All REST API endpoints require an OAuth-generated access_token with specific permissions. Use the v2/OAuth flow to create an expiring authentication token, which includes an access_token and a refresh_token pair.

---

Why use OAuth?

OAuth is the industry-standard protocol for online authorization. Due to the sensitivity of merchant data, Clover has implemented the OAuth 2.0 security framework. When a merchant selects and installs your app from the Clover App Market, Clover uses OAuth to secure the communication between your app and the merchant and to grant your app the necessary access to merchant data. Your app may need to access data about Clover merchants, such as their order history or current inventory, using the Clover REST API.

---

Get started

Sandbox and production environment URLs

Clover sandbox and production environments use different URLs. The following table lists which URL to use for OAuth requests in each environment.

---

Watch video: Clover v2/OAuth expiring tokens

---

Related topics

• Authenticate with v2/OAuth flow
• Blog: Expiring OAuth Tokens: Securing Clover Merchant Data
• Blog: Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys