I am student developing a small web app to arrange payments between 2 individuals (not businesses). I am knew to OAuth, payment APIs, and web development. I will conceptualize my understanding, at high level, of how I have perceived the flow from web application creation to arrangement of a payment in hope that someone will correct a misunderstanding or elaborate on a topic if needed. (Avoiding token maintenance)
1) The web app is created and registered with Dwolla.
2) The user creates an account local to my web app.
3) That user will create/login to a Dwolla individual (not business) account and give my Dwolla application authorization on the permissions I define. This Dwolla account will be somehow linked to the user local to the web app.
4) Once a user, lets call him user1, does an action which causes the web app to arrange a payment between my app or another user, lets call him user2, the web app will make the API calls to arrange the payment between user1 and the app or user1 and user2's respected Dwolla accounts.
5) These users involved in the transactions then become Customers to the registered Dwolla application. (Customers is just a list of the Dwolla user's accounts who have been involved in a transaction with the web app. The Customer class has no direct link to private resources)
Any response is welcomed and appreciated. I am overwhelmed and doubting my understanding. I am merely trying to avoid wasted development time caused by misunderstanding. I am still in the planing phase of my application.
Thank you in advance, and have a great day!