OAuth refresh strategies

Preemptively refresh authorization

You set up a cron job that runs in the background every hour to refresh each user account’s OAuth access token. Refreshing authorization would happen behind the scenes as a backend process. You would first query your database for tokens that are about to expire, make a POST request to refresh authorization, and update your database to include the newly refreshed token pair. Note: Be prepared to handle errors gracefully while the cron job is running.

Node.JS Example

var cron = require('cron');
var cronJob = cron.job("0 */55 * * * *", function() {
        where: {
            dwolla_id: '812-196-0757' //query user in database
    }).then(function(user) {
        if (user) { //If user exists in database
            var refreshToken = user.dwolla_refresh; //grab the existing stored refresh token
            Dwolla.refreshAuth(refreshToken, function(error, auth) { //pass refresh token into refreshAuth request
                if (error) {
                    return console.log(error);
                    dwolla_refresh: auth.refresh_token //From response, set new refresh token in database
                }).success(function() {
        } else {
          console.log("user does not exist");
    catch (function(err) {
    })'cron job completed');

Financial institutions play an important role in the Dwolla network.

Dwolla, Inc. is an agent of Veridian Credit Union and Compass Bank and all funds associated with your account in the Dwolla network are held in pooled accounts at Veridian Credit Union and Compass Bank. These funds are not eligible for individual insurance, including FDIC insurance and may not be eligible for share insurance by the National Credit Union Share Insurance Fund. Dwolla, Inc. is the operator of a software platform that communicates user instructions for funds transfers to Veridian Credit Union and Compass Bank.