article

laheles avatar image
laheles posted wm1 commented

Expiring auth tokens coming in 2023 - 2024

Clover plans to implement expiring authentication tokens in 2023 - 2024. We will use short-lived, refreshable access tokens to authenticate with APIs. Your applications will need to manage these tokens and handle the access token refresh to maintain continuous access to the APIs.

See the expiring auth tokens announcement for roll-out details and dates.

OAuthAPI Tokenauth tokens
6 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

itadmin avatar image itadmin commented ·

We have an existing app, however we are testing updates to the app in Sandbox and we are experiencing Auth Token issues. We are unable to get Auth Tokens after the new Core Payments update.

We're not sure if its related to the recent Core Payments update or this new Expiring Token anouncment because we cant seem to get a reply from Clove Dev Relations.

What is the status of this Auth Toke Refresh change and how do we manage the Token Refresh?

1 Like 1 ·
dmchappell avatar image dmchappell commented ·

How will this change affect the tokens generated for IFRAME integrations?

1 Like 1 ·
shopventory avatar image shopventory commented ·

Have there been any updates on this? I have not seen any announcements since April 19, 2023 (the linked announcement).

0 Likes 0 ·
hladdha avatar image hladdha commented ·

We're able to generate and test expiring tokens for platform APIs but for any of the Rest Pay display APIs with cloud display app endpoints we're still only able to use the old tokens and the new tokens are returning unauthorised itself. Are the RPD APIs using old token authorisations only yet? when are you going to release the new token authentication for them?

0 Likes 0 ·
kalingakbd avatar image kalingakbd hladdha commented ·

Seems like we are facing the same issue. @hladdha did u manage to resolve this?

0 Likes 0 ·
wm1 avatar image wm1 kalingakbd commented ·

I've been searching for an answer for 3 days now. There are a few more recent posts on this issue and Clover has not answered any of them. SDK tokens seem to be long-lived and usable in REST requests as of now, however it is not clear if they will be still valid as of August 1, and whether having OAUTH refresh+access token pair will have any affect on the SDK token and vice versa

https://community.clover.com/questions/63793/expiring-access-tokens-for-hybrid-web-and-android.html

https://community.clover.com/questions/62792/epxiring-access-tokens-for-android-and-oauth-for-c.html

0 Likes 0 ·

Welcome to the
Clover Developer Community

Article

Contributors

Laheles contributed to this article

Navigation

Related Articles

Resolving 401 (Unauthorized) responses when making API calls

Obtaining an access token via the OAuth flow in Sandbox for use with the Rest API

Impaired webhooks delivery