question

u1 avatar image
u1 asked hammer answered

Authenticating the merchant to access my web server

I understand that in the android application running on the clover device, I can check if the Clover Account is valid as follows:

CloverAccount.getAccount(this);

Essentially, I want to send/receive data from my android app to my web server. If my app verifies that the clover account is valid, then im assuming that the merchant is valid and it is safe to send/receive data from my webserver.

I don’t think I need to use oAuth

Is this a suitable approach?

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

hammer avatar image
hammer answered

This is not exactly a Clover question, but a question on general security and design.

I would (strongly) suggest that you implement some type of authentication and authorization for communications between your app and your server. While the above check will ensure that your app has a valid Clover account, your server needs to know that whatever is communicating with it is authorized to do so. You can do this with OAuth, or you can do this with some other mechanism, but it is very important that your server knows who is communicating with it, and your app knows that is really communicating with the correct server.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community