Set app URL and CORS
For web apps, Clover uses OAuth 2.0 to generate API tokens for Clover merchants using your app.
To use OAuth, configure your app's Site URL and CORS Domain values under App Settings > REST Configuration on the sandbox Developer Dashboard.
NOTE
For testing and publishing your app in production, you configure these settings on the production Developer Dashboard.
Site URL
This URL is where merchants are redirected after installing your app and launching it from the Merchant Dashboard.
The site URL is also where merchants land after you redirect to /oauth/authorize
and the merchant authenticates by logging in and/or selecting their merchant account as needed. You can override the post-authorization landing page by providing a redirect_uri
in your request to /oauth/authorize
.
NOTE
A
redirect_uri
passed to/oauth/authorize
must be a subpath of the set Site URL.For example, if you specify the site URL
https://www.example.com/myapp
, theredirect_uri
ofhttps://www.example.com/myapp/setup
in your OAuth request is valid, buthttps://example.com/setup
is invalid.
Cross-Origin Resource Sharing (CORS)
Clover implements Cross-Origin Resource Sharing (CORS), which enables you to:
- Build pure HTML/JavaScript-based client applications without an app server to intermediate between your browser and the Clover server, and then
- Make requests from your client-side app to Clover's REST API using XmlHttpRequests or AJAX requests
- Connect a semi-integrated app to a Clover Flex, Mini, or Mobile using Cloud Pay Display
IMPORTANT
Clover REST API does not support JSON with Padding (JSONP).
On the sandbox Developer Dashboard, enter your application domain such as https://www.example.com
(or http://localhost:8000
for testing). The access token provided by the OAuth flow can be used for cross-domain requests as long as they originate from this domain.
Troubleshooting CORS
If you are experiencing difficulties:
- Verify that you have specified the Site URL and CORS Domain for your app in the sandbox Developer Dashboard.
- Verify that you are using an OAuth token that is retrieved using OAuth and not using test API tokens (Setup > API Tokens) on the sandbox Merchant Dashboard. If you want OAuth to provide you with a token (rather than a code), set
response_type=token
in the OAuth request.
Updated 2 months ago