question

tombialy avatar image
tombialy asked ·

401unauthorized - new developer

I have very recently created a development account. I managed to get implement oauth20 to get the API token.


However, when I try to use with even on basic API calls, I am getting 401 unauthorized error. I see that even if I try the API examples. Here is the curl example with obfuscated token.

Does it have to do with me being new developer and still going through the review process?


curl -v "https://api.clover.com/v3/merchants/H1ZX51YNH76Q1"; --header "Authorization: Bearer 8xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxd"

....


* Connection #0 to host api.clover.com left intact

{"message":"401 Unauthorized"}* Closing connection 0

~/g


API TokenAuth
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

David Marginian avatar image
David Marginian answered ·

api.clover.com is a production URL, but the merchant in the request you posted above is a sandbox merchant. Sandbox != Production, they are separate environments. For sandbox you should be using:

https://apisandbox.dev.clover.com

Please see our documenation: https://docs.clover.com/clover-platform/docs/making-rest-api-calls.

6 comments Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Good catch. Thanks.


However, after switching to sandbox, I am still having the same issue if I use https://apisandbox.dev.clover.com or even https://sandbox.dev.clover.com


Here are examples:


curl -v --request GET \

--url 'https://apisandbox.dev.clover.com/v3/merchants/H1ZX51YNH76Q1?access_token=xxxx' \

--header 'accept: application/json'


curl -v --request GET \

--url 'https://sandbox.dev.clover.com/v3/merchants/H1ZX51YNH76Q1?access_token=xxxx' \

--header 'accept: application/json'

Note: Unnecessary use of -X or --request, GET is already inferred.

....

* Connection #0 to host sandbox.dev.clover.com left intact

{"message":"401 Unauthorized"}* Closing connection 0

0 Likes 0 · ·

Providing such verbose request tracing is not necessary. Either your permissions are off or you don't have a valid token, it's as simple as that. Please explain exactly how you obtained the token. What steps did you follow?

0 Likes 0 · ·

Thanks for looking into this. Here are steps I am taking:


Step 1:

Redirecting to:

2020-04-24 21:27:11 DEBUG OAuthCloverInitServlet:58 - Redirecting to: https://sandbox.dev.clover.com/oauth/authorize?response_type=code&client_id=TRTD84Q0SQ69W&redirect_uri=https%3A%2F%2Fqtek.ddns.net%2Frest%2Foauth%2Fclv%2Foauth_callback


Step 2:

After receiving callback with code. I send it along with secret (obfuscated below):

Cmd=[GET https://sandbox.dev.clover.com/oauth/token?client_id=TRTD84Q0SQ69W&client_secret=5xxxxxxxxxxxa&code=e02329b7-30c4-ea9d-6995-973c1bf80957 HTTP/1.1]


This returns access token:

{

"access_token" : "15823253-xxxxxxxx-1b9db955a2bc"

}


Step 3:

Which than I use


Cmd=[GET https://sandbox.dev.clover.com/v3/merchants/H1ZX51YNH76Q1 HTTP/1.1]

Header key=[Authorization] val=[Bearer 15823253-xxxxxxxx-1b9db955a2bc]


Which than produces 401


Got reply:{

"message" : "401 Unauthorized"

}

0 Likes 0 · ·

Are you certain that when you installed the app to the merchant that it had the appropriate permissions? I see that it does now, but if it didn't at the time of install you will need to uninstall and reinstall the app.

0 Likes 0 · ·

That is very good point. Initially, it indeed did not have all permissions. I changed it later when i was trying to debug the access problem. I will reinstall my app.


0 Likes 0 · ·

The merchant accepts the permissions of your app at the time the app is installed, and the token reflects the permissions at that time.

0 Likes 0 · ·

Welcome to the
Clover Developer Community