InvalidIavToken

I am testing creating a funding source through Dwolla.js and am now getting InvalidIavToken. The only guidance for this error mentions getting the same IavToken every time it is run, but I am getting a new one every time.
I am able to create the customer without any problem. I get a new IAV token, but it is not accepted. Below is the code I am working with, using PHP.
Thanks for your time.

<?php $dwolla_api_url = 'https://api-sandbox.dwolla.com'; $apiClient = new DwollaSwagger\ApiClient($dwolla_api_url); $customersApi = new DwollaSwagger\CustomersApi($apiClient); $customer = $customersApi->create([ 'firstName' => $current_user->user_firstname, 'lastName' => $current_user->user_lastname, 'email' => $current_user->user_email, 'type' => 'receive-only', 'businessName' => $b_name, 'ipAddress' => $ip ]); $myCustomerId = explode("/",$customer)[4]; //ugly but works for now $myUrl = $dwolla_api_url . "/customers/" . $myCustomerId; $iavToken = $customersApi->getCustomerIavToken($myUrl); ?>
<script type="text/javascript">
     dwolla.iav.start('<?php echo $iavToken->token; ?>', {
					container: 'iavContainer',
					stylesheets: [
						'https://fonts.googleapis.com/css?family=Lato&subset=latin,latin-ext'
					],
					  microDeposits: false,
					  fallbackToMicroDeposits: true,
					  backButton: true,
					  subscriber: ({ currentPage, error }) => {
						  console.log('currentPage:', currentPage, 'error:', JSON.stringify(error))
						}
					}, function(err, res) {
				  console.log('Error: ' + JSON.stringify(err) + ' -- Response: ' + JSON.stringify(res));
	});

Here is a sample of the last javascript from the client:
<script type=“text/javascript”>
dwolla.iav.start(‘aWLL3WIYAMJNeYKGUiju0XQnghv12wJyvwNCO9lUzDIQxLXfQr’, {
container: ‘iavContainer’,
stylesheets: [
https://fonts.googleapis.com/css?family=Lato&subset=latin,latin-ext
],
microDeposits: false,
fallbackToMicroDeposits: true,
backButton: true,
subscriber: ({ currentPage, error }) => {
console.log(‘currentPage:’, currentPage, ‘error:’, JSON.stringify(error))
}
}, function(err, res) {
console.log('Error: ’ + JSON.stringify(err) + ’ – Response: ’ + JSON.stringify(res));
});

Hi @stephenEnact, thanks for posting! After reviewing your code snippet it appears you’re calling our sandbox to fetch an IAV token. By default, dwolla.js will point to our production environment unless a configuration is set to specify sandbox. Referenced here in our docs, prior to calling dwolla.iav.start() you’ll want to pass in a configuration of:

dwolla.configure('sandbox');

Hope this helps, let us know if this resolves the issue you are running into!

Thanks. That fixed it. I had that command on the form post, so it hadn’t happened yet.

1 Like

I’m also receiving InvalidIavToken. Here is the code:

dwolla.configure("sandbox")
        dwolla.iav.start(
          TOKEN_FROM_SERVER,
          {
            container: "iavContainer",
            
            microDeposits: false,
            fallbackToMicroDeposits: false,
            backButton: true,
            subscriber: ({ currentPage, error }) => {
              console.log(
                "currentPage:",
                currentPage,
                "error:",
                JSON.stringify(error)
              )
            },
          },
          function(err, res) {
            console.log(
              "Error: " +
                JSON.stringify(err) +
                " -- Response: " +
                JSON.stringify(res)
            )
          }
        ) 

Could someone please help?
Thank you

Hi @jwald1, the InvalidIavToken error indicates that an IAV token has been used already, or has exceeded the expiration period of 1 hour.

Would you be able to confirm if this IAV token was generated more than an hour ago of using, or if it has been used to create another funding-source in your Application?

Thanks @shreya, the Token was generated a few seconds before using and it wasn’t used before.

Thanks for confirming @jwald1!

There seem to be no errors in the code-snippet that you posted above, and since the IAV token is being generated right before use, all I can think of is if the token endpoint you are calling is the right one. Would you be able to confirm that this is the endpoint your application is calling to generate an IAV token?

POST https://api.dwolla.com/customers/{id}/iav-token

Also, would you mind posting your Account ID, or any Customer ID in your Sandbox Account? I could check our logs for any issue on our end.

The URL was the problem! I had app_token.post "#{customer_link}/funding-sources-token", no idea why I used it. Thanks a lot for your help!

Ah, that’s the url for generating a funding-source token which you can use with dwolla.js to securely pass bank account info to the API. This securely adds the bank, but doesn’t verify it. It can be confusing.

You’re welcome!