question

david06n avatar image
david06n asked David Marginian Deactivated commented

Authentication for API calls from Clover native app

We need to secure/authenticate API calls from our Clover native app to our servers.

What is the best way to do it, without having to prompt our merchants to configure/setup anything in our app?

I wonder if Clover has any API that our app can use to silently generate some sort of token (without asking merchant to configure or login anything, because Clover server can already authenticate if the API calls are made from their devices, right?), our app then pass that token back to our servers, and some other Clover API that our servers can use to validate that token.

If such APIs dont exist, what is the closet option we can use?
Whatever it is, our desire is to avoid having to force merchants to do any type additional login on their Clover device before being able to connect to our server (we thought of using merchant's Clover account on clover.com, and ask they login from our app on their device. But believe it or not most of our merchants don't even know they have that account; few other know but never use so don't event remember user/pwd!)

Thanks!

David
MerchantAPI TokenAuth
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited
I don't believe what you are looking for exists. It seems to violate a basic principal of OAUTH. The merchant is granting your application privilege, this can't be done without the merchant knowing about it. You will have to force the merchants to login to obtain the token and then securely store it. The tokens last one year so they will only have to login once per year.
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

david06n avatar image
david06n answered David Marginian Deactivated commented
Thank David! What I'm looking for is not OAuth ( https://en.wikipedia.org/wiki/OAuth), which is a standard for users to grant other parties permissions to access their data on some other systems. We're are not looking for way to access merchant's data on Clover.

We're looking for a, preferably seamless and least cumbersome, way to authenticate users when they access their data on our own system. I just found out after posting the question that what we're looking for is more an IDP ( https://en.wikipedia.org/wiki/Identity_provider) or SSO - that if Clover API can also provide IDP service of some sort for apps running on it. The moment after users punch in their PINs and start using apps on on their Clover devices, Clover has effectively authenticated the users. Now if it could just add a couple more API methods to have that complete IDP service for third parties app like ours to leverage...

Without this service, our app has to ask merchants to logon, using either their account on clover.com, which very few of them know they have (most of our merchants have their card processing service setup by agents, who don't even bother giving merchant that account), or more likely their account on our system. Either way, it's a barrier for our app adoption by the merchants we're targeting.
1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image David Marginian ♦♦ commented ·

Sorry I thought you required Clover API access from your app. I don't think what you are looking for exists.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community