Get an OAuth token
You need an OAuth API token to secure the communication between your app and the merchant, and then to give your app the required permissions to access the merchant's data.
IMPORTANT
Be sure to use an API token—not a Merchant token—to make REST Pay Display requests. Using a Merchant token returns an error response.
Prerequisites
Before you can obtain an OAuth token, you need to complete the following tasks:
Sandbox versus production environment
In sandbox, you can complete this flow using a basic REST client like Postman. For further instructions, see Using Postman with REST Pay Display API
In production, your application server needs to handle the merchant user, who is redirected from Clover to your server, once they connect to your app.
Key OAuth concepts
Client ID
Your client_id
is the App ID value in your app's App Settings page on the developer dashboard. The client ID:
- Uniquely identifies your app on the Clover App Market.
- Confirms that your app is participating in the OAuth 2.0 flow.

Client secret
Your client secret is the App Secret value on your app's App Settings page. This identifier (ID) is a secret key that Clover assigns to your app. Together, the client ID and client secret authenticate the identity of your app with the Clover server.
IMPORTANT
Do not share the client secret key publicly.

Authorization code
A merchant is redirected to your app along with an authorization code. With this code, the Clover server confirms that your request for merchant data is authorized by the merchant. You can use this code to further negotiate with the Clover server for an API token.
API token
Your app uses the authorization code, client ID, and client secret to negotiate with the Clover server for an API token. With the API token, your app can make REST Pay API calls and access merchant data.
Get the API token
NOTE
To learn more, see our blog post Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys.
- Log in to your sandbox Developer Dashboard.
- Navigate to your test Merchant Dashboard.
- From the left navigation menu, select your test application.
Clover redirects to your application. - If you have not yet coded your application server to handle the redirect and obtain an access token, note the
client_id
and thecode
in the URL.

- Send an API token GET request in the following URL format to the Clover /oauth/token server, passing the
client_id
, yourclient_secret
, andcode
:
https://sandbox.dev.clover.com/oauth/token?client_id={appId}&client_secret={APP_SECRET}&code={AUTHORIZATION_CODE}
The response displays your API access token.
{
"access_token":"{API_TOKEN}"
}
Note
To build the OAuth flow for apps on the Clover App Market, in production environments, replace
https://sandbox.dev.clover.com/
with the relevant regional base URL in your requests:
- US and Canada:
https://www.clover.com/
- Europe:
https://eu.clover.com/
See Use OAuth 2.0 for more information.
Updated 3 months ago