Changelog

ADDED

• Verification Directives for Business Verified Customers:

  • The API returns detailed Verification Directives in the _embedded.errors array of the Retrieve a Customer response for Business Verified Customers. These directives provide actionable guidance and relevant links to help resolve verification issues. See the new Understanding Verification Directives section in the Business Verified Customer guide.

• New and Updated Webhooks:

  • Introduced and documented new webhook topics to better reflect the Business Verified Customer verification lifecycle, including:
    • customer_verification_pending_review
    • customer_address_verification_failed
    • (and updates to existing webhooks such as customer_verified, customer_verification_document_needed, customer_reverification_needed and customer_suspended)

• Expanded Testing Capabilities:

  • Added documentation and examples for simulating verification directives in the Sandbox using the /sandbox-simulations endpoint. See the Sandbox testing guide for details on how to test these scenarios and webhook events.

ADDED

• New Open Banking Provider: Dwolla Balance now supports Plaid as an Open Banking provider for bank account verification and balance checks.

Updated API Endpoints and new webhooks:

To facilitate Open Banking integration with Plaid, we’ve updated three API endpoints and added new webhook events:

• /customers//exchange-sessions (POST): Updated API endpoint to support Plaid as a provider.
• /exchange-sessions/ (GET): Added new atrribute externalProviderSessionToken to the response to accommodate Plaid-specific information, such as Plaid link token.
• /customers//exchanges: Modified to include a plaid JSON object containing a Plaid publicToken.
• Introduced new webhook customer_exchange_reauth_required, an exchange related event specific to Plaid. This webhook will be triggered when a user’s bank connection has been interrupted or is requiring re-authentication in order to ensure continued access to the user’s financial data.

CHANGED

Description:

• Multiple Redirect URLs: You can now configure multiple redirect URLs for your exchange sessions, providing more flexibility in your integration.
• Required Redirect URL: A redirect URL is now required when creating an exchange session to ensure proper validation and security.

Changes:

• The endpoint for creating an exchange session now requires a redirect url parameter, which is a single URL that is already configured with Dwolla API docs.
• The validation process for redirect URLs has been enhanced to ensure they meet security standards and are accessible. The exchange sessions API endpoint will return an HTTP 400 ValidationError with an Invalid code and message of The provided redirect URL must exactly match one of the configured URLs for the account.
• Refer to the developer documentation for detailed usage instructions and API reference Docs.

ADDED

• Added support for retrieving real-time bank balance information using Dwolla’s Open Banking solution. Businesses can now verify the current balance of a user’s bank account before initiating ACH payments. This feature helps mitigate the risk of insufficient funds and improves payment processing efficiency.

Updated API Endpoint:

To facilitate retrieving the bank balance, we’ve updated an API endpoint to support a new schema for bank balances:

• /funding-sources/id/balance (GET): This API endpoint will return a JSON response containing the balance amount, currency, available balance, closing balance, and last updated timestamp. Refer to the developer documentation for detailed usage instructions and API reference.

ADDED

• Dwolla Balance and Connect now supports Open Banking, a secure and standardized approach for accessing financial data from various financial institutions. This empowers your application to connect directly with a user’s bank through trusted partners like Visa and MX, enabling a seamless Instant Account Verification experience.

New API Endpoints:

To facilitate Open Banking integration, we’ve introduced two new API endpoints:

• /customers/id/exchange-sessions (POST) & /external-parties/id/exchange-sessions (POST): These API endpoints allow you to initiate an exchange session for a specific customer or external party. The exchange session establishes a connection with a chosen Open Banking partner (e.g., Visa or MX) to initiate the Instant Account Verification process.
• /exchange-sessions/id (GET): Use this endpoint to retrieve the URL associated with an initiated exchange session which is used to handle the IAV process.

ADDED

• Added a new retry-with-full-ssn link to the Customer resource. This link appears whenever retry information is required for the Controller in order to verify the business verified Customer.
• Check out our Developer documentation for more information.

SUNSET

• Dwolla has retired the dwolla.js library, which supported adding an unverified bank funding source. Check out the official announcement.
• The legacy dwolla.js has been replaced with functionality that has been added to our Drop-in Components library. This library will serve as our primary web UI components library and offer an enhanced developer experience. Please refer to our migration guide for more details, including alternative solutions.
• The following API endpoints are removed as part of the sunset: /customers/{id}/iav-token and /customers/{id}/funding-sources-token.

