Thanks for the feedback. Perhaps what I'm trying to do can only be done
through the AccessAPI with a ManageCustomer scope, not the TransferAPI with
ManageAccount scope. Or perhaps it can't be done at all. My use case
pertains to payments. I'm concerned that the person to whom I send the
money actually is the person who ultimately claims it.
So for example, let's say one of my vendors is XYZ Corp. And I want to send
a payment to pay off an XYZ vendor invoice. So I call XYZ Corp and the
receptionist at XYZ corp gives me the following XYZ email address:
bad-guy@XYZ.com. (Bad Guy is embezzling money from XYZ corp.). Then, Bad
Guy (his real name) sets up a full vip verfied account using his SSN along
with his verfied funding source in Dwolla using bad-guy@XYZ.com. As far as
Dwolla is concerned, it all looks good (SSN matches Bad Guy name, etc). If
I were to send payment to bad-guy@XYZ.com, Bad Guy could steal the money
and before we catch him, he could flee the country.
What I would like to do is this: Query a Dwolla API resource with an email
address and acertain it belongs to XYZ Corp. and XYZ Corp has a fully CIP
verfied account set up before I send the money (in this case, to its email
address). In the above example, Dwolla would return the account name Bad
Guy, and other info like his address, the last 4 digits of SSN (with Bad
Guy token's permission, of course). With that information, I would see it
didn't match my XYZ Corp payable records and so I could reject payment
request/ money transfer before the money is sent.