Ecommerce app permissions for endpoints and integrations

North America—United States and Canada

Permissions for your apps are two-fold:

  1. Permissions set on the Developer Dashboard based on the Ecommerce integration types.
  2. Permissions your app must request from merchants to access and update their data. Merchants grant your app permissions during app installation. Your app uses the associated OAuth token for all API calls on behalf of the merchant. For more information, see Authenticate with v2/OAuth flow.

Your app should only request the minimum permissions required for your app to function.

Set app permissions and integration type

You can view and configure the settings and permissions that your app requires for accessing Clover merchant data.

  1. Log in to the Global Developer Dashboard.
  2. Click the Sandbox toggle icon to go to either the sandbox or the production environment.
  3. In the My Apps section, click an app. The App name - App Settings page appears.
  4. Click Requested Permissions. The Edit Requested Permission page appears.
  5. Select your app's read or write permissions for Ecommerce API, as required. For any selected permission, provide an in-line comment about how your app is using this information.
  6. Click Save. Your selected permissions are displayed on the App Settings page.
  7. Click Ecommerce Settings. The Edit Ecommerce Settings page appears.
  8. Select your integration type.
  9. Click Save. Your selected integration type displays on the App Settings page.

Required app permissions to use Ecommerce APIs

Required permissions to use various Ecommerce endpoints are:

PAKMS service endpoint

OperationRequestEndpointRequired permission
Get a public Ecommerce API keyGET /pakms/apikeyOnline payments

Tokenization service endpoint

OperationRequestEndpointRequired permissions
Create a tokenPOST/v1/tokensNone. You need an Ecommerce API key.

Ecommerce service endpoints

Charge endpoints

OperationRequestEndpointRequired permissions
Create a chargePOST/v1/chargesOnline payments
Capture an open chargePOST/v1/charges/{chargeId}/captureRead payments
Write payments
Online payments
Get chargesGET /v1/chargesRead payments
Get a single chargeGET /v1/charges/{chargeId}Read payments

Customer endpoints

OperationRequestEndpointRequired permissions
Create a card-on-file (COF) customerPOST/v1/customersRead customers
Write customers
Online payments
Add a card to an existing customerPUT/v1/customersRead customers
Write customers
Online payments
Remove a card from an existing customerDELETE /v1/customersRead customers
Write customers
Online payments

Order endpoints

OperationRequestEndpointRequired permissions
Create an orderPOST /v1/ordersRead merchant
Read orders
Write orders

To add a customer: Read customers
To add tax_rates to items: Read inventory
Get ordersGET /v1/ordersRead orders
Read payments
Get an orderGET/v1/orders/{orderId}Read customers
Read merchant
Read orders
Read payments

Note: GET request expands the following fields:

- lineItems

- lineItems.taxRates

- payments

- refunds

- customers
Pay for an orderPOST/v1/orders/{orderId}/payRead customers
Read inventory
Read merchant
Read orders
Read payments
Online payments
Return an orderPOST/v1/orders/{orderId}/returnsRead customers
Read merchant
Read orders
Read payments
Online payments

Refund endpoints

OperationRequestEndpointRequired permissions
Get refundsGET/v1/refundsRead payments
Get a refundGET/v1/refunds/{refundId}Read payments
Refund a chargePOST /v1/refundsRead customers
Read merchant
Read orders
Read payments
Online payments

Recurring Payments service endpoints

Plan endpoints

OperationRequestEndpointRequired permissions
Create planPOST/v1/plansRead merchant
Write merchant
Get a planGET/v1/plans/{planId}Read merchant
Edit a planPUT/v1/plans/{planId}Read merchant
Write merchant
Deactivate a plan PUT/v1/plans/{planId}Read merchant
Write merchant

Subscription endpoints

OperationRequestEndpointRequired permissions
Create a subscriptionPOST/v1/plans/{planId}/subscriptionsRead customers
Write customers
Get a subscriptionGET/v1/subscriptions/{subscriptionId}Read merchant
Read customers
Edit a subscriptionPUT/v1/subscriptions/{subscriptionId}Read customers
Write customers
Cancel a subscriptionPUT/v1/subscriptions/{subscriptionId}Read customers
Write customers
Read merchants

Examples—Ecommerce permission sets for integrations and functions

Your app requires a specific set of permissions depending on its functions. The following examples indicate the different permissions needed for different integration types.

Example #1: Clover iframe integration with no order or customer management

A simple app can build an online store for a merchant and process payments in this store. The app can not track customer or order data though this is available on the Merchant Dashboard.

Two permissions are required for this app:

  • Online payments
  • Read payments
868

Edit Requested Permissions: Payments

Example #2: Clover iframe integration with basic order management

A slightly more complex app can build an online store for a merchant and process payments in this store. This app can also display some basic order information to the merchant and provide order modification tools. The merchant is required to log on to the Dashboard to view or make changes to customer data.

Four permissions are required for this app:

  • Online payments
  • Read payments
  • Read orders and write orders
872

Edit Requested Permissions: Orders and Payments

Example #3: Clover Ecommerce API integration with payment, order, and customer management features

A complex app can build a complete online store for customers with business management features for the merchant.

Eight permissions are required for this app:

  • Online payments
  • Read payments and write payments
  • Read orders and write orders
  • Read customers and write customers
  • Read inventory
869

Edit Requested Permissions: Customers, Inventory, Orders, and Payments


Related topics