Update—Expiring access tokens required in US and Canada

Expiring access (authentication) tokens are available for apps in the United States (US) and Canada. Use these short-lived, expiring access tokens to:

• Authenticate with Clover APIs
• Improve the security of your applications and merchants’ data

Since expiring tokens are short-lived, your applications must manage the expiring access tokens and create refresh tokens to maintain continuous access to the APIs.

❗️

IMPORTANT | Expiring tokens mandate will be enforced March 31, 2025

In Q4 2023 we announced that by August 1, 2024 it would be mandatory for all new and existing apps in the US and Canada to use the Clover v2 OAuth flow. Most apps now meet this requirement.

By March 31, 2025, all new and existing apps in the US and Canada must use the Clover v2 OAuth flow. Existing apps in the US and Canada that do not use the short-lived, expiring access tokens to Authenticate with Clover APIs may experience service disruptions.

📧

Contact us

If your app is no longer supported or if you no longer plan to make updates to your app based on our platform changes, please reach out to Developer Relations at [email protected].

Apps in the United States or Canada

• New applications—Clover requires that new apps use expiring access and refresh tokens.
• Existing (legacy) applications—If you have Clover apps, start migrating your apps to use expiring access and refresh tokens.

For both new and existing apps, roll out the expiring access tokens as you deem fit—for example, all at once or by using feature flags or gradual rollouts. See Authenticate with OAuth—Canada and US for more information.

Apps in Latin America or Europe

If you create apps in Latin America or Europe, continue to create and use API tokens as you do now. See Use OAuth—Europe and Latin America for more information.