Clover Platform Docs

Generating a card token

iframe and API integrations

Apps using an iframe and API integration receive and send source tokens that represent encrypted customer card data. Clover uses this token to process secure payments. With a source token and your OAuth token, you can complete your Ecommerce API flows.



See the FAQ for information about using gift cards with the API.

API-only integrations

For API-only integrations, you need a PAKMS key obtained from the PAKMS key endpoint (GET /pakms/apikey) to authorize the tokenization of a card.



Clover reserves the right to disable keys suspected of misuse that violates our terms. If needed, you can request the deactivation of a key by emailing [email protected]

To charge a customer's card using only the API, your app will complete the following flow. The fields mentioned for the various requests are the minimum required for each endpoint. See the API reference for complete information.

  1. Create a key request containing the merchant ID and Clover application ID.
  2. Send the key request to the PAKMS key endpoint (GET /pakms/apikey). Set the authorization: Bearer as your OAuth-generated auth_token. See the PAKMS API reference for more information.



The PAKMS key is unique for each merchant, and these keys do not expire. Because of this, the PAKMS endpoint should be called only once for each merchant when they first configure your app.

Your app should store the returned key for use in each of that merchant's subsequent charge requests. See the PAKMS API reference for more information.

curl --request GET \
  --url '' \
  --header 'accept: application/json' \  
  --header 'authorization: Bearer {auth_token}'

The server returns an apiAccessKey.

  1. Create a token request containing a card object with its required fields (number, exp_month, exp_year, cvv, and brand).
  2. Set the apiAccessKey as the value of the apikey header and send the request to the token endpoint (POST /v1/tokens). See the Tokens API reference for more information.
curl --request POST \
  --url '' \
  --header 'accept: application/json' \
  --header 'apikey: {apikey}' \
  --header 'content-type: application/json' \
  --data '{ "card": { "number": "6011361000006668","exp_month": "12","exp_year": "2021","cvv": "123","brand": "DISCOVER"}}'



Using the iframe and API integration to securely accept credit card information reduces the PCI compliance burden on app developers and on Clover merchants.

For using the API only integration in production, you must have (or use a service that has) a PCI DSS certification.

With a source token, you can create a charge, create and pay for orders, accept tips, and save customer cards for future transactions.

Clover provides several sandbox test cards that can be used when developing your app.

Updated a day ago

Generating a card token

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.