A developer can use a merchant API token to quickly get started and explore our REST API without having to build an app that fully integrates with our OAuth flow. Merchant API tokens should be used only for testing and development. There are significant limitations that make these tokens only appropriate for testing such as lower rate limits, regular token expiration, and lack of support for CORs. If you have a production Clover web app, you are required to use OAuth to generate API tokens to use our REST API. As part of our OAuth flow, you will need to provide your App Secret to generate an OAuth API token.