Hi @Rockers_Technology, If you're integrating with our Access API then there's no need to implement the 3-legged OAuth flow like you mention in your initial post. Instead, your application will exchange your client credentials (App Key and secret) for an application access token. As described here: https://docsv2.dwolla.com/#application-authorization. The response should contain an application access token which can then be used to create Customers and facilitate all calls to our API on behalf of these Customers.
Why do all bank transfers stay pending in the Sandbox?
The Sandbox environment does not replicate any ACH processes, so a pending transfer will not clear or fail automatically after a few business days as it would in production. It will simply remain in the pending state indefinitely. A “Process bank transfers” button is available in the Sandbox Dashboard. This button allows you to simulate bank transfer processing in the Sandbox. Once the button is clicked, Dwolla will process or fail (see below for how-to trigger ACH failures) the last 500 bank transfers that occurred on your Sandbox account or the Access API Customer accounts you manage. Note: If a bank to bank transaction is initiated between two accounts, you’ll want to click “Process bank transfers” twice in order to process both sides of the transaction (debit and credit). Processing for bank transfers will also include initiated micro-deposits. If your application is subscribed to webhooks, notifications will be sent, including all transfer or micro-deposit related events, letting your application know that transfers have processed or failed.