Basic app configuration
Perform a functional review of your app to ensure the following conditions are met.
App must not crash while launching on device
One of the most common approval issues is that the app crashes at launch. There could be a number of reasons why this happens:
Android app is built for a subset of Clover devices
Run and test your Android app on the emulators for all the Clover devices that your app is supported on. When you are submitting your APK on the app’s Settings page, ensure that you select just those Clover devices on which you've tested the app. You can easily test on the emulator for each Clover device.
Make sure you have the right permissions to interact with Clover merchant data. Note that before submitting your APK, you must set the required permissions in the production environment. On your app’s Settings page, set your permissions under Required Permissions.
Make OAuth-authenticated calls to merchant data
Another common issue that developers face is with the authentication flow for making REST API calls. While you can simply generate an API token for testing in sandbox, you can't use them in production.
For production web apps, a complete OAuth flow must be built. This includes ensuring that:
- The base URL is
- Your OAuth flow captures the authorization code for logged on merchants
- Your OAuth flow uses this authorization code to make REST API calls
Android apps must query the Clover web services programmatically. For more information, see the
WebServiceActivity.java Android example.
Only the required permissions are selected
With our REST API, the platform enables you to manage information about Clover merchant businesses. Since this information is sensitive, we require that you request permissions for just those endpoints that are necessary for the functioning of your app.
After you submit your app for approval, we send you a form in which you select your app's permissions and justify why each permission is important for your app. Filling in the form is part of our app approval process.
Ecommerce and PCI DSS certification
Clover strongly recommends that you integrate your app with Ecommerce using a Clover-hosted
iframe tokenizer. The
iframe and API integration securely accepts credit card information which reduces the PCI compliance burden on app developers and Clover merchants. For more information, see Integration types.
Ecommerce and card vaulting
If you are vaulting cards in an Ecommerce app, tie the card to a customer. Your app should make it clear to the customer whether their card is being saved and when it may reused without requiring new manual card entry.
When building your app in production, set your permissions again. The permissions configured in sandbox do not automatically transfer to production.
Updated 2 months ago