Platform Docs

Setting your App URL

Register your Web App's URL

For web-based applications, Clover uses OAuth 2.0. This provides you with a mechanism to get an API token for a particular merchant.

If you are building an Android app for Clover devices which is simply a web view, you can get an access token from the Clover SDK. Please note important changes to Android SDK auth token generation.

If you are building an Android app that will run on non-Clover devices, see this Android OAuth example.

In order to use OAuth, you need to configure your app's Site URL and CORS Domain under Settings > Web Configuration from the Developer Dashboard.

Site URL

This URL is where merchants will be redirected after both installing your app and launching it from the merchant dashboard. It will also be where merchants land after you redirect to /oauth/authorize and the merchant authenticates by logging in and/or selecting their merchant account as needed. You can override the post-authorization landing page by supplying a redirect_uri in your request to /oauth/authorize.

NOTE

A redirect_uri passed to /oauth/authorize must be a subpath of the selected Site URL. For example, if you specify a Site URL ofhttps://www.example.com/myapp, then in your OAuth request a redirect_uri of https://www.example.com/myapp/setup is valid, but https://example.com/setup is not valid.

CORS Domain

Clover implements cross-origin resource sharing (CORS), which enables you to:

  • Build pure HTML/JavaScript-based client applications without an app server to intermediate between your browser and the Clover server, and then
  • Make requests from your client-side app to Clover's REST API using XmlHttpRequests or AJAX requests

IMPORTANT

Clover's REST API does not support JSON with Padding (JSONP).

On the Developer Dashboard, enter your application domain such as https://www.example.com (or http://localhost:8000 for testing). The access token provided by the OAuth flow can be used for cross-domain requests as long as they originate from this domain.

Troubleshooting CORS

If you are experiencing difficulties:

  • Verify that you have specified the Site URL and CORS Domain for your app in the Developer Dashboard.
  • Verify that you are using an OAuth token that is retrieved using OAuth and not using the Setup app. If you want OAuth to provide you with a token (rather than a code), set response_type=token in the OAuth request.
  • Verify that in your request to Clover's REST API, you send the API Token using the access_token query parameter in your request and not in the Authorization: Bearer request header.