question

Robin Walmsley avatar image
Robin Walmsley asked David Marginian Deactivated edited

API Auth problem accessing Tax rates, even when using Owner Id and auth token

During the installation of our app, we API GET the tax rates and write them to our own database. If I attempt to do this as the Merchant Owner, launching our app from the Clover Dashboard, I'm getting a 401 Auth error on the API GET.
This is the API code (php) :
$request = [
'method' => 'GET',
'uri' => ...'merchants/'[merch_uuid]/tax_rates',
'header' => ['Authorization' => 'Bearer [auth token],'Content-Type' => 'Application/JSON'],
];
$tax_rates = json_decode($HttpSocket->request($request));
I might add I've not seen this issue before, this is established code that has been running for a while without issue.
Has something changed, am I doing something wrong?
Thanks

API Token
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

3 Answers

David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited
That endpoint requires read permissions on Inventory.
2 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Robin Walmsley avatar image Robin Walmsley commented ·

Ok that may well be the case, but if so, why does it work on some merchants but not on others? we have not set read permission on Inventory, so therefore no merchants should be able to retrieve tax rates.

Additionally, if what you are saying is correct, where might I find that in the documentation?

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ Robin Walmsley commented ·

Is it possible the tokens aren't being generated/provided consistently (oauth v merchant tokens)? Yes, it is documented. This page provides an overview of permissions -https://docs.clover.com/clover-platform/docs/permissions. Then on our API page (https://www.clover.com/api_docs/) you can see the tax rates GET under inventory which per the previous section means it requires a read on inventory.

0 Likes 0 ·
David Marginian avatar image
David Marginian Deactivated answered Robin Walmsley commented
Is this happening in production or sandbox? Is it happening for all merchants or just one? Have you tried calling a different API via postman/curl to verify the token is valid?
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Robin Walmsley avatar image
Robin Walmsley answered Robin Walmsley edited
This is in production. It is happening for at least 2 merchants, I cant test it on other merchants without changing their live data. The auth token is valid, because the token is used to retrieve Employees, Business information, Roles etc, all of which happens during the setup of a new store (merchant) on our system. This feels like a permissions problem, however the installation is being performed by the Owner.

I have just run some additional tests.
Using the auth token issued and with Postman, I can successfully GET
Roles, Merchant, Employees, Tenders, Orders, Payments, Address
But NOT Tax_rates
I used this endpoint
https://api.eu.clover.com/v3/merchants/[MERCHANTID]/tax_rates
this is the reply
{ "message": "401 Unauthorized"}

EDIT : More information.
I have two test merchants setup in Production. One allows me to GET tax_rates, the other does not. With the one that is failing, I can see no difference in the setup of the merchant details. In fact I made all the employees Admin role in case it was a permissions issue. I also checked the auth_token issued during launch of the app from the Clover Dashboard was the one that is being sent with the GET and it is.
This is most perplexing.

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community