Production 401 Client Error: Unauthorized for url

Question

This question was closed Mar 05, 2019 at 07:36 PM by zgreathouse for the following reason: The question is answered, right answer was accepted

question

apacedg asked Feb 27, '19 zgreathouse Deactivated commented Apr 1, '19

Production 401 Client Error: Unauthorized for url

Hi. I am hitting the REST API ( https://www.clover.com/v3/merchants/xxx/exports/?access_token=xxx) from my local machine using python. It works fine in sandbox mode. When I switch the url/merchant-id/access-token to production, I get an error: "401 Client Error: Unauthorized for url...".

I thought it might be a CORS issue, so I added http://localhost:8000/ as a CORS domain in my app's web configuration settings. I then ran my code from a local web server, and got the same error: "HTTPError: 401 Client Error: Unauthorized for url: https://www.clover.com/v3/merchants/xxx/exports/?access_token=xxx

Is it a requirment to hit the API from a web server?
Does my app need to be approved in the market before I can hit the production API?
Is this the correct production API url?: ' https://www.clover.com'
I've already checked to make sure my app has the correct permissions allowed. Any other ideas?

REST API

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community

Answer 1 · 2019-03-04T21:57:25Z

zgreathouse Deactivated answered Mar 4, '19 zgreathouse Deactivated commented Apr 1, '19

1. You do not have to hit the API from a web server
2. Your app does not need to be approved in production before the API is accessible.
3. Yes, that is the correct Production API url

How are you fetching the API Token in your application? Are hardcoding the token?

One thing to note is that if permissions were changed after the application was installed, the new permissions are not reflected in the API Token. You would need to uninstall and reinstall the app in order for the newly set permissions to go into effect.

9

10 |2000

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

apacedg commented · Mar 05, 2019 at 07:20 PM

Thanks. Having my merchant uninstall and re-authorize the app helped!!

1 ·

zgreathouse apacedg commented · Mar 05, 2019 at 07:36 PM

Wonderful :) Happy to help!

0 ·

apacedg commented · Mar 05, 2019 at 04:50 PM

First I get a code using this endpoint: https://www.clover.com/oauth/authorize?client_id=9...
Then I get my token: https://www.clover.com/oauth/token?client_id=9QN8D...

I then use that token to make RESTful calls.
Everything works fine in sandbox mode. it fails when I go against the production API endpoints.

0 ·

zgreathouse apacedg commented · Mar 05, 2019 at 05:27 PM

Have you tried uninstalling and reinstalling the application?

I would also check your app secret and app ID are your production app's and not your sandbox app's.

0 ·

apacedg zgreathouse commented · Mar 05, 2019 at 05:33 PM

I am sure that my app secret and app ID are correct for production. I doubled checked.

I'm not sure what you mean by uninstall/reinstall my app. I am running this code from my local computer, from a python file. @zgreathouse

0 ·

Show more comments

apacedg commented · Mar 05, 2019 at 06:27 PM

@zgreathouse It seems like my authorization code expires after 1 use. Does the client need to authorize my app before every request?

0 ·

zgreathouse apacedg commented · Mar 05, 2019 at 07:20 PM

Apologies, I am not sure I understand the question. The code which is used to fetch the token expires after a single use. The token however does not expire until the app has been uninstalled. If OAuth is being implemented properly, each time a Merchant logs into your app, a new code and therefore a new token should be acquired each time.
(See a python OAuth example here: https://github.com/cloverhackathons/OAuthPython)

However, if permissions have been updated since installing your production app to your production test merchant- you must uninstall and reinstall your production app on the production test merchant for the new permissions to go into effect. After reinstalling the app you need to request a new token, as any tokens previously acquired were expired upon uninstalling the app.

0 ·

zgreathouse commented · Mar 05, 2019 at 07:20 PM

Basically if you have confirmed the following:
- Base url is correct in exports endpoint
- MerchantId is correct in exports endpoint
- App Secret used to fetch token is correct
- App Id (Client Id) used to fetch token is correct
- App is installed on the merchant you are fetching exports for
- Required permissions are set on your app

Then the last thing to determine is if the token is valid. It is possible the token does not have the proper permissions. For clarification the token will have the permissions which were set at the time the Merchant installed the app. So if after installing the app you add Order Read permissions, you cannot get a token with those permissions until the Merchant uninstalls/ reinstalls the app. Subsequent tokens will have the newly added permission.

-1 ·

question

Production 401 Client Error: Unauthorized for url

1 Answer

Welcome to the
Clover Developer Community

question details

question

Production 401 Client Error: Unauthorized for url

1 Answer

Welcome to theClover Developer Community

question details

Related Questions

Welcome to the
Clover Developer Community