Use API tokens

United States
Latin America

Clover uses the OAuth 2.0 security framework for third-party developers to authenticate their apps with merchant accounts and lets them use Clover public REST APIs on behalf of the merchant. Clover developers use expiring access and refresh tokens in the production environment to secure merchant data.

API tokens for testing in sandbox

When you test your app in the sandbox environment, you can generate and use API tokens instead of access and refresh tokens.

You can use the API token to test Clover REST APIs from the command line. When you make server-side requests to Clover REST APIs, you need the following:

  • Authorization header set with a type of Bearer
  • Credential as your {API_Token}
  • Merchant identifier or merchantId that is part of the web address to access the Clover merchant Web Dashboard

Send the following request from your app server to the Clover server.{mId}



When your app is ready for testing in the production environment, use expiring tokens to authenticate.