You need an OAuth API token to secure the communication between your app and the merchant, and then to give your app the required permissions to access the merchant's data.

🚧

IMPORTANT

Be sure to use an API token—not a Merchant token—to make REST Pay Display requests. Using a Merchant token returns an error response.

Prerequisites

Before you can obtain an OAuth token, you need to complete the following tasks:

• Create a sandbox developer account.
• Create an app.
• Install your app to your test merchant.

📘

Sandbox versus production environment

In sandbox, you can complete this flow using a basic REST client like Postman. For further instructions, see Using Postman with REST Pay Display API

In production, your application server needs to handle the merchant user, who is redirected from Clover to your server, once they connect to your app.

Key OAuth concepts

Client ID

Your client_id is the App ID value in your app's App Settings page on the developer dashboard. The client ID:

• Uniquely identifies your app on the Clover App Market.
• Confirms that your app is participating in the OAuth 2.0 flow.

Client secret

Your client secret is the App Secret value on your app's App Settings page. This identifier (ID) is a secret key that Clover assigns to your app. Together, the client ID and client secret authenticate the identity of your app with the Clover server.

🚧

IMPORTANT

Do not share the client secret key publicly.

Authorization code

A merchant is redirected to your app along with an authorization code. With this code, the Clover server confirms that your request for merchant data is authorized by the merchant. You can use this code to further negotiate with the Clover server for an API token.

API token

Your app uses the authorization code, client ID, and client secret to negotiate with the Clover server for an API token. With the API token, your app can make REST Pay API calls and access merchant data.

Obtain the API token

📘

NOTE

To learn more, see our blog post Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys.

1. Log in to your sandbox Developer Dashboard
2. Navigate to your test Merchant Dashboard.
3. From the left navigation menu, select your test application.
   Clover redirects to your application.
4. If you have not yet coded your application server to handle the redirect and obtain an access token, note the client_id and the code in the URL.

5. Send an API token GET request in the following URL format to the Clover /oauth/token server, passing the client_id, your client_secret, and code:

https://sandbox.dev.clover.com/oauth/token?client_id={appId}&client_secret={APP_SECRET}&code={AUTHORIZATION_CODE}

The response displays your API access token.

{
   "access_token":"{API_TOKEN}"
}

📘

Note

To build the OAuth flow for apps on the Clover App Market, in production environments, replace https://sandbox.dev.clover.com/ with the relevant regional base URL in your requests:

• US and Canada: https://www.clover.com/
• EU: https://eu.clover.com/

See Use OAuth 2.0 for more information.