question

mrcartier avatar image
mrcartier asked araja commented

Having problem generating public key

I'm sandbox testing following the e-commerce API tutorial from 4/8/20 along with the docs. We are to generate a public key which is used here:

const clover = new Clover('A PUBLIC KEY');
const elements = clover.elements();

The public key comes from core APIs & is generated using the following (my backend is python)

import requests

url = "https://apisandbox.dev.clover.com/pakms/apikey"

headers = {'accept': 'application/json'}

response = requests.request("GET", url, headers=headers)

print(response.text)

But I keep getting {"message":"401 Unauthorized"} in my response? I've tried to use the API ID & secret which I find in the sandbox dashboard. The code below comes from here just filling in the box with API ID or secret.

headers = {
    'accept': "application/json",
    'authorization': "Bearer MY APP ID"
    }

But I don't find/see any other fields to possible use... can someone assist? Thanks

Sandboxe-commerce api
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated commented

The bearer token needs to be a valid Clover access token.

You have two options for obtaining one.

1) Production or testing - Follow the OAuth flow - https://docs.clover.com/clover-platform/docs/using-oauth-20

2) Testing only

Login to your developer dashboard. Under your application's "App Settings" select the pencil (edit) icon next to "REST Configuration". Under "Default OAuth Response" you will see two options: Code and Token. Code is for use with the OAuth flow (see #1 above), Token can be used during testing (testing ONLY) and allows you to by-pass the OAuth flow. Select Token and then select the "Example OAuth Request" link. You may be directed to a page for merchant selection, if so, select a merchant. You will then be directed to a URL, the access_token value in the location can be used as the bearer.

Once you have a valid access token, you will need to use it to obtain a PAKMS key, and that is what is passed in the "new Clover" call.

https://docs.clover.com/clover-platform/docs/using-the-clover-hosted-iframe

Please see the "Configuring the SDK" section. The PAKMS key needs to be passed, not the access token. Information on obtaining the PAKMS key is located here: https://docs.clover.com/clover-platform/reference/keys#getapikey


2 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

mrcartier avatar image mrcartier commented ·

Thanks @David Marginian. As per your last recommendation (for some reason I'm not able to see all our previous comments) I uninstalled/reinstalled the application & created a new token (ends with 769).

But unfortunately it's still 401 unauthorized in the browser network tab. I created a second app, added e-commerce permissions, installed to test merchant, generated a token (ends with 834) & it fails with 401 too. Both tokens return 200 when calling the REST API...

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ mrcartier commented ·

Have you seen my answer above? You need to pass the pakms token not the access token. This is documented in the links I attached in the answer.

0 Likes 0 ·
araja avatar image
araja answered araja commented

I have a question here. I have successfully obtained PAKMS Key and have used it in my android app for Ecommerce API payment. Now, will this key remain always valid? or can this key expire? If it expires, will I have to regenerate this key and upload a new version of app? This doesn't sound practical.

8 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image David Marginian ♦♦ commented ·

You need to design your application with the assumption that they could expire. So, don't design your app with a hard-coded PAKMS key (which it sounds like you have).

0 Likes 0 ·
araja avatar image araja David Marginian ♦♦ commented ·

Thanks for quick response. But, this means I have to obtain OAuth token dynamically as well and that requires merchant login. Why would customer allow merchant to login in the app installed on their mobile?

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ araja commented ·
Why would customer allow merchant to login in the app installed on their mobile?

Obviously, that doesn't make sense. A lot of this depends on how your application works and you have not provided details on that. I assume your app has access to a server? If so, you should securely store the access token on the server and your app can request it. If calls ever start failing you can guide the merchant through the OAuth flow again and securely store the new token.

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community