Dwolla sandbox webhooks subscriptions returns InvalidScope


(Jaazzy) #1

I am trying to create a new webhook subscription to our server.

when sending the following request:
> POST https://api-uat.dwolla.com/webhook-subscriptions

Accept: application/vnd.dwolla.v1.hal+json
Content-Type: application/vnd.dwolla.v1.hal+json
Authorization: Bearer ACCESS TOKEN
{
    "url": "https://myapplication.com/webhooks",
    "secret": "APPLICATION SECRET"
}

I tried to use the access token generated via the UI so as created a new access token via the API. In both cases I am getting

{
“code”: “InvalidScope”,
“message”: “Missing or invalid scopes for requested endpoint.”
}

Its not a token issue since I was able to create new Customers with it.

Any ideas?
Thanks


(Jaazzy) #2

I was able to find the issue.
I should have created an application token vs an account token. Those terms should be better explained through the docs.

Thanks


(Spencer Hunter) #3

@Jaazzy, Thanks for the feedback and glad you were able to figure our the issue! Apologies for the confusion in the docs. We’re working on clarifying the docs for describing OAuth and the different types of access tokens used in the API in greater detail. Updates will come over the course of the next few weeks.


(Jaazzy) #4

Hey @spencer
Now I am getting back an empty scope for the exact same flow.

I am trying to create a new Webhooks subscription on the sandbox:

https://uat.dwolla.com/oauth/v2/token
(Is there a different domain base for the sand box?)

{
“client_id”: “COMPANY ID”,
“client_secret”: “COMPANY SECRET”,
“grant_type”: “client_credentials”
}

and I am getting back:

{
“access_token”: “APPLICATION TOKEN”,
“token_type”: “bearer”,
“expires_in”: 1762,
“scope”: “”
}

I am able using this token to get the list of webhooks. so I assume I create the right token
Any ideas?

Thanks

BTW your answer here: How to get an application access token
really helped.


(Spencer Hunter) #5

Yep! It looks like you’re generating the correct token (application access token) which is used to call the API to set up a webhook-subscription.


(Cory Anderson) #6

(Cory Anderson) #7

(Cory Anderson) #8