You need an OAuth API token to secure the communication between your app and the merchant, and then to give your app the required permissions to access the merchant's data. For more information, see OAuth flows in Clover.

🚧

IMPORTANT

Be sure to use an API token—not a Merchant token—to make REST Pay Display requests. Using a Merchant token returns an error response.

Prerequisites

Before you can get an OAuth token, you need to complete the following tasks:

1. Choose your region:

• North America—United States and Canada: Create a single developer account and access both the sandbox and production environments on the Global Developer Dashboard. See Get started with the global developer platform.
• Europe and Latin America: Create separate developer accounts on the sandbox environment and the region-based production environments.

2. Create an app.
3. Install your app to your test merchant.

Sandbox versus production environment

In sandbox, you can complete this flow using a basic REST client like Postman. For further instructions, see Using Postman with REST Pay Display API

In production, your application server needs to handle the merchant user, who is redirected from Clover to your server, once they connect to your app.

To build the OAuth flow for apps on the Clover App Market, in production environments, replace https://sandbox.dev.clover.com/ with the relevant regional base URL in your requests:

• United States (US) and Canada: https://www.clover.com/
• Europe: https://eu.clover.com/

Key OAuth concepts

Client ID

Your client_id is the App ID value in your app's App Settings page on the developer dashboard. The client ID:

• Uniquely identifies your app on the Clover App Market.
• Confirms that your app is participating in the OAuth 2.0 flow.

Client secret

Your client secret is the App Secret value on your app's App Settings page. This identifier (ID) is a secret key that Clover assigns to your app. Together, the client ID and client secret authenticate the identity of your app with the Clover server.

🚧

IMPORTANT

Do not share the client secret key publicly.

Authorization code

A merchant is redirected to your app along with an authorization code. With this code, the Clover server confirms that your request for merchant data is authorized by the merchant. You can use this code to further negotiate with the Clover server for an API token.

API token

Your app uses the authorization code, client ID, and client secret to negotiate with the Clover server for an API token. With the API token, your app can make REST Pay API calls and access merchant data.

Get the API token

📘

NOTE

To learn more, see our blog post Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys.

1. Log in to your Developer Dashboard.
2. Navigate to the Merchant Dashboard for your test merchant.
3. From the left navigation menu, select your test application. Clover redirects to your application.
4. If you have not yet coded your application server to handle the redirect and obtain an access token, note the client_id and the code in the URL.

5. Send an API token GET request in the following URL format to the Clover /oauth/token server, passing the client_id, your client_secret, and code:

https://sandbox.dev.clover.com/oauth/token?client_id={appId}&client_secret={APP_SECRET}&code={AUTHORIZATION_CODE}

The response displays your API access token.

{
   "access_token":"{API_TOKEN}"
}