Dwolla Developers Logo
API Reference
  • SDK Support
    Drop-in Components
    OverviewApplication authorization
    Knowledge-based Authentication (KBA)
    Beneficial Owners
    Funding Sources
    Mass payments
    Webhook subscriptions
CommunityOpen in new tabChangelog
Get API Keys
CommunityOpen in new tabChangelog
Get API Keys

Application authorization #

The client credentials flow is the simplest OAuth 2 grant, with a server-to-server exchange of your application's client_id, client_secret for an OAuth application access token. In order to execute this flow, your application will send a POST requests with the Authorization header that contains the word Basic followed by a space and a base64-encoded string client_id:client_secret.

Authorization: Basic Base64(client_id:client_secret)

HTTP request

Production: POST https://api.dwolla.com/token

Sandbox: POST https://api-sandbox.dwolla.com/token

Including the Content-Type: application/x-www-form-urlencoded header, the request is sent to the token endpoint with grant_type=client_credentials in the body of the request:

Request parameters

ParameterRequiredTypeDescriptionclient_idyesstringApplication key. Navigate to https://dashboard.dwolla.com/applications (production) or https://dashboard-sandbox.dwolla.com/applications-legacy (Sandbox) for your application key.client_secretyesstringApplication secret. Navigate to https://dashboard.dwolla.com/applications (production) or https://dashboard-sandbox.dwolla.com/applications-legacy (Sandbox) for your application secret.grant_typeyesstringThis must be set to client_credentials.

Response parameters

ParameterDescriptionaccess_tokenA new access token that is used to authenticate against resources that belong to the app itself.expires_inThe lifetime of the access token, in seconds. Default is 3600.token_typeAlways bearer.


// Using DwollaV2 - https://github.com/Dwolla/dwolla-v2-node
// This example assumes you've already initialized the client. Reference the SDKs page for more information: https://developers.dwolla.com/sdks-tools
  .then(function (appToken) {
    return appToken.get("/");
  .then(function (res) {

Successful response

  "access_token": "SF8Vxx6H644lekdVKAAHFnqRCFy8WGqltzitpii6w2MVaZp1Nw",
  "token_type": "bearer",
  "expires_in": 3600

Test in the Sandbox for free today.

Use sandbox environment to test API requests.

Get API Keys
2021 All Rights Reserved


  • About
  • Blog
  • Pricing
  • Contact Sales
  • Terms of Service
  • Privacy Policy
Financial institutions play an important role in our network.

Dwolla, Inc. is the operator of a software platform that communicates user instructions for funds transfers to our financial institution partners.

Dwolla is an agent of Veridian Credit Union. All ACH and Wire transfers are performed by Veridian Credit Union. Your Dwolla Balance, if any, is held in one or more pooled holding accounts held by Veridian Credit Union. These funds may not be eligible for share insurance by the National Credit Union Share Insurance Fund.

Sponsorship and Settlement of Push-to-Debit payment services provided by MetaBank®, N.A.
Push-to-Debit payments are typically available within 30 minutes.

Real-Time Payments are performed by Cross River Bank, which holds funds on behalf of the Receiver of such transactions in one or more pooled custodial accounts. These funds are not subject to FDIC pass-through deposit insurance.