Access token is empty


(Joe Dev) #1

Did anything with the API v1 change recently? I haven’t made any code changes for ages, and now I’m flooded with this…

{"Success":false,"Message":"Access token is empty.","Response":null,"_links":null}

I’ve recreated this in production and the sandbox. I can get through the OAuth process just fine.

{"_links":{“account”:{“href”:“https://api-sandbox.dwolla.com/accounts/815372b1-9c6c-4269-a5bd-00da0577ebaa"}},“access_token”:“JaEL0MpprmLXfiOhlv5agdUZbZBRTI3AtkQxFlyp1e0Trt6sSg”,“expires_in”:3607,“refresh_token”:“62v2JV79d7YlbNV4hTH7ToYqAAcUH8uhvib8Cj4QpMHmVTr90M”,“refresh_expires_in”:5184007,“token_type”:“bearer”,“scope”:“accountinfofull|contacts|transactions|balance|send|request|funding|manageaccount|scheduled”,“account_id”:"815372b1-9c6c-4269-a5bd-00da0577ebaa”}

But any calls after that are met with Access token is empty.

Did something change recently with v1?


(Spencer Hunter) #2

Hi @jholst, Emails were sent out to API v1 consumers over the past few months regarding a change to how access tokens can be passed in requests to the API. Here is a copy of the communication:

Changes to APIv1 SDKs, updates required

Dwolla has made changes to the APIv1 SDKs, that will require updates. If you are using the APIv1 SDKs or an external REST client, please read the details below.

Dwolla continually improves and evolves services to take advantage of best practices while meeting the needs of our customers. APIv2 continues to be the leading choice for platform integrations, however the team has also continued to make necessary changes to APIv1. For those customers using APIv2, no action is required; however for those customers using APIv1 SDKs or external REST clients that pass a session identifier as a querystring parameter, updates will be required before December 4th, 2017.

We view these changes to APIv1 as enhancements to your security. Specifically, we now require authorization headers on session identifier transmissions. This is an improvement over functionality previously allowing the session identifier to be passed as a querystring parameter.

Additional information can be found in the following thread as well:

Please let us know if you have any questions or need assistance with this change.


(singh) #3

@spencer
Hi,
I’m also facing same issue.
I am a ruby developer using gem ‘dwolla-ruby’, :git => ‘https://github.com/Dwolla/dwolla-ruby.git’, :branch => ‘2.6.5’, whenever I hit any of the api get below error

Dwolla::APIError: Access token is empty.

For e.g

access_token = Xo9UvRP32a4Ly6MxhhfINQUgUnZU20NuRQZMijcI0rTL4jckPA

DwollaVars.Dwolla::Balance.get(access_token)

response is - Dwolla::APIError: Access token is empty.

Please tell me how to get it passed or what needs to be changed in v1?


(Spencer Hunter) #4

@sandeep, dwolla-ruby has been updated to support passing an access token via the Authorization header and not as a query string parameter. If you update to the latest version of dwolla-ruby then this should resolve your issues.


(singh) #5

@spencer

Thanks,
Everything is working fine now.