question

webmaster2 avatar image
webmaster2 asked webmaster2 published

Testing REST API in sandbox, always returns 401 Unauthorized

Hello,

I'm trying to do this and getting "401 Unauthorized" no matter what I do.

I've done all the steps... I have Test Merchant, Test Merchant token w/ all permissions, Test Merchant ID.

I click "Try It!"...

https://docs.clover.com/reference/merchantgetmerchant

... just always returns 401 Unauthorized.

What's wrong? What am I missing please? I can make a screen movie if that helps.

(I have already read through this, no help sorry: https://docs.clover.com/docs/401-unauthorized )

Use the API reference

To make a sample REST API call using the Clover API reference:

  1. From the left navigation pane, select MERCHANTS > Get a single merchant.
  2. In the Path Params section, enter your test merchant ID in the mId field. Your test merchant ID is a thirteen-character sequence of numbers. See Locate your test merchant ID for more information.
  3. In the Authentication section, enter your access token in the Bearer field. This value is the test API token that you have generated in the sandbox Developer Dashboard.
  4. Click Try It. In the JSON output response, the name value is your test merchant’s name.
REST APIAPI Token
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

6 Answers

·
bryanvargas avatar image
bryanvargas answered

You need to make sure your Token has the correct synced permissions. if you make changes to permissions after install you need to get a new token, i would recommend to generate a new token (uninstall/reinstall app from merchant)

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

webmaster2 avatar image
webmaster2 answered

Thanks for the help, bryanvargas. I posted another topic, HERE, and parquet76 is saying I don't need to create and app. Is that true? You can read in that topic what my situation is... I am trying to integrate Clover payments into my client's ecommerce site, using Hosted iframe to process payments.

So, regarding what you said re: permissions and getting a new token... parquet76 is saying generate an ecommerce token from the Test Merchant. I have done that, and the system doesn't allow any setting of permissions for an ecommerce token.

If you are talking about an "API Token" and not an "Ecommerce API Token", then yes, I can try that now as you say, delete the token, then create a new token, setting the permissions in that step. I don't think it's necessary to uninstall and then reinstall the app, correct? Again, parquet76 says I don't need an app.

thanks again for your help.

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

webmaster2 avatar image
webmaster2 answered

Just got this while trying to reply with more information... attack detected? !!

1713582229900.png

1713582278436.png


1713582229900.png (32.5 KiB)
1713582278436.png (9.7 KiB)
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

webmaster2 avatar image
webmaster2 answered webmaster2 edited

I just created a new API Token for the Test Merchant, giving it full permissions.

Then I tried this...

curl --request GET \
--url https://sandbox.dev.clover.com/v3/merchants/RCTSTAVI0010002 \
--header 'accept: application/json' \
--header 'authorization: Bearer 5963a4a9-d903-bdbb-b6f7-d472cd14358e'

which returns "401 Unauthorized", both when I tried it from HERE and from my server.

I will now delete the app from Test Merchant and reinstall the app. I doubt it will have any effect.

UPDATE: Nope, doesn't work. I have three API Tokens now for Test Merchant: all read, all write, and both all read/write. None of them work.

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

webmaster2 avatar image
webmaster2 answered

Whatever the case here, I am onto trying to set up an interactive form with HTML and javascript, in order to get a card token and create a charge, in the sandbox. See my other thread HERE.

Then I also need help creating an OAuth auth_token, to do the same test in the live environment.

I'm now trying to write some code that will accomplish that, I think... see my thread in the link.


10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

webmaster2 avatar image
webmaster2 answered

So it turns out I don't need an OAuth token. See details HERE.

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community