question

paragshah avatar image
paragshah asked David Marginian Deactivated commented

401 Unauthorized when sending tokenized payment

We are trying to build a web-app using Clover API where we can view and pay for orders. Here is our workflow:

1. Order is created using Clover Station terminal (manually).

2. We pull the order and items associated with the order using the ORDERS API (/v3/merchants/{mId}/orders)

3. We then allow the user/customer to pay for that order through our web-app using the e-commerce API (https://scl-sandbox.dev.clover.com/v1/orders/{orderId}/pay).


Our credit card token is created by Spreedly and are using endpoint api.clover.com. When we try and POST to https://scl-sandbox.dev.clover.com/v1/orders/{orderId}/pay it gives us a 401 Unauthorized error but with the same OAth token I can retrieve orders and create orders.

Any help here is greatly appreciated.

Payments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited

"Our credit card token is created by Spreedly and are using endpoint api.clover.com"

I am not exactly sure what you mean by the above statement but Sandbox and production (api.clover.com) are completely separate environments. A production token will not work in sandbox or vice-versa.

Have you recently adjusted the permissions on your application via the Clover dashboard? If so, you need to uninstall/reinstall the app and obtain a new token - https://community.clover.com/articles/23744/resolving-401-unauthorized-responses-when-making-a.html.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

paragshah avatar image
paragshah answered David Marginian Deactivated commented

Hey David, that was super helpful and worked when I unistalled/reinstalled the app. I was able to get to the point of sending the tokenized payment and received this error back:


"The certificate specified in the "rsa" function has not been signed by FirstData"


Is that because the token was generated by Spreedly? Any help here is greatly appreciated.

8 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image David Marginian ♦♦ commented ·

Yeah, you wouldn't see that if you used our tokenization. I am out today but I can ask ecomm next week, I don't expect there is anything to do on our end if you are using an invalid token, so you may want to ask Spreedly.

0 Likes 0 ·
paragshah avatar image paragshah David Marginian ♦♦ commented ·

Thanks David. I did also reach out to Spreedly on this but would be good to hear from your ecomm team if they actually support Spreedly because Spreedly says they support Clover.

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ paragshah commented ·

I am guessing they aren't aware of our newer ecomm APIs.

0 Likes 0 ·
Show more comments
David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited

I spoke to our Ecomm team and they said that if you intend to use a Clover ecomm order/pay endpoint then you would need to use a Clover token. It should be possible to convert a Spreedly token into a Clover token but you need to work with Spreedly for support if you are not following our standard process.

6 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

paragshah avatar image paragshah commented ·

Thanks David for your help. I have reached out to Spreedly multiple times but they keep saying I have to reach out to Clover so kind of feels like both companies are pointing the finger the other direction. Is there anyone on your team that would know more about how to use Spreedly with Clover ecomm api?

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ paragshah commented ·

No, my message was seen and responded to by the entire team. Honestly, your request never made sense to me. When using a Clover endpoint to pay, a Clover token must be used. If you can convert a Spreedly token into a Clover token that is one you and not something we can support you with.

0 Likes 0 ·
paragshah avatar image paragshah David Marginian ♦♦ commented ·

David, this is the response from spreedly support. Is your team able to advise us on which certificate to use and the encryption requirements?

--

Hello,


If the card number should be encrypted with RSA, Clover/FirstData should be able to advise you on which certificate to use and how to get it signed correctly.


You'll want to confirm with Clover/FirstData what the encryption requirements are for the receiver template for them.


The certificate signing is an action item that we unfortunately can't do for you. Based on the error, there is an issue within the RSA function and it looks like the certificate is not signed so the request was not sent. You can review our RSA API docs here.


Warm regards,



Sabrina Roeschley
Support Engineer | Spreedly

0 Likes 0 ·
Show more comments

Welcome to the
Clover Developer Community