question

I'm currently attempting to request a token API token for my test merchant. I'm making the request to https://sandbox.dev.clover.com/. However, instead of a token, I'm receiving an HTML response and 200 OK response code (please see below for full request & response). Would someone mind explaining why I'm receiving the HTML response instead of a token?

Request:
curl --request GET \
--url 'https://apisandbox.dev.clover.com/oauth/authorize?client_id={id}' \
--header 'Content-Type: application/json'

Response:
<!DOCTYPE html>
<html>
<head>
<script>
function allowRedirect(path) {
var appWhitelist = [
'appmarket', 'authorizations', 'cashlog', 'closeout', 'discounts',
'employees', 'enterprise', 'home', 'inventory', 'orders', 'printers', 'reporting',
'setupapp', 'shifts', 'tabs', 'tips', 'transactions', 'wirelessmanager'
];

return path[0] === '/' && appWhitelist.some(function (app) {
return path.indexOf(app) === 1;
});
}

/**
* Attempt to extract a merchantId from a URL, falling back to sessionStorage.
* If an ID cannot be extracted, an empty string is returned.
*/
function extractMerchantId(path) {
var regex = /\/[a-z-]+\/m\/([a-z0-9]{13})(?:$|\/|\?)/i;
var match = path.match(regex);

return match ? match[1] : sessionStorage.getItem('merchantId') || '';
}

function redirectToDashboard() {
/**
* Do not attempt a redirect if we're in an iframe or this app is not allowed
* to redirect to the new web dashboard
*/
if (self !== top || !allowRedirect(location.pathname)) {
return;
}

var merchantId = extractMerchantId(location.href);
var isEnterpriseApp = location.pathname.indexOf('enterprise') > -1;

// If we are trying to go to the enterprise app, we know it's neither 'home' nor 'call-me' so
// redirect them to react with the current href as the webRedirectUrl. Or if the merchant
// is set to get the new dashboard, send them there too in that case. Enterprise refMerchantId
// is not entirely the same as a merchant hence the condition difference.
if (localStorage.getItem(merchantId + ':isNewDashboard') || isEnterpriseApp) {
var isHomeApp = location.pathname.indexOf('home') > -1;
var isCallMePage = location.pathname.indexOf('call-me') > -1;
var appendRedirectQueryParam = !isHomeApp || isCallMePage;
var urlExtra = appendRedirectQueryParam ? '?webRedirectUrl=' + location.href : '/m/' + merchantId;
var isLocalHost = location.href.indexOf('localhost') > -1;
var baseUrl = isLocalHost ? 'http://localhost:8080/dashboard' : '/dashboard';

location.href = baseUrl + urlExtra;
}
}

var hasBrowserStorage = localStorage && localStorage.getItem && sessionStorage && sessionStorage.getItem;

if (hasBrowserStorage) {
redirectToDashboard();
}

</script>
<script>
function shareSessionStorage() {
if (!sessionStorage.length) {
// get sessionStorage
localStorage.setItem('getSessionStorage', Date.now());
}

window.addEventListener('storage', event => {
if (event.key == 'getSessionStorage') {
// send sessionStorage
localStorage.setItem('sessionStorage', JSON.stringify(sessionStorage));
localStorage.removeItem('sessionStorage');
} else if (event.key == 'sessionStorage' && !sessionStorage.length) {
// set sessionStorage
var sharedStorage = JSON.parse(event.newValue);

for (var key in sharedStorage) {
sessionStorage.setItem(key, sharedStorage[key]);
}
}
});
}

var hasBrowserStorage = localStorage && localStorage.getItem && sessionStorage && sessionStorage.getItem;

if (hasBrowserStorage) {
shareSessionStorage();
}

</script>
<body>
Lot of meta an links inside.
</body>
</html>