My software consists of a Clover Android app and a web application. The Android app has to upload user provided data to the web application with a POST request. Since I need to secure the API on Django side to only allow POST requests from Clover terminals I need some authentication process. I thought about Clover's tokens:
The Clover Android App can generate a token with the SDK. The web app generates also tokens with the Oauth process. However, I compared the tokens and I see they are not the same for the same merchant.
So I thought, is there a possibility that I generate a Clover auth token on Android app, send the POST request with token and data to the web application (Django) and check using Django if the provided token is a token that is also accepted by Clover? If yes, data are written to the database.
Since merchants are anyway authenticated with their terminals, it seems the best option for me to re-use Clover's authentication system to realize this. If that does not work, I am happy to hear other suggestions.