OAuth refresh strategies

Best practices

You should be able to deal with scenarios where a token is invalid even if you assume it is valid—e.g., if a user account revokes access to your application on Check that the error is “Invalid access token” and that you are correctly passing in your token when calling Dwolla before requesting a new access/refresh token from Dwolla.

  • Consider possible race conditions where multiple threads attempt to use the same refresh token at the same time. In this case, one thread will succeed and cause the other thread’s request to fail.
  • Make sure you know the difference between a generic error and “Expired access token”. Be prepared to catch an expired access token error and refresh if needed.
  • Handle timeouts and non-successful requests to Dwolla.
  • If refreshing authorization for many accounts at the same time, it’s important that you make each request sequentially instead of all at once. For instance, if you attempt 10,000 refresh token requests at the same time, you’ll get responses, but many will result in timeouts, which mean you won’t know what the new access token and refresh token are.

Financial institutions play an important role in the Dwolla network.

Dwolla, Inc. is an agent of Veridian Credit Union and Compass Bank and all funds associated with your account in the Dwolla network are held in pooled accounts at Veridian Credit Union and Compass Bank. These funds are not eligible for individual insurance, including FDIC insurance and may not be eligible for share insurance by the National Credit Union Share Insurance Fund. Dwolla, Inc. is the operator of a software platform that communicates user instructions for funds transfers to Veridian Credit Union and Compass Bank.