Release NotesAnnouncementsVideosCommunityBlog

Ecommerce integration types

United States
Canada

Clover offers different types of Ecommerce integrations to cater to various business needs. Your apps can integrate with the Ecommerce services in different ways, depending on the needs of the app and merchants who use it.

Clover Ecommerce integration types

The Ecommerce integration types from Clover are:

Integration typeDescriptionKey features
Clover-hosted checkout (HCO)Provides a secure and reliable payment flow with minimal developer effort. You can embed the checkout page into an eCommerce site to offer a customized and brand-cohesive shopping experience.- Provides a seamless, PCI-compliant transaction process.
- Includes reCAPTCHA to prevent fraud in card-not-present transactions.
- Offers a branded checkout experience for merchants who want to maintain a consistent brand experience throughout the checkout process.
Clover iframe (inline frame) and API IntegrationProvides a payment form with customizable card and page elements. You can add the Clover-hosted iframe as a single-page component with all required fields or integrate each page element individually based on your app's design.- Provides the simplest form of integration that uses a Clover-hosted iframe tokenizer.
- Allows secure card data entry in the payment form and returns a tokenized card for use with the Clover payment system with a reduced PCI compliance burden.
- Lets you quickly set up an online store with a payment form for card-not-present payments and is ideal for most eCommerce merchants.
- Allows customization of specific elements of the payment page on the secure Clover infrastructure.
Clover API-only integrationInvolves connecting a merchant's eCommerce platform or app to Clover services using Ecommerce API-only integration.- Uses additional services beyond the iframe tokenizer for apps requiring full control over the payment flow.
- Carries a higher PCI compliance burden for developers and merchants. It's important for API-only integration in production to have PCI DSS certification.
- Requires encryption and tokenization of card data using PAKMS and token APIs, along with the Ecommerce API for charges and customer data.
- Allows you to programmatically access Clover services such as processing payments, managing inventory, and retrieving transaction data.
- Requires more development effort but provides flexibility and scalability with customization options and advanced features.

Payment flows and Ecommerce integration use cases

iframe and API integration

PCI burden on developers & merchants:** LOW

The iframe tokenizer lets customers provide card data securely to the Clover servers. A source, which is an encrypted card token, is provided to your app after the card is encrypted and tokenized for use with the Clover payment system. This gives your app the benefit of reduced PCI compliance burden, as well as speeding up the integration and coding process by using a pre-built component. Clover keeps the tokenizer up to date with any future API changes, so your app requires less maintenance.

Use case

Most eCommerce merchants require an app built with this type of integration. It provides the greatest business benefit and the lowest security risk for card-not-present payments through a third-party Clover app. For instance, a Clover merchant running a small retail store wants to set up an online store to expand their customer base. You can quickly build the payment aspect of the online store with an iframe and API integration.

2025

iframe and API request flow

Request flow (iframe and API)

The fields in this example request are the minimum required for each endpoint. See the Ecommerce service API for complete information.

To charge a customer's card using the iframe and API, your app completes the following flow:

  1. Direct the user to the iframe in a manner consistent with your app's user flow.
  2. Let the user enter and submit their card information. The Clover server returns the tokenized card as a source.
  3. Create a charge request with the source and a specific amount in cents.
  4. Send the charge request to the create a charge endpoint (POST /v1/charges). The card is charged for the specified amount.

API-only integration

Use Clover Ecommerce APIs for custom integrations tailored to your specific requirements. Integrate with additional services for apps requiring complete control over the payment flow.

PCI burden on developers & merchants:** HIGH

For an API-only integration, you must use the PAKMS and token APIs in addition to the SCL API, which provides access to charges and customer data. These APIs provide operations for your app to retrieve an encryption key and use that key to encrypt and tokenize card data.

2473

API only request flow

Request flow (API only)

The fields in this example request are the minimum required for each endpoint. See the Ecommerce service API for complete information.

📘

NOTE

The PAKMS key is unique for each merchant, and these keys do not expire. The PAKMS endpoint should be called only once for each merchant when they first configure your app. Your app should store the returned key for use in each of that merchant's subsequent charge requests. See the Ecommerce - PAKMS Service API reference for more information.

Your app needs to complete the following flow to charge a customer's card using only the Ecommerce API:

  1. Create an API key request containing the merchant ID merchantId and Clover App ID.
  2. Send the API key request to the PAKMS key endpoint (GET /pakms/apikey).
  3. Set the authorization: Bearer as your OAuth-generated auth_token. For more information, see Authenticate with OAuth—Canada and US.
curl --request GET \
  --url 'https://apisandbox.dev.clover.com/pakms/apikey' \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {auth_token}'

The server returns an apiAccessKey.

  1. Create a card token request with a card object and its required fields: number, exp_month, exp_year, cvv, and brand.
  2. Set the apiAccessKey as the value of the apikey header and send the request to the token endpoint: POST /v1/tokens.
curl --request POST \
  --url 'https://token-sandbox.dev.clover.com/v1/tokens' \
  --header 'accept: application/json' \
  --header 'apikey: {apiAccesssKey}' \
  --header 'content-type: application/json' \
  --data '{ "card": { "number": "6011361000006668","exp_month": "12","exp_year": "2021","cvv": "123","brand": "DISCOVER"}}'

The Clover server returns the tokenized card as a source. All source tokens are alphanumeric and begin with clv_.

  1. Create a charge request with the source and a specific amount in cents.
  2. Send the charge request to the create a charge endpoint (POST /v1/charges). The card is charged for the specified amount.

Related topics

  • Generate a card token for more information about encrypting card data and then tokenizing the encrypted data.
  • Create a card token endpoint in the Ecommerce API to create a single-use token to make a payment.

Updated 2 days ago