I understand that in the android application running on the clover device, I can check if the Clover Account is valid as follows:
CloverAccount.getAccount(this);
Essentially, I want to send/receive data from my android app to my web server. If my app verifies that the clover account is valid, then im assuming that the merchant is valid and it is safe to send/receive data from my webserver.
I don’t think I need to use oAuth
Is this a suitable approach?
This is not exactly a Clover question, but a question on general security and design.
I would (strongly) suggest that you implement some type of authentication and authorization for communications between your app and your server. While the above check will ensure that your app has a valid Clover account, your server needs to know that whatever is communicating with it is authorized to do so. You can do this with OAuth, or you can do this with some other mechanism, but it is very important that your server knows who is communicating with it, and your app knows that is really communicating with the correct server.