To authenticate your app with a merchant’s Clover account, you’ll need an OAuth API token. This token is generated through the Clover OAuth 2.0 flow and provides temporary, scoped access to REST Pay Display APIs based on the permissions granted by the merchant. It’s essential for securely accessing merchant data and simulating real-world authorization scenarios during development and testing.

🚧

IMPORTANT

Use an API token—not a Merchant token—to make REST Pay Display requests. Using a Merchant token returns an error response.

Prerequisites

To get an OAuth token, complete the following:

1. Create a single developer account and access both the sandbox and production environments on the Global Developer Dashboard. See Get started with the global developer platform.
2. Create a semi-integrated app.
3. Install your app on your test merchant.

Authenticate with the OAuth flow

All REST Pay Display API endpoints require an OAuth-generated access_token with specific permissions. Use the v2/OAuth flow to create an expiring authentication token, which includes an access_token and a refresh_token pair. For details and procedures, see Authenticate with the v2/OAuth flow.

Sandbox versus production environment

In the sandbox, you can complete this flow using a basic REST client like Postman. For instructions, see Use Postman with the REST Pay Display API.

In production, your app server needs to handle the merchant user, who is redirected from Clover to your server, once they connect to your app. To build the OAuth flow for apps in production environments, replace https://sandbox.dev.clover.com/ with the relevant regional base URL in your requests:

• United States (US) and Canada: https://www.clover.com/
• Europe: https://eu.clover.com/
• Latin America: https://la.clover.com/

Related topics

• OAuth flows in Clover
• Generate OAuth expiring (access and refresh) token