question

Alan avatar image
Alan asked prashant-sable-1 answered

App secret versus api token

Hi Clover, I'm finding it difficult to understand the difference between the clover auth tokens and the app secret.

I'm using the app secret as the API key to send notifications to a merchant. However, despite having requested all read and write permissions. For example, I'm unable to GET /merchants or /orders using the app secret. I can only get non-notification data using either a generated API token or the by getting the auth token from the clover device. Is that intended or am I doing something wrong?

Auth
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Alan avatar image
Alan answered

I believe I can answer my own question here. It seems that every app automatically has permission to send notifications to your own app using your app secret, as long as you implement a receiver to create the notification in your APK. Then, for every other API you need to request permissions and use the clover's token generated each time the app is installed.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

prashant-sable-1 avatar image
prashant-sable-1 answered

Yes, your answer explains correctly. App secret key is used for notifications and web hooks. Auth token is used for calling Clover's Rest APIs.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community