Dwolla API V1 upcoming changes

(Luis Mojica) #1


One of my customers have a Dwolla API V1 implementation and they recently received an email warning of upcoming changes:

However, for those customers using APIv1 SDKs or external REST clients that pass a session identifier as a querystring parameter, updates will be required before December 4th, 2017.

How can I tell if my V1 implementation does “pass a session identifier as a querystring parameter”?
Besides updating the Gem (dwolla-ruby) are there any more changes necessary?

Access token is empty
(Spencer Hunter) #2

Hi @Luis_Mojica, Besides updating to the latest version released for your respective language then no other changes are needed.

(Adam Esterle) #3

@spencer Can I update now and be good when the Dec 4 change comes or do I need to update on Dec 4?

Also, you are saying to just update the library? If we are using APIv1 in our code then none of OUR code will need changed?

(Adam Esterle) #4

@spencer if our code would need to be changed, is there any documentation on what to look out for?


Hi @spencer - I upgraded to the latest v1 Ruby SDK and ran into errors using it. I submitted a pull request (https://github.com/Dwolla/dwolla-ruby/pull/47), can you guys take a look at it please?


(Spencer Hunter) #6

@AdamEsterle, you can update now and be good when the Dec 4 change comes. If you are only using a client library then just update it to the latest version. If you are using an external HTTP client (i.e. request) then make sure access tokens are passed in the Authorization header and not as the oauth_token query string param.

@sgore, we just merged in your PR and published a new version to Ruby gems. Thanks!

Please let us know if you run into any issues or have follow up questions!

(Adam Esterle) #7

@spencer Thank you for getting back to me

I updated dwolla-php from 2.1.8 to the latest (2.1.9)

I should be good to go?

(Spencer Hunter) #8

Yep, you should be good!

(Jorin Slaybaugh) #9

We aren’t using an SDK. Any way I can get an understanding of what specifically needs to change?

We are only making these 4 calls and I don’t see any “session identifiers” as a query string in any of them, FWIW:

  • [POST] oauth/v2/token
  • [POST] oauth/rest/transactions/send
  • [GET] oauth/rest/users
  • [GET] oauth/rest/fundingsources (destinationId is only parameter I’m sending)

(Spencer Hunter) #10

Hi @jslaybaugh, I see that you’re using RestSharp. I am assuming you’re passing OAuth access tokens in the Authorization header. What we won’t allow is passing access tokens via a query string parameter. Looking at the list of endpoints you’re calling and information in our API request logs you should be good.

(Jorin Slaybaugh) #11

Thanks, Spencer!

(Eric Mayefsky) #12

Hey @spencer, saw this change and updated our gem, using the basic V1 ruby gem (updated to 3.0.1) and haven’t touched anything in years, but we’re broken after the change.

  require 'rubygems'
  require 'dwolla'
  Dwolla::api_key = ENV['DWOLLA_API_KEY']
  Dwolla::api_secret = ENV['DWOLLA_API_SECRET'] 
  Dwolla::token = user.dwolla_token #this is the string token stored the way that it's always been stored
  dummy_txn = Dwolla::Transactions.send({:destinationId => '812-713-9234', :amount => 1.00, :pin => user.dwolla_pin, :destinationType => 'Dwolla', :fundsSource => 'TESTING PIN, FAKE FUNDS SOURCE'})

Gets us “Dwolla::AuthenticationError: No OAuth Token Provided.”

Any ideas? Thanks!

(Eric Mayefsky) #13

I played around with this a bit more and basically I think @sgore’s fix for requests.rb needs to be made a bunch of other places. For example my issue above is because transactions.rb still has token=nil instead of token=true.


You’re right! There’s a pull request to make that change in a bunch of places: https://github.com/Dwolla/dwolla-ruby/pull/49

(Andrew) #15

Hey @spencer, using dwolla.net SDK. Was this updated to be compliant?


(Spencer Hunter) #16

@Andrew_Cornman, There were no API calls coming from the dwolla.net SDK in the last few months which indicated its lack of use. We would definitely be open to merging any pull requests if interested in contributing on this update!

Thanks for the contribution @sgore! We merged these changes and published an updated version to ruby gems. Please let us know if you continue to experience issues.

(Joe Abele) #17

Hi Spencer. I’m not sure how you determined that no API calls were come from the dwolla-net SDK, but we have been using it consistently for the past year. Unfortunately, this problem has not come to our attention until recently, and we never received an email indicating this change was coming. The dwolla-net SDK is not updated, and we are dead in the water with regards to using Dwolla now.

Any suggestions on how we can specifically update our API calls using dwolla.net to change how these header changes can be implemented?


(Cory Anderson) #18

(Cory Anderson) #19

(Cory Anderson) #20