Are any Dwolla values sensitive?

More specifically, I’m wondering if it’s best practice to encrypt values like the dwolla customer url, dwolla funding source, etc in the database.

For instance, I’m assuming the following is true: if someone were to steal the dwolla funding source url of my bank account, they could not use that url to transfer money, unless they had the same Dwolla credentials as the service that added/verified the account.

Hi @dtj – that’s correct, without your client credentials (your API key and secret that we recommend storing securely), the Dwolla resource IDs can’t be used to call the API to create/update any resources. So, we don’t really have a recommendation on encrypting the Dwolla GUIDs in you DB, but it may just be easier to reference them when saved as is.

Hope that helps!