iframe
and API integrations
iframe
and API integrationsApps using an iframe
and API integration receive and send source
tokens that represent encrypted customer card data. Clover uses this token to process secure payments. With a source
token and your OAuth token, you can complete your Ecommerce API flows.
NOTE
See the FAQ for information about using gift cards with the API.
API-only integrations
For API-only integrations, you need a PAKMS key obtained from the PAKMS key endpoint (GET /pakms/apikey
) to authorize the tokenization of a card.
NOTE
Clover reserves the right to disable keys suspected of misuse that violates our terms. If needed, you can request the deactivation of a key by emailing [email protected]
To charge a customer's card using only the API, your app will complete the following flow. The fields mentioned for the various requests are the minimum required for each endpoint. See the API reference for complete information.
- Create a key request containing the merchant ID and Clover application ID.
- Send the key request to the PAKMS key endpoint (
GET /pakms/apikey
). Set theauthorization: Bearer
as your OAuth-generatedauth_token
. See the PAKMS API reference for more information.
NOTE
The PAKMS key is unique for each merchant, and these keys do not expire. Because of this, the PAKMS endpoint should be called only once for each merchant when they first configure your app.
Your app should store the returned key for use in each of that merchant's subsequent charge requests. See the PAKMS API reference for more information.
curl --request GET \
--url 'https://apisandbox.dev.clover.com/pakms/apikey' \
--header 'accept: application/json' \
--header 'authorization: Bearer {auth_token}'
The server returns an apiAccessKey
.
- Create a token request containing a
card
object with its required fields (number
,exp_month
,exp_year
,cvv
, andbrand
). - Set the
apiAccessKey
as the value of theapikey
header and send the request to the token endpoint (POST /v1/tokens
). See the Tokens API reference for more information.
curl --request POST \
--url 'https://token-sandbox.dev.clover.com/v1/tokens' \
--header 'accept: application/json' \
--header 'apikey: {apikey}' \
--header 'content-type: application/json' \
--data '{ "card": { "number": "6011361000006668","exp_month": "12","exp_year": "2021","cvv": "123","brand": "DISCOVER"}}'
WARNING
Using the
iframe
and API integration to securely accept credit card information reduces the PCI compliance burden on app developers and on Clover merchants.For using the API only integration in production, you must have (or use a service that has) a PCI DSS certification.
With a source
token, you can create a charge, create and pay for orders, accept tips, and save customer cards for future transactions.
Clover provides several sandbox test cards that can be used when developing your app.
Updated a day ago