question

shortkut-dev avatar image
shortkut-dev asked michael answered

How can we ensure that an Authenticated Clover Station is calling us?

The clover app which the merchant install, needs to call our service to verify some data. 1. How do we make authenticate the clover app against our service.
2. The merchant might have quite a few clover stations, We don't want to login from all the stations 3. We don't some arbitrary service authenticated against us so need to be able to have some shared secret or something that can be verified on server.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jeffrey Blattman avatar image
Jeffrey Blattman answered

You are authoring an application for Clover devices. Your application calls your server. You are asking how your server will verify that it's your (and only your) application that's communicating with it. Is that correct?

Since it's your server, this is not something that Clover can help you with. The most obvious approach would be to use OAuth to negotiate an access token. What you end up with here will depend on your unique security requirements.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

michael avatar image
michael answered

If you want to rely mostly on Clover you can do something with access tokens. A couple of examples

  • Your app can request the token from the device (examples are on github) and pass this along with the merchant id to your server. You can then make a server-to-server api call with that token ie GET /v3/merchants/{mid} and therefore verify the token is legit and matches that merchant.

  • We also have an older api that you can POST to /v2/verify_token?access_token=zzzzzzzzz. It takes a json payload { "merchantId":"xxxxxxxx", "appId":"yyyyyyy", token:"zzzzzzzzz" } and it will return a 200 if the details match else it will return an error

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community