Checklist to go over before production access for direct API integration
Integrated using SDKs?
If you used any Dapi-provided SDKs during integration, make sure to follow SDK-specific checklists.
General Production Checklist
Make sure you have handled all different MFA types on all API endpoints.
The only endpoints that will not require MFA are: Auth API, Metadata API and Operations API.
If your logic is relying on bankIDs, then note that sandbox and production bankIDs are different. For example, ADCB:
NB! Only applicable if you are storing and re-using accessTokens
INVALID_CREDENTIALSerror, the bank connection should be abandoned. The user should connect their account again via the Connect Layer.
Why? This error indicates that the user has updated their online banking credentials. If your application continues to use outdated details, it may result in blocking the user's banking account.
No parallel calls allowed
Dapi API does not support parallel API calls for the same bank account.
accessTokencannot be used in multiple requests at the same time in parallel.
If parallel calls are caused, you can expect all requests to fail.
Do you have internal timeouts?
Do you usually have a default timeout for the requests going out of your application or server? It is possible that resolving a request with the bank can take longer. Dapi has an internal timeout at
- 240 seconds for
- 120 seconds for all other endpoints
Having a shorter timeout on your end can result in it occasional
Data API Specific Checklist
Only applicable if you are querying for transaction histories
Each bank supports a different range of transactions.
You can retrieve the supported ranges from Metadata API. Refer to the
Payment API Specific Checklist
Please double-check that you are only passing in alpha-numeric values in the beneficiary information. Including special characters in any of the fields will result in errors later on.
Make sure you have handled the beneficiary cooldown period. Receiving this error means that beneficiary activation will take time from the bank side and the user must wait for the cooldown period to end before attempting the transfer again.
The exact time taken varies based on the user's bank. You can get the time take for the beneficiary to be active for any bank by using getAccountsMetaData API. You can for example use it to schedule a notification for the user to send money again when the beneficiary is activated.
Do you need to reconcile the transfers?
If yes, make sure you are leveraging the
The remark field can hold any value set by you. It would be useful to use a value that uniquely identifies the transfer on your application side.
In order to be sure that the entire value can be used, we recommend keeping the
remarkshorter than 15 characters.
NB! No special characters are allowed in the
Transfer Confirmation Failed
TRANSFER_CONFRIMATION_FAILEDis a special error that we recommend handling. The error means that at the very last step of the transfer the bank returns a general error message.
This can happen sometimes due to the bank's side internal errors.
In these cases, there is still a possibility that the transfer was successful and the money was debited from the account. We advise checking with the end-user when this error message is received.
Updated 5 months ago