question

trunga avatar image
trunga asked David Marginian Deactivated edited

Client Protection

I am writing a mobile app that will access the clover api. The clients concern is security. Lets say he entrusts a said provider with the application what happens if said application deleted all his data? As a third party provider accessing clover, how does one communicate safety to the client so they know their data is protected? Does clover allow deletes in the api? How does one sell trust to a client when they don't know who you are?

REST API
1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

trunga avatar image trunga commented ·

I asked another question why was it deleted

0 Likes 0 ·
David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited

Clover applications have a set of permissions (e.g. Order read/write, https://docs.clover.com/clover-platform/docs/permissions). Your application should select only the permissions your application requires. If your application does not require writes, then you should not be selecting any write permissions. When the merchant installs your application they see the permissions your application requires and can choose to either install the application (granting your app the requested permissions) or not.

5 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

trunga avatar image trunga commented ·

But does clover verify the assertion of said permissions? It has to be someone other than me because any software provider can say whatever they want but a third party sign off is what i am a looking for. Does clover do that?

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ trunga commented ·

If your app does not have, for example, delete permissions on orders but attempts to make an API call to delete orders that call will be denied. Is this what you are asking?

0 Likes 0 ·
trunga avatar image trunga commented ·

you never answered the question of who it is that verifies to the consumer that my application has said permissions and it can't be me cause any software vendor can say whatever they want and the consumer does not have to trust that as the stakes their data is high

0 Likes 0 ·
trunga avatar image trunga commented ·

yep. this is a reporting app which is read only so ii am assuming by your statements that the client determines the permissions correct? If so, how do they do that? if they control its predictable for them which is what i need. How do they set those permissions?

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ trunga commented ·

Your application will require a certain set of permissions (https://docs.clover.com/clover-platform/docs/permissions) to function correctly. When you create your app you will determine those permissions and you will set them on your app. When the client/merchant goes to install your app they will see the permissions your app requires and will either choose to install and accept granting your app those permissions or not.

You may find our app market terms helpful in answering your other questions - https://www.clover.com/app-market-terms.

0 Likes 0 ·
joel-mc avatar image
joel-mc answered Frank Faustino Deactivated converted comment to answer

If you haven't seen them, we've got an App Approval process where Clover interacts with the application developer, gets the API permissions set properly, and gets the app published into our market. Possibly some of your questions are covered there.

https://docs.clover.com/clover-platform/docs/launch-overview


Part of that process is verifying the application developer legal documents: their privacy policy and terms of service / end user license agreement (TOS/EULA) and that it accords with Clover's data policies - that's separate than the technical questions, of course.

https://www.clover.com/privacy-policy

https://www.clover.com/terms


And a developer cannot access our API without being an approved app in our market, and can only perform the API actions that our reviewers have approved during the App Approval processes. On top of that, many important objects cannot be deleted via the API.


I am uncertain the scope of your question, but we have many limitations on Apps that we control, and this isn't usually a question we run into - only apps approved in our market can access our apis, and financial data is appropriately restricted globally and for each app's use.


Is there a specific scenario that you are running into concerns with? Can you give us further details? Have you applied as a developer, and do you have a technical contact you are working with on the Developer Relations team, if you'd rather not give details in public?

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community