OAuth model on a backend; long TTL tokens


(Rodrigo Fernández Díaz) #1

HI, I’m just getting started with the Dwolla API (white label), so as to evaluate it as an ach gateway for my mobile platform.

I currently need to leverage an ach gateway into my backend system state machine, so it can process the ‘charge customer’ steps I have, but does implies that I need my backend to be able to consume the api seamlessly; and I can’t seem to figure out how to fit that with the oauth-user needs to login-model.

I’d basically be charging my customers (ach transfer from their accounts to my concentrating one), so I don’t really need them to login, I would just use my own dwolla account at every time.

Any suggestions around this, and how can I approach the auth. model for this purpose?

Thanks!


(Spencer Hunter) #2

@rodrigofd, As long as your Dwolla application belongs to the same account that will be in charge of creating and managing White Label Customers via the API then your app can use an application access token. You’ll simply exchange your client credentials(app key and secret) using the client credentials grant type for an application access token that will be used when making calls to the Dwolla API.

The TTL on this particular access token is still 1 hour, so your backend server will want to periodically call the API to exchange your client credentials for a new/fresh access token.

We do have plans to change how auth is done with regards to White Label and potentially moving away from OAuth, however this isn’t sometime that is on our immediate product roadmap.