Legacy left navigation menu flow

Before Clover implemented v2 OAuth, when a merchant installed an app from the Merchant Dashboard > More Tools > Clover App Market page or the Clover App Market, Clover redirected the merchant through a partial OAuth flow. This process bypassed the first endpoint in the OAuth process—/oauth/authorize—and took some of the OAuth flow control away from you and your app.

Apps initiate the OAuth flow

The Clover v2 OAuth flow starts when the merchant selects your app from the Clover App Market or the Merchant Dashboard > More Tools > Clover App Market page. Clover redirects the merchant to your app with a merchant ID. From there, your app must call the v2 authorize endpoint to initiate OAuth. Your app has full control of the entire OAuth flow and facilitates the use of v2 OAuth.

If a merchant loads the app from your website instead of installing (connecting) it from the Clover App Market, your app needs to redirect the merchant to the Clover App Market page to install the app from there.

Clover requires new apps to use the v2 OAuth flow. However, for both new and existing apps, you can roll out the v2 OAuth flow as you deem fit—for example, all at once, or by using feature flags or gradual rollouts.

🚧

IMPORTANT

By August 1, 2024 it is mandatory for all new and existing apps to use the Clover v2 OAuth flow.

*You can learn more about PKCE in OAuth terminology.

Set the Alternate Launch Path

The Alternate Launch Path sends the merchant directly to your app and initiates the OAuth flow. Enter your app’s Alternate Launch Path on the Developer Dashboard, Edit REST Configuration web app settings.

The flow is:

• The merchant clicks Connect on your app in the Clover App Market.
• The Clover App Market redirects the merchant to the location specified in the Alternate Launch Path field.
• The app calls /oauth/v2/authorize to initiate OAuth.

The Alternate Launch Path URL domain depends on the site URL. See Add web app settings and Set app link (URL) and CORS domain for more information.