Generate a public API access key or PAKMS key
Overview
The Ecommerce public API access key is required to create a token using the Clover tokenization service. This key is provided by the Public Access Key Management Service (PAKMS) and is also known as the apiAccessKey
. Each PAKMS key is unique to a merchant and does not expire.
IMPORTANT
Clover reserves the right to disable keys suspected of misuse and violation of our terms. If needed, you can send an email to: [email protected]to request the deactivation of the Ecommerce
apiAccessKey
.
Before you begin
Decide whether you are building a single merchant solution, for example, a simple Clover iframe integration to accept online payments or an app integration for multiple merchants or businesses, such as an ecommerce store, to take and manage orders.
- If you are using the tokenization services for a single merchant or to run test scenarios, you only need to generate Ecommerce API tokens (public and private keys).
- If you are using tokenization services to build an app for multiple businesses, you need to generate an OAuth
access_token
andrefresh_token
pair to initiate the OAuth flow. This expiringaccess_token
is used to complete the steps to generate a PAKMS key. You need to send a request to the PAKMS endpoint only once for each merchant. The returned Ecommerce API key is used in each of that merchant’s subsequent card tokenization requests. See Ecommerce - PAKMS API reference for more information.
Generate a PAKMS key for a single merchant solution
- Generate Ecommerce API tokens (public and private keys)
- Use the keys as follows:
- Public key—Use as the Ecommerce public API key or
apiAccessKey
for a card, gift card, or ACH tokenization without the need to generate a separate PAKMS key. In this case, you do not need to follow the steps in this document. - Private key—Set as the Bearer token in the Authorization header to use Ecommerce APIs.
- Public key—Use as the Ecommerce public API key or
Generate a PAKMS key for app-based integrations
Use the following steps to generate a PAKMS key if you are building app-based integrations for multiple merchants that require the expiring access_token
.
- Generate OAuth expiring (access and refresh) token
- Send a GET request to the
https://scl-sandbox.dev.clover.com/pakms/apikey
endpoint. - Set the
authorization: Bearer
as your OAuth-generatedaccess_token
from step 1.

Authorization header: Bearer token
In response, the Clover server returns an apiAccessKey
, which is the public Ecommerce API key or PAKMS key.
Next step
Use the apiAccessKey
as the apikey
header when you tokenize a card. For more information, see Ecommerce tokenization.
Request and Response example—Ecommerce API or PAKMS apiAccessKey
apiAccessKey
curl --request GET \
--url 'https://scl-sandbox.dev.clover.com/pakms/apikey' \
--header 'Authorization: Bearer {access_token}'
{
"active": true,
"apiAccessKey": "af4exxxxxxxxxxxxxxxxxxxxxxxxd145",
"createdTime": 1722230745532,
"developerAppUuid": "RKxxxxxxxxx9C",
"merchantUuid": "6Xxxxxxxxxx91",
"modifiedTime": 1722230745532
}
Related topics
- Ecommerce PAKMS API: Retrieve an Ecommerce API key endpoint.
- Card tokenization service API: Create a card token endpoint.
- Ecommerce API Reference for additional steps to work with charges, customers, orders, refunds, and more.
- Blog: Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys
Updated 10 days ago