Here's how you go about building Clover REST APIs:
- Use the Clover OAuth 2.0 flow
- Use the Clover REST API best practices
- Use webhooks to receive and handle notifications about changes in merchant data
- Manage orders and learn to calculate taxes with these examples
- Build solutions for accepting payments with Ecommerce API.
Create a Sandbox developer account. This creates a developer account for you, as well as a test merchant account.
We’ve created a sample inventory file that will help you get started with your test merchant. Use the dashboard inventory app to import this file.
Clover web apps offer a seamless experience and enable merchants to connect services through a central hub. You can build a browser-based integration that uses our REST API utilizing OAuth to create a secure connection to your website. You can redirect a merchant from the Clover dashboard to your website URL.
You can create an alternate integration path for scenarios where a native, on-device experience may not be appropriate. Clover developers have used our OAuth protocol for reporting, analytics, ecommerce integrations, etc.
The following web development guidelines are designed to help you produce high-quality apps with a smooth development and launch process. These foundations can help your apps provide the kind of excellent merchant experiences that attract and keep loyal subscribers.
- Don't check app tokens into your source code online.
- Don't prompt users to enter sensitive cardholder data, such as card numbers and expiration dates, except as part of Clover’s payments SDK (this means that third-party Clover Apps are not payment apps as the term is defined in the PCI PA DSS).
We also recommend that you familiarize yourself with basic web security principles. The Open Web Application Security Project (OWASP) offers several resources that will help you get started:
- Because the Clover API allows access to a database, you will need to follow the security standards for database access.
- Web applications should access the Clover API using server-to-server requests when possible.
- You must securely store any data that your own services cache.
- Customer and employee-facing apps must prevent unauthorized users from accessing privileged data, including the Clover credentials your app uses.
- Use secure logins and session tracking if needed.
- Server logic should prevent unauthorized access to data by injection attacks.
- Any data passed to the client in any format should be considered vulnerable.
- Make it easy for merchants to login. The URL for your web app should launch the login flow, not navigate to the general home page for your business.
- Include your Web URL prior to submission and test it with an example OAuth request.
Updated 12 days ago