Missing or invalid scopes for requested endpoint


Me again!
I’ve got pretty much everything working, as described here:
When I get to the final step where I’m transferring funds, it fails with {"code":"InvalidScope","message":"Missing or invalid scopes for requested endpoint."}
The scopes I’m requesting way back in step #1 are Send|Funding.
Is that developer guide still valid? My post looks like the following

var postbody = "{'_links': { 'source':{ 'href':'https://api-uat.dwolla.com/funding-sources/" + req.query.acct + "'}, 'destination':{ 'href':'https://api-uat.dwolla.com/accounts/13835190-c179-4d41-a273-5b400dcf7294' } }, 'amount':{ 'currency':'USD', 'value': '"+req.query.amount+"' } }";

request = require('request');
    url: "https://api-uat.dwolla.com/transfers",
    method: "POST",
    headers: {
        "Authorization": "Bearer " + bearer,
  		"Accept": "application/vnd.dwolla.v1.hal+json",
  		"Content-Type": "application/vnd.dwolla.v1.hal+json"
    body: postbody
}, function (error, response, body){

(Spencer Hunter) #2

The scopes you are requesting (Send and Funding) should give you access to send money from the account’s associated funding source. Do you have the source funding source id that you are passing in?


Hi Spencer, Yes, it is 17740601-e725-43b0-ac9c-b19199fc394f
It comes down in the previous step as “Example FiSync Partner - My Checking”

(Spencer Hunter) #4

Strange, Im wondering if it may be an issue with that particular bank in the Sandbox. Can you try removing that funding source on that account and going through the IAV flow again adding a different bank? or create a new account and go through the IAV flow selecting BofA as the bank.


I’ve removed, recreated, and signed up as a different email, creating a dummy BoA account. No luck. Here is my POST body from the latest test:

{'_links': { 'source':{ 'href':'https://api-uat.dwolla.com/funding-sources/5fa92f0c-20c9-410a-a856-8e39ec7ef660'}, 'destination':{ 'href':'https://api-uat.dwolla.com/accounts/daeba3bc-e938-411f-8366-72022dc19782' } }, 'amount':{ 'currency':'USD', 'value': '111.11' } }

Just to confirm, the source is the funding-source of the account sending money (as reported by querying https://api-uat/accountid-of-sender/fuding-sources), and the destination is the account id of the destination, correct (found by going to https://uat.dwolla.com/applications and clicking create token, listed under “Account ID”)?

Thanks for your help!


(Spencer Hunter) #6

Hey @DanF, As a sanity check can you make sure the headers you are passing in are correct? For the Accept header the value should be application/vnd.dwolla.v1.hal+json. The Content-Type header value should be either application/vnd.dwolla.v1.hal+json or application/json. Everything else about the request and steps leading up to sending the transfer looks correct though!

If this works, and you are simply just missing a header then the error response will need to be updated on Dwolla’s end to reflect the proper error.


Yeah, no luck.
Interestingly, even with no POST payload, I get the same thing posting to https://api-uat.dwolla.com/transfers
The only place I need to specify the scopes are on the very first step, right:
I don’t need to send scope any other time?

(Spencer Hunter) #8

@DanF, There’s something that is throwing off the request , however I am not sure what it is based on the information provided. Are you able to cURL the same endpoint using the source account’s access token?

curl -X POST -H "Accept: application/vnd.dwolla.v1.hal+json" -H "Authorization: Bearer {SOURCE ACCT ACCESS TOKEN}" -H "Content-Type: application/json" -d '{
    "_links": {
        "source": {
            "href": "https://api-uat.dwolla.com/funding-sources/5fa92f0c-20c9-410a-a856-8e39ec7ef660"
        "destination": {
            "href": "https://api-uat.dwolla.com/accounts/daeba3bc-e938-411f-8366-72022dc19782"
    "amount": {
        "currency": "USD",
        "value": "111.11"
}' "https://api-uat.dwolla.com/transfers" -v