Ecommerce integration types
Clover offers different types of Ecommerce integrations to cater to various business needs. Your apps can integrate with the Ecommerce services in different ways, depending on the needs of the app and merchants who use it.
Clover Ecommerce integration types
The Ecommerce integration types from Clover are:
Integration type | Description | Key features |
---|---|---|
Clover-hosted checkout (HCO) | Provides a secure and reliable payment flow with minimal developer effort. You can embed the checkout page into an eCommerce site to offer a customized and brand-cohesive shopping experience. | - Provides a seamless, PCI-compliant transaction process. - Includes reCAPTCHA to prevent fraud in card-not-present transactions. - Offers a branded checkout experience for merchants who want to maintain a consistent brand experience throughout the checkout process. |
Clover iframe (inline frame) and API Integration | Provides a payment form with customizable card and page elements. You can add the Clover-hosted iframe as a single-page component with all required fields or integrate each page element individually based on your app's design. | - Provides the simplest form of integration that uses a Clover-hosted iframe tokenizer. - Allows secure card data entry in the payment form and returns a tokenized card for use with the Clover payment system with a reduced PCI compliance burden. - Lets you quickly set up an online store with a payment form for card-not-present payments and is ideal for most eCommerce merchants. - Allows customization of specific elements of the payment page on the secure Clover infrastructure. |
Clover API-only integration | Involves connecting a merchant's eCommerce platform or app to Clover services using Ecommerce API-only integration. | - Uses additional services beyond the iframe tokenizer for apps requiring full control over the payment flow. - Carries a higher PCI compliance burden for developers and merchants. It's important for API-only integration in production to have PCI DSS certification. - Requires encryption and tokenization of card data using PAKMS and token APIs, along with the Ecommerce API for charges and customer data. - Allows you to programmatically access Clover services such as processing payments, managing inventory, and retrieving transaction data. - Requires more development effort but provides flexibility and scalability with customization options and advanced features. |
Payment flows and Ecommerce integration use cases
iframe and API integration
PCI burden on developers & merchants:** LOW
The iframe
tokenizer lets customers provide card data securely to the Clover servers. A source
, which is an encrypted card token, is provided to your app after the card is encrypted and tokenized for use with the Clover payment system. This gives your app the benefit of reduced PCI compliance burden, as well as speeding up the integration and coding process by using a pre-built component. Clover keeps the tokenizer up to date with any future API changes, so your app requires less maintenance.
Use case
Most eCommerce merchants require an app built with this type of integration. It provides the greatest business benefit and the lowest security risk for card-not-present payments through a third-party Clover app. For instance, a Clover merchant running a small retail store wants to set up an online store to expand their customer base. You can quickly build the payment aspect of the online store with an iframe
and API integration.
![iframeApi.png 2025](https://files.readme.io/ad18711-iframeApi.png)
iframe and API request flow
Request flow (iframe
and API)
iframe
and API)The fields in this example request are the minimum required for each endpoint. See the Ecommerce service API for complete information.
To charge a customer's card using the iframe
and API, your app completes the following flow:
- Direct the user to the
iframe
in a manner consistent with your app's user flow. - Let the user enter and submit their card information. The Clover server returns the tokenized card as a
source
. - Create a charge request with the
source
and a specificamount
in cents. - Send the charge request to the create a charge endpoint (
POST /v1/charges
). The card is charged for the specifiedamount
.
API-only integration
Use Clover Ecommerce APIs for custom integrations tailored to your specific requirements. Integrate with additional services for apps requiring complete control over the payment flow.
PCI burden on developers & merchants:** HIGH
For an API-only integration, you must use the PAKMS and token APIs in addition to the SCL API, which provides access to charges and customer data. These APIs provide operations for your app to retrieve an encryption key and use that key to encrypt and tokenize card data.
![apiOnly.png 2473](https://files.readme.io/31558c9-apiOnly.png)
API only request flow
Request flow (API only)
The fields in this example request are the minimum required for each endpoint. See the Ecommerce service API for complete information.
NOTE
The PAKMS key is unique for each merchant, and these keys do not expire. The PAKMS endpoint should be called only once for each merchant when they first configure your app. Your app should store the returned key for use in each of that merchant's subsequent charge requests. See the Ecommerce - PAKMS Service API reference for more information.
Your app needs to complete the following flow to charge a customer's card using only the Ecommerce API:
- Create an API key request containing the merchant ID
merchantId
and Clover App ID. - Send the API key request to the PAKMS key endpoint (
GET /pakms/apikey
). - Set the
authorization: Bearer
as your OAuth-generatedauth_token
. For more information, see Authenticate with OAuth—Canada and US.
curl --request GET \
--url 'https://apisandbox.dev.clover.com/pakms/apikey' \
--header 'accept: application/json' \
--header 'authorization: Bearer {auth_token}'
The server returns an apiAccessKey
.
- Create a card token request with a
card
object and its required fields:number
,exp_month
,exp_year
,cvv
, andbrand
. - Set the
apiAccessKey
as the value of theapikey
header and send the request to the token endpoint:POST /v1/tokens
.
curl --request POST \
--url 'https://token-sandbox.dev.clover.com/v1/tokens' \
--header 'accept: application/json' \
--header 'apikey: {apiAccesssKey}' \
--header 'content-type: application/json' \
--data '{ "card": { "number": "6011361000006668","exp_month": "12","exp_year": "2021","cvv": "123","brand": "DISCOVER"}}'
The Clover server returns the tokenized card as a source
. All source
tokens are alphanumeric and begin with clv_
.
- Create a charge request with the
source
and a specificamount
in cents. - Send the charge request to the create a charge endpoint (
POST /v1/charges
). The card is charged for the specifiedamount
.
Related topics
- Generate a card token for more information about encrypting card data and then tokenizing the encrypted data.
- Create a card token endpoint in the Ecommerce API to create a single-use token to make a payment.
Updated 2 days ago