Basic app configuration

United States
Canada
Europe
Latin America

Perform a functional review of your app for basic configuration.

Functional review: Basic app configuration

Functional review: Basic app configuration

📘

NOTE

When you build your app in production for approval, remember to set the app permissions again. The permissions configured in sandbox do not automatically transfer to production.

Check app launch and operability on the Clover device

One of the most common approval issues is that the app crashes at launch or produces exceptions or crashes. To make sure your app successfully launches on the Clover device:

CriteriaDescription
Build the Android app for a subset of Clover devices1. When you test your Android app on the emulators, run tests for all the Clover devices that support your app.
2. When you submit your APK in the production Developer Dashboard, select only the Clover devices on which you've tested the app. See how to select a Clover device for an Android app.
Set the required app permissionsMake sure you have the right permissions to interact with Clover merchant data. Before you submit your APK, you must set the required permissions in the production Developer Dashboard.
Check app usage of Clover APIsYour app must sync with Clover data and retrieve data from endpoints as expected. For example:
- The app has Employee Read permission to list employees so the merchant can assign them to tables. But if the employee list is not populated on the app, the app is inoperable.
- The app has Customer Write permission to let customers sign up for the merchant’s newsletters. But if the app does not save new customers to the merchant, the app is inoperable.

Use the REST API

CriteriaDescription
Make OAuth-authenticated calls to merchant dataYour app needs to have an authentication flow for making REST API calls. While you can generate an API token for testing in the sandbox, you can't use this token in production. For production web apps, you need to build a complete OAuth flow that:
- Uses the correct production URL.
- Captures the access token for logged-on merchants through the OAuth flow.
- Makes REST API calls with the access token.

See Authenticate with OAuth—Canada and US for more information. Apps developed in Europe and Latin America should follow the non-expiring token OAuth flow.
Query the Clover web services for Android appsYour android app must query the Clover web services programmatically. For more information, see the WebServiceActivity.java Android example.

Use the Ecommerce API

CriteriaDescription
Request only required permissions for your appClover lets you manage information about Clover merchant businesses. Since this information is sensitive, we require that you request permissions for only the endpoints that are necessary for the functioning of your app.

After you submit your app for approval, Clover sends you a form to select your app's permissions and justify why each permission is important for your app. Completing the form is part of our app approval process.
Ensure PCI DSS compliance with your Ecommerce appClover recommends that you integrate your app with Ecommerce using a Clover-hosted iframe tokenizer. The iframe and API integration securely accept credit card information, which reduces the Payment Card Industry Data Security Standard (PCI DSS) compliance burden on app developers and Clover merchants. For more information, see Integration types.
Vault cards associated with customer recordsIf you are vaulting cards in an Ecommerce app, make sure the card information is associated with a customer record. Your app must make it clear to the customer that their card is being saved, and it may reused for transactions without requiring a manual card entry. Card data sent with the Clover-hosted iframe or to the v1/tokens endpoint returns a token that can be used for subsequent transactions.