Set app link (URL) and CORS domain
The Clover integration for web applications uses the OAuth 2.0 protocol to secure API tokens for merchants. When setting up a web app, you must enter the app link or site URL, which merchants are redirected to after they install and launch an app from the Merchant Dashboard. You can also set a custom post-authorization landing page by including a redirect_uri parameter in the OAuth authorization request. Optionally, you can enter an Alternate Launch Path and CORS Domain values in the web app settings. See how to add web app settings.
All these configurations are set in the sandbox Developer Dashboard for testing and in the production Developer Dashboard to launch an approved app and publish it in the Clover App Market. See Use Clover developer environments for information on the Developer Dashboards.
Site URL (link)
The Site URL is the link where a merchant is redirected after they install your app and launch it from the Merchant Dashboard. Your authenticated merchants are sent to the Site URL after you redirect them to /oauth/authorize. Merchants can authenticate themselves by logging in or selecting their merchant account.
You can override the post-authorization landing page by providing a redirect_uri in your request to./oauth/authorize.
NOTE
A
redirect_uripassed to/oauth/authorizemust be a subpath of the set Site URL.For example, if you enter the site URL
https://www.example.com/myapp, theredirect_uriofhttps://www.example.com/myapp/setupin your OAuth request is valid, buthttps://example.com/setupis invalid.
Cross-Origin Resource Sharing (CORS) (optional)
Clover implements Cross-Origin Resource Sharing (CORS), which lets you:
- Build pure HTML/JavaScript-based client applications without an app server to intermediate between your browser and the Clover server.
- Make requests from your client-side app to the Clover REST API using the
XmlHttpRequestsor AJAX requests. - Connect a semi-integrated app to a Clover Flex, Mini, or Mobile using Cloud Pay Display.
IMPORTANT
Clover REST API does not support JSON with Padding (JSONP).
On the sandbox Developer Dashboard, enter your application domain, such as https://www.example.com or http://localhost:8000 for testing. You can use the OAuth access tokens from your application domain for cross-domain requests.
Troubleshoot CORS
If you experience difficulties in implementing CORS:
- Verify that you have entered the Site URL and CORS Domain for your app in the sandbox Developer Dashboard.
- Verify that you are using an OAuth token retrieved by following the correct OAuth flow. If you want an OAuth token instead of a code, set the
response_type=tokenin the OAuth request. - Make sure that you are not using test API tokens (Setup > API Tokens) on the test Merchant Dashboard.
Alternate Launch Path (optional)
The Alternate Launch Path is an optional setting that lets you configure an alternate link. If you have defined the alternate launch path link, your merchant is redirected to this link in your app after they install and launch the app from the Merchant Dashboard. This URL:
- Uses the expiring authentication tokens to authenticate with APIs.
- Sends the merchant directly to your app and initiates the OAuth flow. See Initiate OAuth flow from Merchant Dashboard left navigation app link.
Updated 15 days ago