• SDK Support
    Drop-in Components
    Root
    Accounts
    Customers
    Knowledge-based Authentication (KBA)
    Beneficial Owners
    Documents
    Funding Sources
    Transfers
    Mass payments
    Labels
    Events
    Webhook subscriptions
    Webhooks

Application authorization #

The client credentials flow is the simplest OAuth 2 grant, with a server-to-server exchange of your application's client_id, client_secret for an OAuth application access token. In order to execute this flow, your application will send a POST requests with the Authorization header that contains the word Basic followed by a space and a base64-encoded string client_id:client_secret.

Authorization: Basic Base64(client_id:client_secret)

HTTP request #

Production: POST https://api.dwolla.com/token

Sandbox: POST https://api-sandbox.dwolla.com/token

Including the Content-Type: application/x-www-form-urlencoded header, the request is sent to the token endpoint with grant_type=client_credentials in the body of the request:

Request parameters #

ParameterRequiredTypeDescriptionclient_idyesstringApplication key. Navigate to https://dashboard.dwolla.com/applications (production) or https://dashboard-sandbox.dwolla.com/applications-legacy (Sandbox) for your application key.client_secretyesstringApplication secret. Navigate to https://dashboard.dwolla.com/applications (production) or https://dashboard-sandbox.dwolla.com/applications-legacy (Sandbox) for your application secret.grant_typeyesstringThis must be set to client_credentials.

Response parameters

ParameterDescriptionaccess_tokenA new access token that is used to authenticate against resources that belong to the app itself.expires_inThe lifetime of the access token, in seconds. Default is 3600.token_typeAlways bearer.

Request

JavaScript
// Using DwollaV2 - https://github.com/Dwolla/dwolla-v2-node
// This example assumes you've already initialized the client. Reference the SDKs page for more information: https://developers.dwolla.com/sdks-tools
client.auth
  .client()
  .then(function (appToken) {
    return appToken.get("/");
  })
  .then(function (res) {
    console.log(JSON.stringify(res.body));
  });

Successful response

bash
{
  "access_token": "SF8Vxx6H644lekdVKAAHFnqRCFy8WGqltzitpii6w2MVaZp1Nw",
  "token_type": "bearer",
  "expires_in": 3600
}

Test in the Sandbox for free today.

Use sandbox environment to test API requests.

Get API Keys
2022 All Rights Reserved
Financial institutions play an important role in our network.

All funds transfers made using the Dwolla Platform are performed by a financial institution partner, and any funds held in a Dwolla Balance are held by a financial institution partner. Learn more about our financial institution partners.