Get an OAuth token
You need an OAuth API token to secure the communication between your app and the merchant, and then to give your app the required permissions to access the merchant's data. For more information, see OAuth flows in Clover.
IMPORTANT
Be sure to use an API token—not a Merchant token—to make REST Pay Display requests. Using a Merchant token returns an error response.
Prerequisites
Before you can get an OAuth token, you need to complete the following tasks:
- Choose your region:
- North America—United States and Canada: Create a single developer account and access both the sandbox and production environments on the Global Developer Dashboard. See Get started with the global developer platform.
- Europe and Latin America: Create separate developer accounts on the sandbox environment and the region-based production environments.
Sandbox versus production environment
In sandbox, you can complete this flow using a basic REST client like Postman. For further instructions, see Using Postman with REST Pay Display API
In production, your application server needs to handle the merchant user, who is redirected from Clover to your server, once they connect to your app.
To build the OAuth flow for apps on the Clover App Market, in production environments, replace https://sandbox.dev.clover.com/
with the relevant regional base URL in your requests:
- United States (US) and Canada:
https://www.clover.com/
- Europe:
https://eu.clover.com/
Key OAuth concepts
Client ID
Your client_id
is the App ID value in your app's App Settings page on the developer dashboard. The client ID:
- Uniquely identifies your app on the Clover App Market.
- Confirms that your app is participating in the OAuth 2.0 flow.
Client secret
Your client secret is the App Secret value on your app's App Settings page. This identifier (ID) is a secret key that Clover assigns to your app. Together, the client ID and client secret authenticate the identity of your app with the Clover server.
IMPORTANT
Do not share the client secret key publicly.
Authorization code
A merchant is redirected to your app along with an authorization code. With this code, the Clover server confirms that your request for merchant data is authorized by the merchant. You can use this code to further negotiate with the Clover server for an API token.
API token
Your app uses the authorization code, client ID, and client secret to negotiate with the Clover server for an API token. With the API token, your app can make REST Pay API calls and access merchant data.
Get the API token
NOTE
To learn more, see our blog post Fiddling Through Digital Keys: Clover Auth Tokens and Ecommerce Keys.
- Log in to your Developer Dashboard.
- Navigate to the Merchant Dashboard for your test merchant.
- From the left navigation menu, select your test application. Clover redirects to your application.
- If you have not yet coded your application server to handle the redirect and obtain an access token, note the
client_id
and thecode
in the URL.
- Send an API token GET request in the following URL format to the Clover /oauth/token server, passing the
client_id
, yourclient_secret
, andcode
:
https://apisandbox.dev.clover.com/oauth/token?client_id={appId}&client_secret={APP_SECRET}&code={AUTHORIZATION_CODE}
The response displays your API access token.
{
"access_token":"{API_TOKEN}"
}
Updated 11 days ago