question

Robin Walmsley avatar image
Robin Walmsley asked ·

API Auth problem accessing Tax rates, even when using Owner Id and auth token

During the installation of our app, we API GET the tax rates and write them to our own database. If I attempt to do this as the Merchant Owner, launching our app from the Clover Dashboard, I'm getting a 401 Auth error on the API GET.
This is the API code (php) :
$request = [
'method' => 'GET',
'uri' => ...'merchants/'[merch_uuid]/tax_rates',
'header' => ['Authorization' => 'Bearer [auth token],'Content-Type' => 'Application/JSON'],
];
$tax_rates = json_decode($HttpSocket->request($request));
I might add I've not seen this issue before, this is established code that has been running for a while without issue.
Has something changed, am I doing something wrong?
Thanks

API Token
1 comment
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered ·
That endpoint requires read permissions on Inventory.
2 comments Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Ok that may well be the case, but if so, why does it work on some merchants but not on others? we have not set read permission on Inventory, so therefore no merchants should be able to retrieve tax rates.

Additionally, if what you are saying is correct, where might I find that in the documentation?

0 Likes 0 · ·

Is it possible the tokens aren't being generated/provided consistently (oauth v merchant tokens)? Yes, it is documented. This page provides an overview of permissions -https://docs.clover.com/clover-platform/docs/permissions. Then on our API page (https://www.clover.com/api_docs/) you can see the tax rates GET under inventory which per the previous section means it requires a read on inventory.

0 Likes 0 · ·
Robin Walmsley avatar image
Robin Walmsley answered ·
This is in production. It is happening for at least 2 merchants, I cant test it on other merchants without changing their live data. The auth token is valid, because the token is used to retrieve Employees, Business information, Roles etc, all of which happens during the setup of a new store (merchant) on our system. This feels like a permissions problem, however the installation is being performed by the Owner.

I have just run some additional tests.
Using the auth token issued and with Postman, I can successfully GET
Roles, Merchant, Employees, Tenders, Orders, Payments, Address
But NOT Tax_rates
I used this endpoint
https://api.eu.clover.com/v3/merchants/[MERCHANTID]/tax_rates
this is the reply
{ "message": "401 Unauthorized"}

EDIT : More information.
I have two test merchants setup in Production. One allows me to GET tax_rates, the other does not. With the one that is failing, I can see no difference in the setup of the merchant details. In fact I made all the employees Admin role in case it was a permissions issue. I also checked the auth_token issued during launch of the app from the Clover Dashboard was the one that is being sent with the GET and it is.
This is most perplexing.

Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered ·
Is this happening in production or sandbox? Is it happening for all merchants or just one? Have you tried calling a different API via postman/curl to verify the token is valid?
Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community