Release NotesAnnouncementsVideosCommunityBlog

New required header for Clover Ecommerce Charge and Order pay requests

Starting fall 2023, the calls made to the Clover Ecommerce Charge and Order pay endpoints require the x-forwarded-for header with the client’s IP address. This change enhances the security and accuracy of Clover services. Requests that don’t include the header will be unsuccessful.

Developer action

We strongly recommend that you implement this change immediately to allow time to test and troubleshoot your integration. The following examples show how to use the x-forwarded-for header.

Header examples

v1/charge requests

curl --request POST  
  --url '<https://scl-sandbox.dev.clover.com/v1/charges>'  
  --header 'accept: application/json'  
  --header 'authorization: Bearer {access_token}'  
  --header 'idempotency-key {uuid4_key}'  
  --header 'content-type: application/json'  
  --header 'x-forwarded-for: {client_ip}'  
  --data '{"amount":2300,  
  "Currency":"usd",  
  "Source":"{customer_id}"}'

v1/order pay requests

curl --request POST  
  --url '<https://scl-sandbox.dev.clover.com/v1/orders/{orderId}/pay>'  
  --header 'accept: application/json'  
  --header 'authorization: Bearer {access_token}'  
  --header 'content-type: application/json'  
  --header 'x-forwarded-for: {client_ip}'  
  --data '{"source":"{token}","email":"[[email protected]](mailto:[email protected])"}'

Client IP address

The client IP address is the IP address of the web browser from which the customer’s payment originates. A client IP address is different from a server address which is an external IP address that connects your computer to the Internet Service Provider (ISP). The following examples show how to request a client IP address:

Java

import javax.servlet.http.HttpServletRequest;

public String getIPAddress(HttpServletRequest request) {  
    String ipAddress = request.getHeader("X-FORWARDED-FOR");  
    if (ipAddress == null) {  
        ipAddress = request.getRemoteAddr();  
    }  
    return ipAddress;  
      }

Node JS

const express = require('express');  
const app = express();

app.get('/',function(req, res) {  
    const ipAddress = req.socket.remoteAddress;  
    res.send(ipAddress);  
       });

Python

from flask import Flask, request

app = Flask(**name**)

@app.route('/')  
def get_ip():  
    ip_address = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)  
        return ip_address

Support

See our Ecommerce documentation and API reference for more information and examples to help you update your Charge and Order pay requests.

Contact Clover developer support with questions or concerns.

Updated 5 months ago