Clover uses the industry-standard OAuth 2.0 protocol for authentication. Generating an API token is a key part of the OAuth flow, enabling secure, controlled, and auditable access to Clover APIs. You can use API tokens to:

• Authenticate requests to Clover REST APIs, using the merchant-specific API token as the Bearer token to make calls to the Clover Platform API endpoints. See API Reference > Platform API section.
• Secure communication between your app and the merchant account.
• Allow your app to access and create merchant data, such as payments, orders, and inventory.

Before you begin

1. Understand the difference between OAuth API token and Merchant-level token:

• Merchant-level token—This token is specific to a single merchant and used to authenticate and authorize API requests for that particular merchant. This token is used for direct, persistent access in sandbox testing.
• OAuth API tokens— This expiring_token is obtained through the Clover OAuth flow. It authenticates third-party apps on behalf of a merchant and is required when simulating real-world merchant authorization flows in both sandbox and production environments.

2. Create an Employee with an Admin role: To avoid access conflicts and multi-factor authentication (MFA) issues, it’s recommended to create a dedicated Employee account with Admin privileges. Use this account to generate a merchant-specific token. In this case, you can enable MFA for the Employee account and not the merchant-owner account.

Create an Employee with Admin role

1. Log in to the Global Developer Dashboard.
2. From the left navigation menu, click Test Merchants. The Test Merchants page displays a list of test merchants.
3. From the Actions column, click the Launch Dashboard icon next to a test merchant. The Merchant Dashboard appears.
4. From the left navigation, click Employees. The Employees page appears.
5. Click Add Employee. The New Employee page appears.
6. Create an Employee record for the merchant with the role set as Admin.

7. Click Save. The link to access the new Employee account is sent to the email address you entered.
8. Check your email address to access the account and set your password.
9. Use the new Employee credentials to log in to the test Merchant Dashboard.
10. Complete the steps to create your token, including setting up two-factor authentication (2FA) for the Employee, Admin account.

View and create a merchant-specific API token

1. Log in to the test Merchant Dashboard on the Global Developer Dashboard with the Employee, Admin role.

2. From the top menu, click the Settings icon. The Settings side panel appears.

3. Click View all settings. The Settings page appears.

4. In the Business Operations section, click API tokens. A Welcome to Clover API Tokens pop-up appears.

5. Review the information and click Get Started. The URL wants to Know your Location pop-up appears.

6. Click Allow to let the dashboard access your location. The API Tokens page appears.

   • If you have previously generated an API token, it displays on the page. You can create as many merchant-specific test API tokens as required.
   • If you have not created any API tokens, the Tokens section on the page is blank.

7. Click Create new token. The Create new token pop-up displays app permissions that map to platform API endpoints.
8. Enter a token name.
9. Select checkboxes to set permissions based on the test merchant information you want to manage. API tokens are scoped to grant specific permissions to make sure that apps only have access to the resources they need.

10. Click Create Token. The new token displays in the Tokens section.

11. Expand the Permissions section to view or edit the permissions associated with the API token.

Related topics

• Authenticate with the v2/OAuth flow
• Manage test merchant accounts and information