Hi @jholst, Emails were sent out to API v1 consumers over the past few months regarding a change to how access tokens can be passed in requests to the API. Here is a copy of the communication:
Changes to APIv1 SDKs, updates required
Dwolla has made changes to the APIv1 SDKs, that will require updates. If you are using the APIv1 SDKs or an external REST client, please read the details below.
Dwolla continually improves and evolves services to take advantage of best practices while meeting the needs of our customers. APIv2 continues to be the leading choice for platform integrations, however the team has also continued to make necessary changes to APIv1. For those customers using APIv2, no action is required; however for those customers using APIv1 SDKs or external REST clients that pass a session identifier as a querystring parameter, updates will be required before December 4th, 2017.
We view these changes to APIv1 as enhancements to your security. Specifically, we now require authorization headers on session identifier transmissions. This is an improvement over functionality previously allowing the session identifier to be passed as a querystring parameter.
Additional information can be found in the following thread as well:
Please let us know if you have any questions or need assistance with this change.