Webhooks allow your application to receive notifications when merchants who have installed your app perform certain actions. For example, if a merchant has granted you the  READ_INVENTORY permission and they change their inventory, you’ll receive a POST to an endpoint you’ve specified.


Our webhook service is not guaranteed when or if it’ll be received. If you require something more robust, you’ll need to implement your own or use an existing reliable message delivery service.

Set Up Webhooks

Add Webhook Callback URL

Add a callback URL to your app on your Edit App page in the Developer Dashboard. We only support HTTPS-enabled callbacks.

Setup for Testing Webhooks

Webhooks require a publicly accessible endpoint so localhost will not work. You could use one of the following services for quick testing:

  • RequestBin allows you to create a temporary endpoint for testing.
  • Pagekite syncs your local server to a public (yourname.pagekite.me) endpoint.
  • ngrok connects your local server to a public (http://subdomain.ngrok.com) endpoint.

Subscribing to Events

When editing your app, the Webhooks section lists the webhook event types that you can subscribe to.

Each subscription requires the corresponding Read permission. If permissions are changed after the app is installed by the merchant, the app must be uninstalled and reinstalled to update the permissions.

Verification Process

As soon as you click Verify, a POST request will be sent to your webhook URL with a JSON body like this:



The response to our server’s request from your URI must be a 200 ‘SUCCESS’ code. Otherwise the attempt will fail with ‘Bad response status: Internal Server Error’

Enter the verificationCode in the Verification Code field of the Edit App page (click Resend Code to get a new code). Once the verification code has been validated, your webhook subscription is verified and you will start receiving notifications.

Clover Auth Code Header

After validating your webhook URL, the Edit App page shows a Clover Auth Code key that Clover will send in every message’s header. The header is formatted like this:


You may want to do extra validation to ensure your webhook messages are coming from Clover.

Message Format

The messages that Clover sends to your webhook URL contain the following information:

  • appId – The app ID that the webhook was set up for
  • merchants – Map of [“merchantId” -> List of updates]
  • updates – Map containing objectId, type, and timestamp

An example and other information relevant to the messages can be found below.



Update Message Format

  • objectId<Key For Event Type>:<Event Object ID>
  • ts – The current time in milliseconds

Keys for Event Type

The objectId above contains a key at the beginning to specify an event type. Clover webhook event types are as follows:

  • A : Apps – When your app is installed, uninstalled, or the subscription is changed.
  • C : Customers – When customers are created or updated.
  • I : Inventory – When inventory items are created, updated, or deleted.
  • O : Orders – When orders are created, updated, or deleted.
  • P : Payments – When payments are created or updated.
  • M : Merchants – When merchant properties are changed, or new merchants are added.
  • CA : Cash Adjustments – When there is a cash log event. (Requires HTTPS)