Authenticate with the v2/OAuth flow

North America
Europe
Latin America

All REST API endpoints require an OAuth-generated access_token with specific permissions. Use the v2/OAuth flow to create an expiring authentication token, which includes an access_token and a refresh_token pair.


Why use OAuth?

OAuth is the industry-standard protocol for online authorization. Due to the sensitivity of merchant data, Clover has implemented the OAuth 2.0 security framework. When a merchant selects and installs your app from the Clover App Market, Clover uses OAuth to secure the communication between your app and the merchant and to grant your app the necessary access to merchant data. Your app may need to access data about Clover merchants, such as their order history or current inventory, using the Clover REST API.


Get started

Understand the v2/OAuth flow

Use the following list of contents to understand the v2/OAuth flow to create expiring authentication tokens:

Generate expiring authentication tokens with the OAuth flow

See the steps on how to generate the `access_token` and `refresh_token` pair. You also need to generate a new refresh token before the current token pair expires:

Sandbox and production environment URLs

Clover sandbox and production environments use different URLs. The following table lists which URL to use for OAuth requests in each environment.

Request pathSandbox URLProduction URL (North America)
/oauth/v2/authorizeapisandbox.dev.clover.comwww.clover.com
/oauth/v2/tokenapisandbox.dev.clover.comapi.clover.com
/oauth/v2/refreshapisandbox.dev.clover.comapi.clover.com
/oauth/token/migrate_v2apisandbox.dev.clover.comapi.clover.com

Watch video: Clover v2/OAuth expiring tokens

Watch Learn

In this video, learn:

  • What are expiring tokens.
  • How to generate access and refresh tokens.
  • How to migrate an existing app to use expiring tokens.
  • How to start the OAuth flow from the Merchant Dashboard left navigation app link.

View or download: Clover expiring tokens slides


Related topics