Dwolla API Error

Hey. I need help.
I get this error.

‘code’ => ‘InvalidCredentials’,
‘message’ => ‘Missing or invalid Authorization header.’,
when I work in sand-box all is well, but when I insert my work keys, I this error.

I will present part of my code for understanding.

$headers = array(
"Authorization: Basic " . base64_encode($this->client_id . ‘:’ . $this->client_secret),
“Content-Type: application/x-www-form-urlencoded”
$data = array(
“client_id” => $this->client_id,
“client_secret” => $this->client_secret,
“grant_type” => “client_credentials”
$result = $this->post(‘token’,$headers, $data, false);

public function post($url, $headers = array(), $data = null, $json = true)

    $curl = curl_init();

    if (isset($data) && !empty($data)) {
        if (!$json){
            $post_body = http_build_query($data);
            $post_body = json_encode($data);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body);

    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_URL, $this->host . $url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 0);
    curl_setopt($curl, CURLOPT_TIMEOUT, 400);

    if ($json){
        curl_setopt($curl, CURLOPT_HEADER, true);

    $out = curl_exec($curl);

    if (!$json) {
        $res = json_decode($out, true);
        $http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
        $header_size = curl_getinfo($curl, CURLINFO_HEADER_SIZE);
        $header = substr($out, 0, $header_size);
        $body = substr($out, $header_size);

        $res = array("out" => json_decode($body, true), "http_code" => $http_code, "header" => $header);



    return $res;

This occurs at the very end, after the Plaid has verified the account. Plaid checked the account, I choose from which account I want to pay, click pay, I am sent back to the site and the download is in progress, and nothing else happens.

A few things I would check when this error occurred.

  • Are you using the correct API keys (client_id and client_secret) based on the environment that’s being called.

  • Similar to the above, check the request URL to make sure the subdomain is pointing to the right environment. api.dwolla.com vs. api-sandbox.dwolla.com

If those are correct, the next step I would look the basic auth header to see if how you are base64 encoding the client_id and client_secret. This looks to be correct, and matches how we are doing it within the dwolla-swagger-php client library.

One thing to note is that only grant_type should be included here but I don’t believe this should impact the request.

Hope this helps! I would check/validate your code based on the above criteria and reach out if you continue to experience the same error.