For web-based applications, Clover uses OAuth 2.0. This provides you with a mechanism to get an API token for a particular merchant.
If you are building an Android app that will run on non-Clover devices, see this Android OAuth example.
In order to use OAuth, you need to configure your app's Site URL and CORS Domain under Settings > Web Configuration from the Developer Dashboard.
This URL is where merchants will be redirected after both installing your app and launching it from the merchant dashboard. It will also be where merchants land after you redirect to
/oauth/authorize and the merchant authenticates by logging in and/or selecting their merchant account as needed. You can override the post-authorization landing page by supplying a
redirect_uri in your request to
redirect_uri passed to
/oauth/authorize must be a subpath of the selected Site URL. For example, if you specify a Site URL of
https://www.example.com/myapp, then in your OAuth request a
https://www.example.com/myapp/setup is valid, but
https://example.com/setup is not valid.
Clover implements cross-origin resource sharing (CORS), which enables you to:
- Make requests from your client-side app to Clover's REST API using XmlHttpRequests or AJAX requests
Clover's REST API does not support JSON with Padding (JSONP).
On the Developer Dashboard, enter your application domain such as
http://localhost:8000 for testing). The access token provided by the OAuth flow can be used for cross-domain requests as long as they originate from this domain.
If you are experiencing difficulties:
- Verify that you have specified the Site URL and CORS Domain for your app in the Developer Dashboard.
- Verify that you are using an OAuth token that is retrieved using OAuth and not using the Setup app. If you want OAuth to provide you with a token (rather than a code), set
response_type=tokenin the OAuth request.
- Verify that in your request to Clover's REST API, you send the API Token using the
access_tokenquery parameter in your request and not in the
Authorization: Bearerrequest header.