Clover implements Cross-origin Resource sharing (CORS), allowing you to write pure HTML/JavaScript-based applications with no server to intermediate between the browser and the Clover API server.


Depending on which market you use, Clover’s REST API will respond with an Access-Control-Allow-Origin header that contains only the domain you’ve associated with your application on its Edit page.

Troubleshooting CORS and JavaScript Applications in the browser

  1. Make sure you have a Site URL and Domain specified for your app in the Developer Dashboard.
  2. Make sure you are using an OAuth token that was retrieved via OAuth and NOT the Setup App. Remember that if you want OAuth to provide you with a token (instead of a code) you need to specify response_type=token in the OAuth request.
  3. The Clover API does not support JSONP