Dwolla Developer Guidelines

The Dwolla Developer Guidelines will evolve as the Dwolla service matures & as more of it's power is exposed via the API. Please keep this in mind as you grow & check back periodically to stay compliant.

Developer requirements

  • Have a Dwolla account in good standing
  • Have access to the required Developer Key / Code

Conduct

  • Create a safe user experience.
  • Responsibly manage user data.
  • Never abuse privacy.
  • Create a positive user experience.
  • Protect user data to the highest possible degree.
  • Do not create, generate, or distribute spam.
  • Accurately, responsibly, identify your service to users.

Expectations

  • If you store the PIN inside your application the following conditions must be met. If Dwolla receives reports that you are violating any of these conditions, Dwolla will instantly revoke access and seek damages on behalf of a client, and Dwolla, including reasonable attorneys fees.:
    • PIN(s) must be encrypted in transit and at rest (this includes any and all backup mediums) using FIPS 140-2 standards (at a minimum).
    • You must ask and receive permission from the Dwolla user before storing the PIN (i.e. users must explicitly opt-in, separate from original TOS page)
    • You must explain in clear, easy to understand terms what you will be doing with the PIN (i.e. transaction amount, frequency, etc.)
    • You must provide the Dwolla user with an option to remove the PIN stored in your system.
    • You must immediately remove all instances where the PIN is stored in your application when requested by the Dwolla User or a Member of Dwolla's team.
    • You must not share the PIN with any third party service under any circumstance.
  • Your use of the API and data will comply with all local and national laws, rules, and regulations, in additions to guidelines in this policy agreement.
  • You must not take any action to sell, distribute, or utilize the data for ad sales or advertising of any kind utilizing contact information exposed in the API or otherwise.
  • Within your own user policy you must also clearly note “this application is not directly supported by Dwolla Corp. Dwolla Corp. makes no claims about this application. This application is not endorsed or certified by Dwolla Corp”.
  • Data stored will always be held in a secure manner. User information will never be made publicly downloadable or accessible to any third party.
  • Any integrated pages utilizing Dwolla’s API will be served over HTTPS secure connections.
  • You must not give your API Key or Code to any third party for any reason.
  • Your service must provide a clear link for disconnecting from the Dwolla API service.
  • Your service must not transmit or transfer information from it’s primary location. All data from Dwolla must be streamed, not stored.
  • Any remaining information regarding user information must be immediately removed and deleted in the event the user disconnects from your service, or the Dwolla service. If the user removes access information and user history as it relates to Dwolla, this should also be removed.
  • You must obtain affirmative consent from the user who provided the data before using it for any purpose other than displaying it back to that user on your application and/or website.
  • Your application or service may not misrepresent of falsify the identity of any Dwolla user, or Dwolla directly at any time.
  • Issued refunds must directly tie to an original transaction in complete form.
  • Your application must publish a privacy policy which must include the usage of Dwolla API information.
  • User information which is gathered shall only be the bare minimum of what is required to allow the user to engage in the action your application allows.
  • You must delete user information within 48 hours if it is no longer required to perform the service.
  • You must not collect or distribute user information on behalf of Dwolla.
  • You must present each end user registered using the Dwolla API with the full Dwolla terms of service & those terms of service must be accepted by the end user.
  • With use of the Dwolla API, you must accurately represent your service. You must not lead a user to believe your service is something other than it's true identity & purpose. This includes but is not limited to your API application(s) name(s).

Rights

  • Dwolla makes no claims to ownership of new software developed by third party developers.
  • Dwolla claims no rights to software development done by third parties.

Application review and approval

  • Dwolla may at any time request a full review of the application on granular levels.
  • All Dwolla applications may be subject to future changes in the API documentation, guidelines, expectations, or otherwise. Applications will not be grandfathered in.
  • Your application may not allow parties to engage in illegal activities.

Guarantees

Dwolla makes no guarantees regarding API uptime availability and is not responsible for losses or damages incurred through the utilization, or abuse of the Dwolla API.

Data storage & management

Dwolla retains the right to request data storage guidelines at any time from an API key holder or developer.

Liabilities

  • Dwolla claims no liability for the stability of your application.
  • Dwolla provides no insurance for your application directly which covers your entity.
  • Liabilities due to malfunction of your application rest with your company/ service/ application.

Support

  • Developer will fully support plug-in developed or declare them community projects.
  • Dwolla makes no claims or guarantees regarding support of software developed by a third party.
  • You must provide 24/7 support to your application and telephone support during business hours.
  • You will clearly display how users may contact you in the event they have questions regarding your application.
  • Use of Logos and representation:
    • By using any Dwolla logos you promise to not consciously use the logos in a way resulting in damages of any sort to Dwolla, Inc. & to refrain from selling the logos.
    • You will not utilize Dwolla’s logos in any way that is meant to mislead or fool someone into believing Dwolla is providing your software service, to them.

Privacy

  • Dwolla user data must never be sold.
  • Dwolla user data must never be shared.
  • Dwolla user data must never be utilized for any reason other than:
    • Engaging in a transaction the end user wishes to engage in.
    • Presenting information to the user, which is relevant to the transaction.

Abuse

  • Dwolla may revoke API access at any time without written warning.
  • Dwolla does not permit usage of the API for the sale of illegal substances or activities.
  • Dwolla does not permit usage of the API for transactions occurring across other payment networks or international trading platforms.

Key Usage and Limitation

  • Owner of the API key may only utilize the key under the domain it is registered under.
  • Change of Key access:
    • Dwolla may at any time issue new keys for new API’s or restructuring access to existing API’s.
  • Location restrictions:
    • Dwolla’s service is only available to US consumers. Your application may only serve Dwolla users inside this geography.
    • Your application may not serve as a proxy or account partaking on behalf of users in other countries.

User permissions

Any API action must have user permission. Your application may not automate this process in any way that deviates from the standard workflow of permissions. Permissions can not be passed to a third party or to a product/feature that was not available when the permission was granted to your application.

Restrictions

Dwolla does not allow without prior written consent the use of the Dwolla API for any entities which:

  • Require financial service or banking licenses.
  • Sell virtual currency or exchange virtual currency.
  • Act as an escrow service.
  • Charge additional fees for the payment of goods or services on top of Dwolla’s API.
  • Hold funds for additional transfers.
  • Include a scheduled operation for additional transfers.
  • Include a scheduled operation for an action of any type. An action being anything which causes a money transfer through a processors.
  • Allows any external arbitration service or sells third party insurance of any kind.
  • Licensing:
    • You agree to allow Dwolla free and irrevocable licenses required to utilize your application.
  • You grant Dwolla rights to utilize your marks in the publication or distribution of your application.

Term

The term of this agreement begins as of the first date you agree to these terms or request API access information and will remain in effect indefinitely. Dwolla reserves the right to make changes to the Dwolla Developer Guidelines terms of service at any time. By using the Dwolla API you agree to these terms.

Pleaes direct questions to support@dwolla.com

USA Patriot Act Notice

important information about procedures for opening a new account under the USA Patriot Act of 2001

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see a form of identification with your photograph or other identifying documents.