Validation while Creating Customer

My web app will create Customers with Dwolla. Is it my responsibility to validate:

  • email
  • ssn
  • address1
  • city
  • postalCode
  • country
  • ein

… or will Dwolla check if these numbers are valid?

In addition, how do I gracefully catch errors while creating a Customer so that I can report the error to the front-end? Does this apply to every API call to Dwolla?

Ho @ngwattcos,

Yes, Dwolla does check on those fields for any validation errors. If there exists an error, Dwolla responds with a 400 ValidationError.

Here’s an example error response for an invalid email address -

{
    "code": "ValidationError",
    "message": "Validation error(s) present. See embedded errors list for more details.",
    "_embedded": {
        "errors": [
            {
                "code": "InvalidFormat",
                "message": "Email invalid.",
                "path": "/email",
                "_links": {}
            }
        ]
    }
}

You can also find a list of common errors in our API docs.

1 Like

Hi @shreya ,
Thank you for this information. However, I need to clarify several things - does Dwolla verify that the ssn is just a valid ssn number, or does it actually check that the ssn actually belongs to the person applying for an account?

Is it also the same for the email? Suppose a user enters an email that does not exist in real life, like "fake@email.com." Is it my web app’s responsibility to verify that the email is real (by sending a verification to the email), or will Dwolla automatically be able to detect whether the email address is legitimate?

I’ll also repeat this question for all street addresses/cities/postal codes, EINs, business names, etc. Will Dwolla verify this information automatically, or is it my responsibility to verify that these are legitimate, and if so, what resources are available for me to do so?

On the other hand. Is it possible for a user to create a Dwolla Customer with “valid” not legitimate information (such as incorrectly typed email, ssn, EIN, address, etc…) or for a Dwolla Customer with incorrect information to conduct transfers? (For clarification, I’m using Plaid + Dwolla. Is it true that as long as Plaid is able to generate a processor token, Dwolla is able to accept this token and create funding sources?)

Hi @ngwattcos,

Dwolla validates the fields - SSN, addresses, EINs, business names, etc. - when creating a Customer. All Verified Customer accounts go through CIP verification. After receiving the information and putting the Customers through CIP verification, they may be placed into one of the following statuses -

retry - When in retry, the Customer would have to input the information once again along with the full SSN
document - When in document, the Customer would have to upload an identity document to verify the Customer because the first two attempts to verify failed with insufficient information
suspended - When suspended, the information provided by the Customer is either duplicate, stolen identity, or a result of other causes. You may reach out to your Account Manager at Dwolla to inquire more about why the Customer was suspended, and to ask that they be unsuspended.

Here’s an article in our Dev Docs that walks you through handling these statuses - https://developers.dwolla.com/resources/business-verified-customer/handling-controller-and-customer-statuses.html

As for the email addresses, Dwolla only validates the format of the emails. To make sure that the emails entered are legitimate, due to the white-label nature of Dwolla, you would have to verify the emails via your app.

Regarding Plaid+Dwolla integration, that would be correct. As long as the plaid_processor token is legitimate, and the Customer you are trying to add the funding-source to hasn’t gone over the maximum active banks limit, you should be able to add that bank as a funding-source in Dwolla.

Please let me know if I can help clarify on any of the topics above!