Get API Keys

Step 2: Using an access token #

Once your application obtains an access token, it can be used to access protected resources in the Dwolla API. If using an account access token, access to protected resources is limited to the scopes contained on an access token, and whether or not the token is valid (expired or revoked token).

Here is an example of an API request. Note that OAuth access tokens are passed via the Authorization HTTP header: Authorization: Bearer {access_token_here}

Content-Type: application/json
Accept: application/vnd.dwolla.v1.hal+json
Authorization: Bearer myApplicationAccessToken

    "url": "",
    "secret": "sshhhhhh"

... or ...

Accept: application/vnd.dwolla.v1.hal+json
Authorization: Bearer myApplicationAccesstoken

Assuming the access token is valid, the Dwolla API will return a success or error response. If the access token is expired or invalid, the API will return an HTTP 401 with either a InvalidAccessToken or ExpiredAccessToken error code. Learn more about making requests in our API docs.

Test in the Sandbox for free today.
Use sandbox environment to test API requests.
Get API Keys
2024 All Rights Reserved
Financial institutions play an important role in our network.

All funds transfers made using the Dwolla Platform are performed by a financial institution partner, and any funds held in a Dwolla Balance are held by a financial institution partner. Learn more about our financial institution partners.