Overview

To secure communication between your app and the merchant, you need an OAuth token, also known as the access_token. The access_token is required to:

• Complete the Ecommerce API authorization flow that grants your app the necessary permissions to access the merchant's data.
• Generate an Ecommerce API key (apiAccessKey), also known as the PAKMS key, using the Ecommerce - PAKMS Service API. This key identifies the merchant tokenizing customers' cards and can be used to tokenize multiple cards for that merchant.

Get started

Clover OAuth flows—Legacy OAuth and v2/OAuth

All Ecommerce API endpoints require an OAuth-generated expiring token with specific permissions. Clover apps must use expiring OAuth tokens generated through the v2/OAuth flow. Note the following:

• Recent applications—Apps created after October 2023 use the v2/OAuth flow to generate expiring tokens (access_token and refresh_token pair).
• Legacy applications—Apps created before October 2023 used the legacy OAuth flow to generate an auth_token and must migrate to using expiring tokens (access_token and refresh_token pair) for uninterrupted app functionality. For information on the legacy OAuth flow, see Generate OAuth token with the legacy OAuth flow .

Watch video: Clover OAuth expiring tokens

Related topics

• Blog: Expiring OAuth Tokens: Securing Clover Merchant Data
• Blog: Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys