Platform Docs

Integration types

Apps can integrate with the Ecommerce services in different ways, depending on the needs of the application and merchants who will use it.

The simplest integrations rely on a Clover-hosted iframe tokenizer, a component provided to make Ecommerce app development as easy as possible. See the iframe and API section for more information.

For applications requiring complete control over the payment flow, you'll integrate with additional services. See the API only section for more information.

🚧

IMPORTANT

Using the iframe and API integration to securely accept credit card information reduces the PCI compliance burden on app developers and on Clover merchants.

For using the API only integration in production, you must have (or use a service that has) a PCI DSS certification.

iframe and API

PCI burden on developers & merchants: LOW

The iframe tokenizer is an embeddable, customizable component you can add to your application. It allows users to securely provide card data to the Clover servers.

A source (an encrypted card token) is provided to your application after the card has been encrypted and tokenized for use with the Clover payment system. This gives your app the benefit of reduced PCI compliance burden, as well as speeding up the integration and coding process by using a pre-built component. Further, Clover will keep the tokenizer up to date with any future API changes so your app will require less maintenance.

Use cases

Most Ecommerce merchants require an application built with this type of integration. It provides the greatest business benefit and the lowest security risk for card-not-present payments through a third-party Clover app.

Imagine a Clover merchant running a small retail store wants to set up an online store and expand their customer base. The payments aspect of the online store can be quickly built with an iframe and API integration.

iframe and API request flow

Request flow (iframe and API)

To charge a customer's card using the iframe and API, your app will complete the following flow. The fields mentioned for the various requests are the minimum required for each endpoint. See the API reference for complete information.

  1. Direct the user to the iframe in a manner consistent with your application's user flow.
  2. Wait for the user to enter and submit their card information.
    The server returns the tokenized card as a source.
  3. Create a charge request with the source and a specific amount in cents.
  4. Send the charge request to the SCL charge endpoint (POST /v1/charges).
    The card is charged for the specified amount.

API only

PCI burden on developers & merchants: HIGH

For an API only integration, you must use the PAKMS and token APIs in addition to the SCL API (which provides access to charges and customer data). These APIs provide operations for your app to retrieve an encryption key and use that key to encrypt and tokenize card data.

API only request flow

Request flow (API only)

To charge a customer's card using only the API, your app will complete the following flow. The fields mentioned for the various requests are the minimum required for each endpoint. See the API reference for complete information.

  1. Create a key request containing the merchant ID and Clover application ID.
  2. Send the key request to the PAKMS key endpoint (GET /pakms/apikey). Set the authorization: Bearer as your OAuth-generated auth_token. See the PAKMS API reference for more information.
curl --request GET \
  --url https://apisandbox.dev.clover.com/pakms/apikey \
  --header 'accept: application/json' \  
  --header 'authorization: Bearer {auth_token}'

The server returns an apiAccessKey.

  1. Create a token request containing a card object with its required fields (number, exp_month, exp_year, cvv, and brand).
  2. Set the apiAccessKey as the value of the apikey header and send the request to the token endpoint (POST /v1/tokens). See the Tokens API reference for more information.
curl --request POST \
  --url https://token-sandbox.dev.clover.com/v1/tokens \
  --header 'accept: application/json' \
  --header 'apikey: {apikey}' \
  --header 'content-type: application/json' \
  --data '{ "card": { "number": "6011361000006668","exp_month": "12","exp_year": "2021","cvv": "123","brand": "DISCOVER"}}'

The server returns the tokenized card as a source.

  1. Create a charge request with the source and a specific amount in cents.
  2. Send the charge request to the SCL charge endpoint (POST /v1/charges).
    The card is charged for the specified amount.

Updated 27 days ago


Integration types


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.