Authenticate with the v2/OAuth flow
All REST API endpoints require an OAuth-generated access_token
with specific permissions. Use the v2/OAuth flow to create an expiring authentication token, which includes an access_token
and a refresh_token
pair.
Why use OAuth?
OAuth is the industry-standard protocol for online authorization. Due to the sensitivity of merchant data, Clover has implemented the OAuth 2.0 security framework. When a merchant selects and installs your app from the Clover App Market, Clover uses OAuth to secure the communication between your app and the merchant and to grant your app the necessary access to merchant data. Your app may need to access data about Clover merchants, such as their order history or current inventory, using the Clover REST API.
Get started
Understand the v2/OAuth flow
Use the following list of contents to understand the v2/OAuth flow to create expiring authentication tokens:
Generate expiring authentication tokens with the OAuth flow
See the steps on how to generate the `access_token` and `refresh_token` pair. You also need to generate a new refresh token before the current token pair expires: