becomes stale, capture a fresh one.
Authenticate and return a token. Raises OOBARequired if a one-time code is needed.
Complete login after receiving a one-time code.
Returns a statement dict:
{
"transactions": [
{
"date": "04-01-2026 12:34:56 +0000",
"amount": 2345, # cents, always positive
"credit": True, # True = money in, False = money out
"running_balance": 43688, # cents
"memo": "DIRECT DEP"
},
...
],
"balance": {
"ending": 43688 # cents
}
}Same structure as get_statement().
Convenience method. Returns a flat sorted list of normalized dicts:
{
"ts": "2026-04-01T12:34:56Z",
"amount": 23.45, # dollars, positive = credit, negative = debit
"balance": 436.88, # dollars
"memo": "DIRECT DEP",
"credit": True,
"pending": False
}| Method | URL | Description |
|---|---|---|
| POST | https://www.netspend.com/profile-api/login |
Authenticate |
| GET | https://app.netspend.com/webapi/v1/statement/debit/{year}/{month} |
Monthly statement |
| GET | https://app.netspend.com/webapi/v1/transactions/debit/pending |
Pending transactions |
x-ns-client: app=spectrum; platform=web; brand=netspend; platformType=web; version=oac-v2.2.3; distributor=walgreens
x-ns-variant: variant://app.netspend.com
X-Ns-Access_token: {your-token}
{
"username": "your_username",
"password": "your_password",
"auth_type": "password",
"device_fingerprint": "0400..."
}This is an unofficial, community-developed tool. It is not affiliated with or endorsed by Netspend or its parent company. The API endpoints are internal and may change without notice. Use it to access your own account data only.