Overview

The Ecommerce public API access key is required to create a token using the Clover tokenization service. This key is provided by the Public Access Key Management Service (PAKMS) and is also known as the apiAccessKey. Each PAKMS key is unique to a merchant and does not expire.

🚧

IMPORTANT

Clover reserves the right to disable keys suspected of misuse and violation of our terms. If needed, you can send an email to: [email protected]to request the deactivation of the Ecommerce apiAccessKey.

Before you begin

Decide whether you are building a single merchant solution, for example, a simple Clover iframe integration to accept online payments or an app integration for multiple merchants or businesses, such as an ecommerce store, to take and manage orders.

• If you are using the tokenization services for a single merchant or to run test scenarios, you only need to generate Ecommerce API tokens (public and private keys).
• If you are using tokenization services to build an app for multiple businesses, you need to generate an OAuth access_token and refresh_token pair to initiate the OAuth flow. This expiring access_token is used to complete the steps to generate a PAKMS key. You need to send a request to the PAKMS endpoint only once for each merchant. The returned Ecommerce API key is used in each of that merchant’s subsequent card tokenization requests. See Ecommerce - PAKMS API reference for more information.

Generate a PAKMS key for a single merchant solution

1. Generate Ecommerce API tokens (public and private keys)
2. Use the keys as follows:
   1. Public key—Use as the Ecommerce public API key or apiAccessKey for a card, gift card, or ACH tokenization without the need to generate a separate PAKMS key. In this case, you do not need to follow the steps in this document.
   2. Private key—Set as the Bearer token in the Authorization header to use Ecommerce APIs.

Generate a PAKMS key for app-based integrations

Use the following steps to generate a PAKMS key if you are building app-based integrations for multiple merchants that require the expiring access_token.

1. Generate OAuth expiring (access and refresh) token
2. Send a GET request to the https://scl-sandbox.dev.clover.com/pakms/apikey endpoint.
3. Set the authorization: Bearer as your OAuth-generated access_token from step 1.

In response, the Clover server returns an apiAccessKey, which is the public Ecommerce API key or PAKMS key.

Next step

Use the apiAccessKey as the apikey header when you tokenize a card. For more information, see Ecommerce tokenization.

Request and Response example—Ecommerce API or PAKMS apiAccessKey

curl --request GET \
--url 'https://scl-sandbox.dev.clover.com/pakms/apikey' \
--header 'Authorization: Bearer {access_token}'

{
  "active": true,
  "apiAccessKey": "af4exxxxxxxxxxxxxxxxxxxxxxxxd145",
  "createdTime": 1722230745532,
  "developerAppUuid": "RKxxxxxxxxx9C",
  "merchantUuid": "6Xxxxxxxxxx91",
  "modifiedTime": 1722230745532
}

Related topics

• Ecommerce PAKMS API: Retrieve an Ecommerce API key endpoint.
• Card tokenization service API: Create a card token endpoint.
• Ecommerce API Reference for additional steps to work with charges, customers, orders, refunds, and more.
• Blog: Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys