Set app link (URL) and CORS domain
For web apps, Clover uses OAuth 2.0 to generate API tokens for merchants using your app.
To use OAuth 2.0 flow, enter the Site URL of your app, and if needed, enter the Alternate Launch Path and CORS Domain values. Set the path and values in the App Settings > REST Configuration on:
- Sandbox Developer Dashboard to test your app.
- Production Developer Dashboard to test your app and publish in the Clover App Market.
Site URL (link)
The Site URL is the link where a merchant is redirected to after they install your app and launch it from the Merchant Dashboard. Your authenticated merchants are sent to the Site URL after you redirect them to /oauth/authorize
. Merchants can authenticate themselves by logging in or selecting their merchant account.
You can override the post-authorization landing page by providing a redirect_uri
in your request to /oauth/authorize
.
NOTE
A
redirect_uri
passed to/oauth/authorize
must be a subpath of the set Site URL.For example, if you enter the site URL
https://www.example.com/myapp
, theredirect_uri
ofhttps://www.example.com/myapp/setup
in your OAuth request is valid, buthttps://example.com/setup
is invalid.
Alternate Launch Path (optional)
The Alternate Launch Path is an optional setting that allows you to configure an alternate link, which sends the merchant directly to your app and initiates the OAuth flow. If you have defined the alternate launch path, your merchant is redirected to this path in your app after they install and launch the app from the Merchant Dashboard.
See Initiate OAuth flow from Merchant Dashboard left navigation app link.
Cross-Origin Resource Sharing (CORS)
Clover implements Cross-Origin Resource Sharing (CORS), which enables you to:
- Build pure HTML/JavaScript-based client applications without an app server to intermediate between your browser and the Clover server, and then
- Make requests from your client-side app to Clover's REST API using XmlHttpRequests or AJAX requests
- Connect a semi-integrated app to a Clover Flex, Mini, or Mobile using Cloud Pay Display
IMPORTANT
Clover REST API does not support JSON with Padding (JSONP).
On the sandbox Developer Dashboard, enter your application domain such as https://www.example.com
(or http://localhost:8000
for testing). You can use the OAuth access tokens from your application domain for cross-domain requests.
Troubleshooting CORS
If you are experiencing difficulties implementing CORS:
- Verify that you have specified the Site URL and CORS Domain for your app in the sandbox Developer Dashboard.
- Verify that you are using an OAuth token retrieved by following the Use OAuth 2.0 process. If you want an OAuth token instead of a code, set
response_type=token
in the OAuth request. - Ensure that you are not using test API tokens (Setup > API Tokens) on the sandbox Merchant Dashboard.
Updated about 1 month ago