Production Checklist

Checklist to go over before production access for direct API integration


Integrated using SDKs?

If you used any Dapi-provided SDKs during integration, make sure to follow SDK-specific checklists.

General Production Checklist


Multi-factor authentication

Make sure you have handled all different MFA types on all API endpoints.

The only endpoints that will not require MFA are: Auth API, Metadata API and Operations API.


Bank IDs

If your logic is relying on bankIDs, then note that sandbox and production bankIDs are different. For example, ADCB:

  • Production: ADCBAEAA



NB! Only applicable if you are storing and re-using accessTokens

When receiving INVALID_CREDENTIALS error, the bank connection should be abandoned. The user should connect their account again via the Connect Layer.

Why? This error indicates that the user has updated their online banking credentials. If your application continues to use outdated details, it may result in blocking the user's banking account.


No parallel calls allowed

Dapi API does not support parallel API calls for the same bank account.

One accessToken cannot be used in multiple requests at the same time in parallel.

If parallel calls are caused, you can expect all requests to fail.


Do you have internal timeouts?

Do you usually have a default timeout for the requests going out of your application or server? It is possible that resolving a request with the bank can take longer. Dapi has an internal timeout at

  • 240 seconds for payment/transfer/autoflow and wire/transfer/autoflow
  • 120 seconds for all other endpoints

Having a shorter timeout on your end can result in it occasional 504 errors.

Data API Specific Checklist


Only applicable if you are querying for transaction histories


Transaction ranges

Each bank supports a different range of transactions.

You can retrieve the supported ranges from Metadata API. Refer to the transactionRange parameter.

Payment API Specific Checklist


Special characters

Please double-check that you are only passing in alpha-numeric values in the beneficiary information. Including special characters in any of the fields will result in errors later on.



Make sure you have handled the beneficiary cooldown period. Receiving this error means that beneficiary activation will take time from the bank side and the user must wait for the cooldown period to end before attempting the transfer again.

The exact time taken varies based on the user's bank. You can get the time take for the beneficiary to be active for any bank by using getAccountsMetaData API. You can for example use it to schedule a notification for the user to send money again when the beneficiary is activated.


Do you need to reconcile the transfers?

If yes, make sure you are leveraging the remark field in payment/transfer/autoflow or payment/transfer/create.

The remark field can hold any value set by you. It would be useful to use a value that uniquely identifies the transfer on your application side.

In order to be sure that the entire value can be used, we recommend keeping the remark shorter than 15 characters.

NB! No special characters are allowed in the remark field


Transfer Confirmation Failed

TRANSFER_CONFRIMATION_FAILED is a special error that we recommend handling. The error means that at the very last step of the transfer the bank returns a general error message.

This can happen sometimes due to the bank's side internal errors.

In these cases, there is still a possibility that the transfer was successful and the money was debited from the account. We advise checking with the end-user when this error message is received.