question

kcardona avatar image
kcardona asked kcardona commented

Unable to get employees via RestAPI

Hi all,


I have a problem getting the employees data from my APP or from the Clover API reference web.

if you click in this link you will be able to get the employee data without problem

https://sandbox.dev.clover.com/v3/merchants/Nscrubbed/employees/HZ3SXJ0YF4VX0?access_token=scrubbed


However I get error 401 if I try to get the employee information from my App or via Clover API reference web

https://docs.clover.com/clover-platform/reference/employees-1


I can read the merchant and the customers data without problem


any idea?


All the best

Karel


REST API
7 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image David Marginian ♦♦ commented ·

Does your app have employee read permissions? How did you obtain your access token? Did you add employee read permissions after you installed your app? If so you need to uninstall/reinstall the app and obtain a new token. If you continue to have problems please send your app/merchant ids and the access token you are using in a private post.

0 Likes 0 ·
kcardona avatar image kcardona David Marginian ♦♦ commented ·

- Yes the App have employee read permissions

- I got the auth-token via OAuth2.0 , I wrote an App following this instructions https://docs.clover.com/clover-platform/docs/making-rest-api-calls . And them I click Example Auth Request in the App Setting => Edit Rest Configuration

0 Likes 0 ·
kcardona avatar image kcardona commented ·

Hi David,


thank you for your answer. Looks like we have a security problem here. If the App doesn't have employee read permission them Why I can read all employees when I copy/paste the URL generate by the Clover Platform reference (https://docs.clover.com/clover-platform/reference/employees-1) in Google Chrome. However as you can see in the screenshot when I tried to fetch the employees using the Clover Platform I got error 401 Unauthorized.

all the best

Karel

0 Likes 0 ·
screenshot-from-2020-05-13-14-57-55.png (114.8 KiB)
screenshot-from-2020-05-13-14-58-28.png (268.5 KiB)
David Marginian avatar image David Marginian ♦♦ kcardona commented ·

Please try your request in a new browser. You have many tabs open and I suspect you are logged in as the merchant and that is why the request is working in Chrome (that is really the only explanation). I didn't say your app doesn't have the permissions, I said that the access token doesn't. The access token has the permissions that were associated with the app at the time the app was installed by the merchant.

1 Like 1 ·
kcardona avatar image kcardona David Marginian ♦♦ commented ·

Hi David,


You are right , I can read the employees because I'm logged in as the merchant.

I double check the the App request access to read the Employees and generate another access_token and I get the same results . Error 401.


0 Likes 0 ·
screenshot-from-2020-05-13-15-21-54.png (177.0 KiB)
Show more comments

1 Answer

David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited

I checked the token you have provided and it does not have employee read permissions (it only has MERCHANT_R, PAYMENTS_R, CUSTOMERS_W, CUSTOMERS_R). If you modify your app permissions after you have installed the application, you must uninstall the application, reinstall the application and then generate a new access token. Why? If this wasn't required, your application could modify the permissions of the app without the merchant knowing about or approving the changes.

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community