Announcing expiring access tokens in US and Canada

Expiring access (authentication) tokens are available for apps in the United States (US) and Canada. Use these short-lived, expiring access tokens to:

  • Authenticate with Clover APIs
  • Improve the security of your applications and merchants’ data

Since expiring tokens are short-lived, your applications must manage the expiring access tokens and create refresh tokens to maintain continuous access to the APIs.



By August 1, 2024 it is mandatory for all new and existing apps in the US and Canada to use the Clover v2 OAuth flow.

Apps in the United States or Canada

  • New applications—Clover requires that new apps use expiring access and refresh tokens.
  • Existing (legacy) applications—If you have Clover apps, start migrating your apps to use expiring access and refresh tokens.

For both new and existing apps, roll out the expiring access tokens as you deem fit—for example, all at once or by using feature flags or gradual rollouts. See Authenticate with OAuth—Canada and US for more information.

Apps in Latin America or Europe

If you create apps in Latin America or Europe, continue to create and use API tokens as you do now. See Use OAuth—Europe and Latin America for more information.