Authentication for API calls from Clover native app
We need to secure/authenticate API calls from our Clover native app to our servers.
What is the best way to do it, without having to prompt our merchants to configure/setup anything in our app?
I wonder if Clover has any API that our app can use to silently generate some sort of token (without asking merchant to configure or login anything, because Clover server can already authenticate if the API calls are made from their devices, right?), our app then pass that token back to our servers, and some other Clover API that our servers can use to validate that token.
If such APIs dont exist, what is the closet option we can use?
Whatever it is, our desire is to avoid having to force merchants to do any type additional login on their Clover device before being able to connect to our server (we thought of using merchant's Clover account on
clover.com, and ask they login from our app on their device. But believe it or not most of our merchants don't even know they have that account; few other know but never use so don't event remember user/pwd!)
I don't believe what you are looking for exists. It seems to violate a basic principal of OAUTH. The merchant is granting your application privilege, this can't be done without the merchant knowing about it. You will have to force the merchants to login to obtain the token and then securely store it. The tokens last one year so they will only have to login once per year.
Thank David! What I'm looking for is not OAuth (
https://en.wikipedia.org/wiki/OAuth), which is a standard for users to grant other parties permissions to access their data on some other systems. We're are not looking for way to access merchant's data on Clover.
We're looking for a, preferably seamless and least cumbersome, way to authenticate users when they access their data on our own system. I just found out after posting the question that what we're looking for is more an IDP (
https://en.wikipedia.org/wiki/Identity_provider) or SSO - that if Clover API can also provide IDP service of some sort for apps running on it. The moment after users punch in their PINs and start using apps on on their Clover devices, Clover has effectively authenticated the users. Now if it could just add a couple more API methods to have that complete IDP service for third parties app like ours to leverage...
Without this service, our app has to ask merchants to logon, using either their account on
clover.com, which very few of them know they have (most of our merchants have their card processing service setup by agents, who don't even bother giving merchant that account), or more likely their account on our system. Either way, it's a barrier for our app adoption by the merchants we're targeting.