There are 2 locations in my app that use Dwolla. The first one is where clients come in and set up their bank account, via the callback/redirect mechanism, passing along the Transactions|Funding. This results in the creation of a customer token for them that I store. The second is where the owner of the app goes to make payments to those customer tokens using the "transfers" endpoint.
As far as I can tell, I have to use the Account Token structure for this.
As for the refresh token, I'm happy with that explanation that the site's provided refresh token can only be used once. I think I found an issue in my setup: My ACCOUNT_ID looked like
https://api.dwolla.com/accounts/123556-cc79-46f1-a0e4-2b7b4a2eced0 when the newly refreshed forms being created by the code looked like
123556-cc79-46f1-a0e4-2b7b4a2eced0 so when my query would search for the new one, it wouldn't find it. Then it would call back to re-using the one in ENV that had already been used. Updating this seems to have helped!
As for keeping it fresh, how often do I need to call
refresh to keep from having to manually intervene here? Once per day, once per hour? The app owner might need to make payments 10 times in a day, every day for a week, but then not make any payments again for 2 or 3 months. What would you recommend?