DEPRECATED

• Dwolla has discontinued support for the Push-to-Debit product feature, which was powered by dwolla-cards.js. Includes removal of card related webhooks as well as the funding source type for cards to support Push-to-Debit payments.

ADDED

• Added a new third-party data provider, Flinks, to Dwolla’s Secure Exchange solution.

DEPRECATED

• Dwolla has discontinued support for the Instant Account Verification (IAV) product, which was powered by Dwolla.js.
• As alternative bank account verification options, we recommend utilizing one of our integrated third-party data providers — Finicity or MX via our Secure Exchange, or Plaid.

ADDED

• Added support for including facilitator fees when creating transfers from Verified Customer’s Bank into their Dwolla balance. Previously, fees could only be applied to transactions between two parties.

ADDED

• Added the correlationId attribute to the webhook payload for transfer related webhooks if a value was specified on transfer creation.

ADDED

• Added new API endpoints for Exchanges and Exchange Partners with the release of the Secure Exchange solution. The Secure Exchange solution connects clients with integrated ecosystem partners to seamlessly share data and initiate account-to-account payments.

ADDED

• Added a new document failure reason, ForeignPassportNotAllowed, for when a foreign passport is uploaded for Personal Verified Customers. Foreign passports are still accepted when uploaded for Business Controllers or Beneficial Owners.

ADDED

• Added volume-based rate limits for all Dwolla API endpoints. To learn more, check out our Rate Limits section under API Reference.

ADDED

• Added a new document failure reason, ScanIdUnrecognized, for both business and personal customers.

ADDED

• Added a new documentVerificationStatus field to the document resource. This field indicates the status of the document after it has been reviewed by Dwolla. Possible values include pending, accepted and rejected.
• Check out our Developer documentation for more information and an example API response.

ADDED

• Added a new upload-dba-document link to the Customer resource. This link appears whenever a DBA (Doing Business As) document is required from the Customer to verify their business.
• Added an _embedded object to the Customer resource which contains a list of errors related to getting the Customer verified. The _embedded object appears whenever the Customer is in retry or document.
• Check out our Developer documentation for more information.

ADDED

• Added client-side form validation to the Add a Debit Card form in dwolla-cards.js. This enables the form to display helpful error messages to the user whenever they enter invalid data.

ADDED

• Added new Business document failure reasons to the API - BusinessDocNotSupported, BusinessNameMismatch, BusinessTypeMismatch.
• Updated failure descriptions for ScanFailedOther and ScanNameMismatch to provide more details about the failure reason.
• Check out our Developer documentation.

ADDED

• Added Drop-in component for adding Beneficial Owners. This pre-built UI component provides a low-code solution for assisting with onboarding business Verified Customers within your application. Learn more about Drop-in components in our documentation and check out our guide on building with Drop-in components.

ADDED

• Added support for creating access-tokens and client-tokens in the dwolla-swagger-php SDK. Check it out on Github.

ADDED

• Added Drop-in components. These are pre-built UI components that provide a low-code solution for integrating parts of the Dwolla API into your application. Learn more about Drop-in components in our documentation and check out our guide on building with Drop-in components.

ADDED

• Added support for simulating document status for Business Verified Customers in Sandbox. Check out our Testing in the Sandbox guide to learn more.

ADDED

• Added a new funding source type for cards to support Push-to-Debit payments.
• Sunset Notice: Push-to-Debit was sunset on 2023-05-31.

UPDATED

• Updated the List of possible return codes, descriptions, and actions table with a new column for determining if certain ACH return codes cause a Funding Source with a verified status to become unverified.

CHANGED/ADDED

• Removed support for uploading personal identification documents in the file format of .pdf. A validation error will be returned with a code of "Invalid" and a message of "Invalid file type".

CHANGED/ADDED

• Removed support for uploading duplicate documents for a Customer in document status. If a request to upload a duplicate document is sent, it will fail with a validation error response that includes a link to the existing uploaded document for the Customer.

