question

mciaravino avatar image
mciaravino asked ·

REST API Authentication Issues

My company uses CloverGo for mobile transactions. We are trying to comply with new CCPA legislation where California residents can make access requests to retrieve personal information we (and our 3rd party service providers) are retaining.


Since CloverGo is a 3rd party service provider for us, we need to be able to use your REST APIs to retrieve our customer data so we may properly report on it when requested. The REST APIs we need to utilize are here:

https://docs.clover.com/clover-platform/reference/customers-1


I was able to create an account for my merchant and I created a REST API token under Account and Setup > API Tokens. I am simply trying to make a GET request in POSTMAN to the following URL:

https://api.clover.com/v3/merchants/{our MID}/customers


However, I am unsure how to send the API token I created along with the request. The docs here say that the request requires OAuth2 for authentication, but this seems to be related to creating a Clover App on some kind of app marketplace for other merchants to use.


We do not need to put some kind of app on any marketplace, I simply wish to just make requests to the API to retrieve our customer data for CCPA access purposes.


Are there any guides for this simple use case? Or, how can I send authentication details along with the request above?


REST APIAPI TokenOAuth
9 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Do you want to access data for merchant's owned by your developer account, or merchant's that are not-owned by your developer account?

0 Likes 0 · ·
mciaravino avatar image mciaravino David Marginian ♦♦ ·

Hi David,


I only want to access the data for the merchant that my developer account is a part of.

0 Likes 0 · ·

For testing purposes you can use the merchant token you have created. The token can be passed either in the query string or as a header. Please see - https://docs.clover.com/clover-platform/docs/using-api-tokens.


0 Likes 0 · ·
Show more comments

1 Answer

David Marginian avatar image
David Marginian answered ·

For testing purposes you can use the merchant token you have created. The token can be passed either in the query string or as a header. Please see - https://docs.clover.com/clover-platform/docs/using-api-tokens.

Final Update regarding unpublished apps:

Unfortunately, it appears that I have been given incorrect information. I took a look at the code in this area and I don't see this currently being possible. I apologize for the inconvenience. I do agree that this is something that we should provide and I will try to pursue this internally.


All of the information below this point is incorrect (from my original post)

You will need to create a Clover web application, however as long as the merchant is directly owned by your developer account you do not need to have the application published. You can obtain an OAuth token by going through the OAuth flow - https://docs.clover.com/clover-platform/docs/using-oauth-20.

How to:

Ideally the merchant of the live device would create their own developer account and invite the developers of the app to join their account (Developer Settings -> Members -> Invite Members). The developers could then create their app in the merchant's developer account. The OAuth flow could then be followed and the merchant would have access to the developer's unpublished apps.

This process can be followed in reverse if the developer already created the app and wants the merchant to have access to it. They can invite the merchant to be a member of their account, and if the merchant accepts they will have access to the unpublished app. This is a less ideal and official option because the merchant is giving away control to the developer.

7 comments Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hello. Regarding your answer here:


"however as long as the merchant is directly owned by your developer account you do not need to have the application published. "


How can I create a developer account for my already live merchant accounts (of which I have several)?


I know how to create a separate developer account and test merchant accounts underneath it. But your answer seems to indicate that we can create a developer account tied to a live merchant, and then be able to use OAuth without publishing an app. Can you explain how?


Otherwise, I don't think your answer is what @ (mciaravino, the OP) was looking for.


Thanks

0 Likes 0 · ·

Please see my updated answer on how to do this.

0 Likes 0 · ·
cloveruser808 avatar image cloveruser808 David Marginian ♦♦ ·

Thank you for the reply. There seems to be a disconnect or misunderstanding.

  1. I've invited my live merchant to be an admin to my dev account.
  2. From my Live merchant login, I can click into the Dev dashboard and I can see my app.
  3. When I click on "Preview in App Market", I get an error saying the "owner" needs to add me as an employee. Presumably, this means that my DEV account owner needs to add my LIVE account as an employee
  4. I tried that, but anytime I open the app, it redirects me to the app in my TEST business that I created under my DEV account.

In other words, the flow doesn't allow me to open my unpublished app in my LIVE account, even when my LIVE account is an admin member of my DEV account.


I even tried to create an app logged in as my LIVE account. It still redirects me to try to install the app on my test locations. Essentially, I can't open any unpublished app in my LIVE account.

0 Likes 0 · ·
Show more comments

Welcome to the
Clover Developer Community