Obtaining an OAuth token

You need an OAuth API token to secure the communication between your app and the merchant, and then to give your app the required permissions to access the merchant's data.

Prerequisites

Before you can obtain an OAuth token, you need to complete the following tasks:

📘

Sandbox versus production environment

In sandbox, you can complete this flow using a basic REST client. In production, your application server needs to handle the merchant user, who is redirected from Clover to your server, once they connect to your app.

Key OAuth 2.0 concepts

Client ID

Your client_id is the App ID value in your app's App Settings page on the developer dashboard. The client ID:

  • Uniquely identifies your app on the Clover App Market.
  • Confirms that your app is participating in the OAuth 2.0 flow.

Client secret

Your client secret is the App Secret value on your app's App Settings page. This identifier (ID) is a secret key that Clover assigns to your app. Together, the client ID and client secret authenticate the identity of your app with the Clover server.

🚧

IMPORTANT

Do not share the client secret key publicly.

Authorization code

A merchant is redirected to your app along with an authorization code. With this code, the Clover server confirms that your request for merchant data is authorized by the merchant. You can use this code to further negotiate with the Clover server for an API token.

API token

Your app uses the authorization code, client ID, and client secret to negotiate with the Clover server for an API token. With the API token, your app can make REST Pay API calls and access merchant data.

Obtaining the OAuth token

  1. Navigate to your test merchant's dashboard.
  2. Select your test application from the left side navigation pane.
    Clover redirects to your application.
  3. If you have not yet coded your application server to handle the redirect and obtain an access token, note the client_id and the code in the URL.
  1. Send an API token GET request in the following URL format to the Clover /oauth/token server, passing the client_id, code, and your client_secret:
https://sandbox.dev.clover.com/oauth/token?client_id={appId}&client_secret={APP_SECRET}&code={AUTHORIZATION_CODE}

The response displays your API access token.

{
   "access_token":"{API_TOKEN}"
}

📘

NOTE

To build the OAuth flow for apps on the Clover App Market, in production environments, replace https://sandbox.dev.clover.com/ with the relevant regional base URL in your requests:

  • US and Canada: https://www.clover.com/
  • EU: https://eu.clover.com/

See Getting started using OAuth for more information.


Did this page help you?