API keys and OAuth tokens for secure ecommerce
North America—United States and Canada
Before you begin
Learn about the keys and tokens needed for different Ecommerce integrations and functions:
| Merchant-level Ecommerce API tokens | OAuth tokens to build apps |
|---|---|
| Merchant-level tokens are specific to a single merchant and are used to authenticate and authorize API requests for that particular merchant. They include: - Public key—Used as the Ecommerce API key or apiAccessKey for tokenizing cards, gift cards, or ACH transactions.- Private key—Used as the Bearer token in the Authorization header for making secure Ecommerce API requests. | OAuth tokens authenticate users and maintain sessions securely. These tokens are used when building apps for merchants with multiple businesses. Clover OAuth expiring tokens include an access_token and refresh_token pair:- Access token—Used to authenticate Ecommerce API requests. It has a limited lifespan and needs to be refreshed periodically. - Refresh token—Used to generate a new access token without requiring the user to re-authenticate. This helps maintain continuous access without interruptions. |
Get started
Generate Ecommerce API public and private tokens
Use to authenticate API requests for a single merchant solution and for test scenarios. These keys are also used to integrate online payments with your ecommerce website.
Generate an OAuth expiring `access_token`
Use this token to build an ecommerce app for multiple businesses that need to authenticate users and maintain sessions securely.
Generate a public API access key or PAKMS key
Use the PAKMS key to identify the merchant who is using the ecommerce tokenization service.
Updated 5 days ago