For web apps, Clover uses OAuth 2.0 to generate API tokens for merchants using your app.
To use OAuth 2.0 flow, enter the Site URL of your app, and if needed, enter the Alternate Launch Path and CORS Domain values. Set the path and values in the App Settings > REST Configuration on:
- Sandbox Developer Dashboard to test your app.
- Production Developer Dashboard to test your app and publish in the Clover App Market.
The Site URL is the link where a merchant is redirected to after they install your app and launch it from the Merchant Dashboard. Your authenticated merchants are sent to the Site URL after you redirect them to
/oauth/authorize. Merchants can authenticate themselves by logging in or selecting their merchant account.
You can override the post-authorization landing page by providing a
redirect_uri in your request to
/oauth/authorizemust be a subpath of the set Site URL.
For example, if you enter the site URL
https://www.example.com/myapp/setupin your OAuth request is valid, but
The Alternate Launch Path is an optional setting that allows you to configure an alternate link, which sends the merchant directly to your app and initiates the OAuth flow. If you have defined the alternate launch path, your merchant is redirected to this path in your app after they install and launch the app from the Merchant Dashboard.
See Initiate OAuth flow from Merchant Dashboard left navigation app link.
Clover implements Cross-Origin Resource Sharing (CORS), which enables you to:
- Make requests from your client-side app to Clover's REST API using XmlHttpRequests or AJAX requests
- Connect a semi-integrated app to a Clover Flex, Mini, or Mobile using Cloud Pay Display
Clover REST API does not support JSON with Padding (JSONP).
On the sandbox Developer Dashboard, enter your application domain such as
http://localhost:8000 for testing). You can use the OAuth access tokens from your application domain for cross-domain requests.
If you are experiencing difficulties implementing CORS:
- Verify that you have specified the Site URL and CORS Domain for your app in the sandbox Developer Dashboard.
- Verify that you are using an OAuth token retrieved by following the Use OAuth 2.0 process. If you want an OAuth token instead of a code, set
response_type=tokenin the OAuth request.
- Ensure that you are not using test API tokens (Setup > API Tokens) on the sandbox Merchant Dashboard.
Updated about 1 month ago