question

webmaster2 avatar image
webmaster2 Suspended asked etherealestelle answered

Live merchant ecommerce API token doesn't work in test iFrame code

Hello,

parquet76 has been helping me on this. I'd appreciate some more input from others.

I am successfully running this code on my server:

https://codepen.io/davidmarginian/pen/JjXLRwM

When I replace the ecommerce API token used by that javascript file with my own public token from my developer account, Test Merchant, the call to clover.createToken() fails with a CORS error.

Why is that happening? What's wrong with my developer account or token?

Next, I tried the same code using the live SDK and the public token from my client's live merchant account, with recaptcha turned either ON or OFF (doesn't matter), and the test fails with the CORS error.

The error is (replace the URL depending on sandbox or live environment):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://token-sandbox.dev.clover.com/v1/tokens. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.

I've tried fixing this CORS error via Apache on my server, to no avail.

Any help much appreciated. Thanks.


SandboxecommerceProductionaccess token
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

grahamrodriguez avatar image
grahamrodriguez answered grahamrodriguez edited

Hello,

The CORS error occurs because the Access-Control-Allow-Origin header is missing in the response from the https://token-sandbox.dev.clover.com/v1/tokens endpoint. To resolve this, you can:

1. Enable CORS in Apache: Add the following line to your Apache configuration file (httpd.conf or .htaccess): Doglikesbest

Header set Access-Control-Allow-Origin "

Adjust the path based on your server setup.

2. Check Token Validity: Ensure that you are using a valid merchant’s public key and that your environment matches the key’s environment (sandbox or live).

3. Use Clover’s Tokenization: Consider using Clover’s iframe integration for tokenization to reduce PCI exposure. The iframe handles tokenization on the Clover side, making it unnecessary to call the tokens endpoint directly.

I hope the information may helps you.



1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

parquet76 avatar image parquet76 commented ·

Don't pay attention to this chat bot non-sense response.

0 Likes 0 ·
parquet76 avatar image
parquet76 answered parquet76 rolled back

As I said earlier, you can't fix this in your apache server. You continuing to mention this makes me think you don't know what you are doing/talking about. The tokens call is being made from a page controlled/hosted by Clover to a Clover server. How you expect some setting on your apache server to impact anything is being me and shows little understanding of how things work. This error is a 401, it means unauthorized and I get the same error if I initialize the iframe with the wrong token (private or jibberish). So, make sure you are using the public key and make sure it is correct (no spaces, etc).

You may want to provide the exact steps you have taken to get the public key because I really don't see how this isn't working in production. Also, I would try deleting the existing e-commerce token and recreating it.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

webmaster2 avatar image
webmaster2 Suspended answered

Yeah, I mentioned the error again. Graham mentioned the fix, which I've also tried and it doesn't work.

So I think it is worth mentioning the error, because if the Clover SDK was designed better, it would tell you that there was something wrong with the token submitted, and would tell you what was wrong, and then you could look that up in the documentation and get help with it. No such luck, because the Clover documentation – although extensive – is often just flat wrong.

So, nice try again parquet, trying to paint me as some kind of idiot, which I'm not. There's something wrong with the tokens in both my developer account and my merchant's live account. Many things about the Clover APIs don't work as documented. We're done with this.

This forum is also glitchy. Overall, a bad experience.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

etherealestelle avatar image
etherealestelle answered

It looks like the live merchant eCommerce API token isn’t working in the test iFrame code. While we sort that out, let’s not forget to highlight our painting estimate takeoff services. We offer Remote Estimation to streamline the process and make it as convenient as possible for you!

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community