ADDED

• Added a new Knowledge-based Authentication (KBA) resource to the API.
• KBA is a component of verifying the identity of Personal Verified Customers.
• Head over to our API Docs or check out our blog post to learn more.

ADDED

• Added support for including the clearing JSON object when creating a mass payment.
• The clearing object allows for the clearing time of individual mass payment items to be upgraded or downgraded from the default ACH processing time.
• Head over to our API Docs to learn more.

CHANGED

• Added a new JSON object called allFailureReasons to the Document resource, which helps with further identifying the reason for the rejection of an identity verification document uploaded for a Verified Customer.
• Check out our Developer documentation.

CHANGED

• Updated the me-to-me funds flow to support creating transfers between two banks of a Customer with a single transfer request.
• Check out our Resource Article to learn more.

ADDED

• Added a new Kotlin SDK.
• Check it out on our Github for more information and to provide feedback.

ADDED

• Added a new total attribute to the Balance object in the API.
• Introducing total and available balance amounts for a Dwolla Balance.
• Head over to our API Docs or check out our resource article to learn more.

ADDED

• Added a new Labels resource to the API.
• A Label represents a designated portion of funds within a Verified Customer’s balance.
• Head over to our API Docs or check out our blog post to learn more.

ADDED

• Added a new attribute called traceId to the achDetails object within the Transfer resource, which helps with further identifying a transfer to/from a user’s bank account. Jump to our API Docs.

UPDATED

• Dwolla allows an application to request an access token using its Client Id and Client Secret by leveraging the Client Credentials OAuth grant type. Access tokens are used to make requests to the Dwolla API on behalf of an application and its users (customers).
• Previously, applications made a call to https://www.dwolla.com/oauth/v2/token and specified the application/x-www-form-urlencoded Content-Type header, passing their client credentials (App Key and App Secret) through the body of the HTTP message sent to Dwolla.
• With this update, the token URL as well as the manner in which an application’s client credentials are sent to Dwolla, will change to be inline with OAuth spec.
• The new Dwolla token exchange endpoint is https://api.dwolla.com/token
• Reference our API Reference Docs to learn more.

DEPRECATED

• Dwolla has discontinued support for the v1 API and Transfer API
• Learn more on our blog post for more information.

ADDED

• Addenda support–The addenda record is used to provide additional information to the payment recipient about the payment. This value will be passed in a transfer request and can be exposed on your user’s bank statement. Addenda records provide a unique opportunity to supply your users with more information about their transactions.
• Learn more on our blog post.

DEPRECATED

• Dwolla has discontinued support for TLS 1.0 and TLS 1.1.
• Learn more on our blog post.

UPDATED

• Dwolla has discontinued support for .tif file upload.

**UPDATED/ADDED

• New webhook funding_source_negative and customer_funding_source_negative
• Jump to our dev docs.

UPDATED - SDK - C#

• New version of C# SDK.
• Breaking changes:
• DwollaClient no longer throws on API errors, they should be properly deserialized into RestResponse.Error instead.
• DwollaException, RestException, and RestResponse.Exception are removed.
• Use EmptyResponse instead of object in DwollaClient interface.
• Check it out on our Github

CHANGED

• Change in verified business Customer creation flow across Platform. Check out our developer guide to learn how to create this Customer type within the new flow.
• In order to comply with United States Federal law, Dwolla also requires beneficial owners to be added to a Customer. Read our blog post to learn more about why we need to comply with US customer due diligence rules.

CHANGED

• Verified business Customers creation flow has changed in sandbox. Check out our developer guide to learn how to create this Customer type within the new flow.
• In order to comply with United States Federal law, Dwolla also requires beneficial owners to be added to a Customer. Read our blog post to learn more about why we need to comply with US customer due diligence rules.
• Please note that this change will go live in across platform on May 11th, 2018.

ADDED - Developer Guide

• Added a new Developer Guide that goes over the new business verified Customer creation flow with Dwolla.
• Click here to view the article

UPDATED/ADDED - Dev Docs update

• Updated Customer endpoints to reflect the new business verified Customer flow change.
• Added the new beneficial owners endpoints and webhooks.

UPDATED - Dev Docs update

• Added method and URL to Documents section

UPDATED - Developer Resources Article

• Changed screenshot to reflect the proper On-Demand Auth Language.

