Clover implements Cross-origin Resource sharing (CORS), allowing you to write pure HTML/JavaScript-based applications with no server to intermediate between the browser and the Clover API server.


Depending on the market you’re using, Clover’s REST API will respond with an Access-Control-Allow-Origin header that contains only the domain you’ve associated with your application.

Troubleshooting CORS and JavaScript Applications in the browser

If you experience difficulties:

  1. Verify that you’ve specified a Site URL and Domain for your app in the Developer Dashboard.
  2. Make sure you’re using an OAuth token that was retrieved via OAuth and NOT the Setup app. Recall that if you want OAuth to provide you with a token (rather than a code), you need to specify response_type=token in the OAuth request.
  3. The Clover API does not support JSONP.