Clover uses the Open Authorization (OAuth) 2.0 security framework. When a merchant selects and installs your app, Clover uses OAuth 2.0 to first secure the communication between your app and the merchant, and then give your app the necessary access to merchant data.
When an authorized merchant logs in to their Clover merchant account, the Clover server redirects the merchant to your app. The Access Token returned to you in the OAuth session is the Authorization key for the REST Pay Display API.
Note: If your app does not require a server, see OAuth Facilitator Service.
A web app (REST client) in Clover that represents your point-of-sale (POS) integration is needed to complete the OAuth flow. The configuration of this web app includes:
a) Permissions from the merchant so that you can access their merchant account and data,and
b) Site link (URL) endpoint on your server, to which the OAuth flow redirects you, along with the appended access token.
When your app is pushed to the merchant, the merchant logs in with their Clover credentials,, and needs to grant permissions for your app. If the merchant grants the permission, then they are redirected to your site URL.
Merchant Read is the minimum required permission.
The merchant needs to install one of the following:
- Cloud Pay Display—If you are using a Cloud Connection
- REST Pay Display—If you are using a Local Connection
- Regardless of the connection, you also need to push your private web app to the merchant so they can authenticate through OAuth.
REST Pay Display is currently supported in the US and Canada.
No, due to the synchronous nature of REST Pay Display API, and how device activity is managed, Clover does not limit the rate of this API.
For your app to connect to the device, you need to ensure that the Clover Production Certificate is properly installed on your proxy server.
Yes, you can redeem physical Clover gift cards, as well as cobranded network gift cards.
If you have to support a closed-loop gift card system, Clover needs to approve your use of the read card data endpoint for a bank identification number (BIN) range that is whitelisted on Clover.
Yes, see the guide on understanding surcharges.
Yes, you can set up your apps to accept EBT transactions with the following configurations:
- Merchant needs to have the EBT entitlement both in Sandbox and Production. A DevRel support member can configure this in Sandbox, if needed.
- Use the EBT test card number: 5076 5800 0011 1112
Note: Clover does not provide physical EBT test cards, but you can manually enter the EBT test card number to trigger
"cardType":"EBT"in the payment response for an EBT transaction.
There are two scenarios but cashback is not supported in both:
- EBT Cash account holders may get cashback with a purchase and withdraw cash; however, these operations are not currently supported by Clover.
- EBT Food (also called SNAP) does not support cashback.
Yes, Paypal/Venmo can be enabled for merchants through standard Fiserv-Clover boarding tools and procedures. These upstream systems communicate with Clover to have Paypal/Venmo enabled for payments on Clover. When the tender becomes enabled for merchants, the QR Code is automatically displayed on the screen as customers are prompted for their payment method.
When issuing a refund, most card brands now require online authorization of the card, which makes it subject to decline. Currently, this is supported for DiscoverⓇ, InteracⓇ MastercardⓇ, and VisaⓇ cards.
Online refund authorization applies to both refunding an existing payment for a partial or full amount, and issuing a credit to a customer.
Yes, see Interoperability with Ecommerce API for more information. The same application that handles REST Pay Display’s OAuth flow should be used for payment processing through the Ecommerce API.
Yes, incremental authorizations are only available for:
- DiscoverⓇ, MastercardⓇ, and VisaⓇ cards, and
- Merchant types—aircraft rentals, amusement parks, bicycle rentals, boat rentals, car rentals, cruise lines, drinking places, eating places, equipment rentals, lodgings, motor home rentals, motorcycle rentals, trailer parks/campgrounds, and truck rentals. The merchant's MCC (merchant category code) must be under one of the preauth categories.
Updated about 1 month ago