Set app URL and CORS

United States
Canada
Europe

For web apps, Clover uses OAuth 2.0 to generate API tokens for Clover merchants using your app.

To use OAuth, configure your app's Site URL and CORS Domain values under App Settings > REST Configuration on the sandbox Developer Dashboard.

📘

NOTE

For testing and publishing your app in production, you configure these settings on the production Developer Dashboard.

Site URL

This URL is where merchants are redirected after installing your app and launching it from the Merchant Dashboard.

The site URL is also where merchants land after you redirect to /oauth/authorize and the merchant authenticates by logging in and/or selecting their merchant account as needed. You can override the post-authorization landing page by providing a redirect_uri in your request to /oauth/authorize.

📘

NOTE

A redirect_uri passed to /oauth/authorize must be a subpath of the set Site URL.

For example, if you specify the site URL https://www.example.com/myapp, the redirect_uri of https://www.example.com/myapp/setup in your OAuth request is valid, but https://example.com/setup is invalid.

Cross-Origin Resource Sharing (CORS)

Clover implements Cross-Origin Resource Sharing (CORS), which enables you to:

  • Build pure HTML/JavaScript-based client applications without an app server to intermediate between your browser and the Clover server, and then
  • Make requests from your client-side app to Clover's REST API using XmlHttpRequests or AJAX requests
  • Connect a semi-integrated app to a Clover Flex, Mini, or Mobile using Cloud Pay Display

🚧

IMPORTANT

Clover REST API does not support JSON with Padding (JSONP).

On the sandbox Developer Dashboard, enter your application domain such as https://www.example.com (or http://localhost:8000 for testing). The access token provided by the OAuth flow can be used for cross-domain requests as long as they originate from this domain.

Troubleshooting CORS

If you are experiencing difficulties:

  • Verify that you have specified the Site URL and CORS Domain for your app in the sandbox Developer Dashboard.
  • Verify that you are using an OAuth token that is retrieved using OAuth and not using test API tokens (Setup > API Tokens) on the sandbox Merchant Dashboard. If you want OAuth to provide you with a token (rather than a code), set response_type=token in the OAuth request.