UPDATED - Developer Resources Article

• Updated transfer failures doc
• Updated verification handling doc

UPDATED - Dev Docs update

• Updated docs to reflect business name updates.

CHANGED

• Bank balance check functionality changing to be asynchronous and immediately return an HTTP 202. The response body for the 202 will contain a status relating to the processing of this request. Subsequent requests to this endpoint will return a 202 up until processing completes and then either return an HTTP 200 with the current balance or an HTTP 400 if there was an error (i.e. UnsupportedBank).

ADDED

• Added a new customer_balance_inquiry_completed event. Upon checking a Customer’s bank balance, Dwolla will immediately return an HTTP 202 with response body that includes a status of processing. This event will be triggered when the bank balance check has completed processing. To read more on how to trigger this event, check out our forum post.

ADDED

• Added a new customer_bank_transfer_creation_failed event. This event will be triggered when an attempt to initiate a transfer to a verified Customer’s bank was made, but failed. Transfers initiated to a verified Customer’s bank must pass through the verified Customer’s balance before being sent to a receiving bank. Dwolla will fail to create a transaction intended for a verified Customer’s bank if the funds available in the balance are less than the transfer amount. To read more on how to trigger this event, check out our forum post.

CHANGED/DEPRECATED

• Changing “uat” in the subdomain of public facing and API URLs with “sandbox”. Reference this blog post for more information.

ADDED

• Release support for a new (optional) backButton and subscriber options for IAV within dwolla.js. Note: Dwolla.js is a premium feature only available for Dwolla API customers.

DEPRECATED

• Removal of the Sandbox Console tool which exists at: https://sandbox-uat.dwolla.com/

ADDED

• Release support for a new clearing request parameter when initiating a transfer. Clearing is a JSON object that supports specifying same-day and standard ACH clearing per API request. Note: The clearing request parameter is a premium feature available for Dwolla API customers.

DEPRECATED

• Remove the scope attribute from the application access token response.

CHANGED

• Automatic pause of webhook subscriptions after 400 consecutive failed delivery attempts. Reference the API docs for more information.

CHANGED

• Change the phone request parameter from required to optional when creating a Customer.

ADDED

• Added a new bankName attribute to the funding source object that is returned when retrieving a funding source of type bank.

DEPRECATED

Remove the profileId request parameter from the Off-Site Gateway in API v1.

ADDED

• Release support for an optional Idempotency-Key header on requests to API v2.

CHANGED/DEPRECATED

• Change in functionality for removing a funding source in API v2. The method for removing a funding source changes from a DELETE to a POST with the need to supply {"removed": true} in the body of the request.
• A removed attribute is added to the funding source object.
• A removed querystring request parameter is supplied when listing an Account or Customer’s funding sources. By default, all funding sources are returned from the listing unless the removed request parameter is set to false.

DEPRECATED

• Removal of the description field in API v2 error responses. Replacing description with the message field which is a duplication of description.
• Removing the X-Request-Signature header from webhook requests. Replacing with a X-Request-Signature-SHA-256 header which is a SHA-256 HMAC hash of the request body with the key being your webhook secret.

ADDED

• Release endpoint in API v2: retrieve a list of business classifications for a Customer. POST /business-classifications
• Release endpoint in API v2: retrieve a business classification by it’s id for a Customer. POST /business-classifications/{id}
• Release business verified Customer creation in API v2.

ADDED

• Release endpoint in API v2: generate a funding sources token for a Customer. POST /customers/{id}/funding-sources-token
• Release endpoint in API v2: retrieve ACH transfer failure reason. GET /transfers/{id}failure

ADDED

• Release endpoint in API v2: generate an IAV token for a Customer. POST /customers/{id}/iav-token
• Release dwolla.js to the CDN. https://cdn.dwolla.com/1/dwolla.js

CHANGED

• Error changes - Introduce new message field in error response. Errors now include a profile link in the Content-Type header. Error responses with the top-level error code ValidationError will return an _embedded object containing a list of errors.

CHANGED

• OAuth redirect_uri must match the OAuth Redirect URL field set in Dwolla application’s settings.

ADDED

• Release endpoint in API v2: initiate or verify micro-deposits for bank verification. POST /funding-sources/{id}/micro-deposits