Incorrect response status code for invalid POST request in API v2 token flow


(Gastón Avila) #1

I am rebugging some of my code and found that a
POST https://uat.dwolla.com/oauth/v2/token
with the correct payload but an outdated refresh token gives me back a 200 OK response with the following payload

{u'error_description': u'Invalid refresh token.', u'error': u'access_denied'}

so clearly an error. Shouldn’t the status code be in the 40* range?

Thanks


(Jared Dellitt) #2

Hey @Gaston_Avila, yes ideally this would be a 400 level error, but this endpoint is a remnant of our V1 API and is used by quite a few apps - which means changing it would break quite a few integrations.

If you’re using our V2 API, the status codes will be much more meaningful along with helpful error messages.

Thanks for the feedback!


(Gastón Avila) #3

The API v2 docs list this endpoint as the one to be used, see
https://docsv2.dwolla.com/#finish-user-authorization
so I’m not quite following… is this V1 or V2 ?


(Jared Dellitt) #4

I apologize - my response was confusing. /oauth/v2/token is/was part of our V1 API and we chose to re-use it for the OAuth flow in V2. Similar to the issue you mentioned, our V1 API returns 200 response codes even when an error occurred - where V2 does not. There is currently no other way to go through the OAuth flow.

Let us know if you have any other questions!


(Cory Anderson) #5

(Cory Anderson) #6

(Cory Anderson) #7