We are going through that process now. For the Access Api we needed to get a signed contract in place. Once we completed that Dwolla sent us an integration guide pdf which detailed a number of other requirements not mentioned on their website, including:
- Emails that must be sent to all verified customers when their account is created, updated, funding source added and removed, micro deposits started/deposited/verified, on demand authorization granted and revoked, any transfer coming in or going out from any of their verified accounts notifying them of their creation/pending/success/failure/cancellation
- Evidence of each of these emails working. They must be sent immediately on your receipt of the appropriate webhooks
- Transfer history available on the platform going back 2 years with all the transfer info and date filtering
- Full FAQ detailing how Dwolla works along with its policies and your policies
- Conflict resolution abilities
- Explicit acceptance of their terms and privacy and your own terms and privacy
- HTTPS is required
- Password strength and non clear text storage requirements
- Audit logging
- Contact info for your users to contact you and to contact Dwolla
- Login event tracking
- You must use their funding source name(nickname) whenever you reference it on your site
Then you must schedule a demo with their implementation team to verify your platform follows their guidelines.
They also make their marketing team available to coordinate on testimonials and release media.