403 error on IAV token generation


We were able to get an access token in sandbox, using a different account. Now our customer has given us access to their account and we cannot generate an IAV token with it in production.

Below is the relevant code. Note in some cases, variables have been replaced with their values and urls have been altered to get around forum rules:

//get access token
$basic_credentials = base64_encode($dwolla_ak_key.’:’.$dwolla_sk_key);
$ch = curl_init(“https:__www.dwolla.com/oauth/v2/token”);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic '.$basic_credentials, ‘Content-Type: application/x-www-form-urlencoded;charset=UTF-8’));
curl_setopt($ch, CURLOPT_POSTFIELDS, ‘grant_type=client_credentials’);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = json_decode(curl_exec($ch));
$token= $data->access_token;
DwollaSwagger\Configuration::$access_token = $token;

$apiClient = new DwollaSwagger\ApiClient("https:__api.dwolla.com");

//confirm can get info
$rootApi = new DwollaSwagger\RootApi($apiClient);
$root = $rootApi->root();
$accountUrl = $root->_links["account"]->href;

//try to get IAV token
$customersApi = new DwollaSwagger\CustomersApi($apiClient);
$myUrl =  "https:__api.dwolla.com/customers/fd45c19e-d0cd-40b9-92a3-1cbbeffc3e22";
$iavToken = $customersApi->getCustomerIavToken($myUrl);

Here is the resulting error:

Fatal error: Uncaught exception ‘DwollaSwagger\ApiException’ with message ‘[403] Error connecting to the API (https:__api.dwolla.com/customers/fd45c19e-d0cd-40b9-92a3-1cbbeffc3e22/iav-token)’ in ./inc/dwolla-swagger-php-master/lib/ApiClient.php:315
Stack trace:
#0 ./inc/dwolla-swagger-php-master/lib/CustomersApi.php(846): DwollaSwagger\ApiClient->callApi(’/customers/fd45…’, ‘POST’, Array, ‘’, Array, Array)
#1 ./templates/dwolla-view-admin.php(148): DwollaSwagger\CustomersApi->getCustomerIavToken(‘https://api.dwo…’)
#2 ./admin.php(284): include(’/var/www/client…’)
#3 {main}
thrown in ./inc/dwolla-swagger-php-master/lib/ApiClient.php on line 315


Here is some debug output:

> POST /customers/fd45c19e-d0cd-40b9-92a3-1cbbeffc3e22/iav-token HTTP/1.1

User-Agent: PHP-Swagger
Host: api.dwolla.com
Accept: application/vnd.dwolla.v1.hal+json
Content-Type: application/json
Authorization: Bearer token
Content-Length: 0

< HTTP/1.1 403 Forbidden
< Date: Fri, 07 Jun 2019 22:37:57 GMT
< Content-Type: application/vnd.dwolla.v1.hal+json; profile=“http://nocarrier.co.uk/profiles/vnd.error/
< Content-Length: 95
< Connection: keep-alive
< Set-Cookie: __cfduid=d011d6552d376741c63eb74e91c325f351559947077; expires=Sat, 06-Jun-20 22:37:57 GMT; path=/; domain=.dwolla.com; HttpOnly
< Access-Control-Allow-Origin: *
< X-Request-Id: 9527b229-661c-4a5a-842b-5c9fcbec7c3c
< Expect-CT: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct

  • Server cloudflare is not blacklisted
    < Server: cloudflare
    < CF-RAY: 4e361d0f7a2dccea-EWR
  • HTTP error before end of send, stop sending
  • Closing connection 0
(Shreya Thapa) #3

Hi @stephenEnact, it sounds like dwolla.js + IAV may not have been turned on for your application in Production. To enable this feature, you would have to reach out to your Account Manager via Slack. You should be able to retrieve the IAV token, and add + verify banks once the feature has been turned on.

Edit: I reached out to our team, and it looks like the feature is turned off for your account as per your contract. If you would like to use this feature, please let your AM know! They should be able to help you with any requests about features in Dwolla. :slight_smile:


Thanks for your help.

(Shreya Thapa) #5

You’re welcome, @stephenEnact. Thanks for posting!