Clover uses the OAuth 2.0 security framework for online authorization. We’ve now rolled out support for expiring access tokens as part of the v2/OAuth flow across all regions.

What are expiring access tokens?

Expiring access tokens are short-lived credentials used to authenticate with Clover APIs. They are part of the v2/OAuth flow, which replaces the legacy OAuth implementation. These tokens enhance application and data security. Since they expire, your apps must be able to manage and refresh tokens to maintain uninterrupted access to Clover APIs.

Recommendations for developers

Europe and Latin America— If you have existing apps for merchants in Europe or Latin America, you need to start migrating them to the v2/OAuth flow. All new apps must use expiring tokens.
Migration deadline: December 31, 2025.

North America—All new and existing apps for merchants in North America were required to start using the v2/OAuth flow by March 31, 2025. Apps in the US and Canada that do not use expiring tokens may experience service disruptions.

Learn more

See the following information to learn more about the Clover v2/OAuth flow, including authentication for high-trust and low-trust apps, generating and regenerating expiring authentication tokens, and migrating legacy OAuth tokens to v2/OAuth expiring tokens:

• Clover OAuth flow overview
• Authenticate with the v2/OAuth flow

Contact us

If your app is no longer supported or if you no longer plan to make updates to your app based on our platform changes, send an email to Developer Relations (DevRel) at [email protected].