question

ryan-m avatar image
ryan-m asked ·

Sandbox Token Auth Failure 401 New Developer Account

I have worked with APIs in the past and have worked with OAuth2.0 as well. But normally I do not have much difficulty in getting so much as the example code to work as I am right now.

I setup a sandbox merchant and integration but have not been able to get so much as the try it example https://docs.clover.com/clover-platform/reference/merchants-1 to run.

curl --request GET \ --url 'https://sandbox.dev.clover.com/v3/merchants/PP55MZA3PJXD1?access_token=61a50800-xxxx-xxxx-xxxx-5a64b9f2a025' \ --header 'accept: application/json'

I am only getting 401 unauthorized errors.

I retrieved the merchant id and token from below. (Using token not code method for testing in my dev market integration)

https://{my_integration_url_here}?merchant_id=PP55MZA3PJXD1&employee_id=xxxxxxxxxx&client_id=xxxxxxxxxxxxx#access_token=61a50800-xxxx-xxxx-xxxx-5a64b9f2a025

Could my issue be that my developer account is still pending approval?


All applicable permissions were applied and I even removed and reconnected the test merchant to the app.

I have tried this many different ways with no change in the results.

Please assist.

API TokenAuth
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered ·

You have two developer accounts. One in production and one in sandbox. I just double checked your application in sandbox (train sales) and it is still using CODE. It appears you are confusing your sandbox and production accounts. Sandbox and production are separate environments. If you want to query data in sandbox, then you need to update your sandbox app to use TOKEN, not your production app.

2 comments Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you so much, Your absolutely right. I had not realized that I had a production store setup and a sandbox one therefore needed to use the link:

https://api.clover.com for that store instead. I guess the environment difference in the URL was not obvious with me being new to clover. I had not realized that I even had a "production environment store setup".



Currently your documentation at https://docs.clover.com/clover-platform/docs/making-rest-api-calls says:

While building and testing your apps in the sandbox environment, use the sandbox REST API with the Android emulator or with our Developer Kits and sandbox test merchants:


but I had no idea what constituted a sandbox test merchant. I thought all my stores were sandbox merchants since I am just a developer.


It would be nice if the API introduction docs had a big warning that says

If your store dashboard is https://sandbox.dev.clover.com/dashboard then you must use https://apisandbox.dev.clover.com for your api calls. If your store dashboard is at https://www.clover.com/dashboard then you must use https://api.clover.com


If it was explained in plain English like that I could have known to check for this issue. and avoided a lot of frustration on my end.

0 Likes 0 · ·
David Marginian avatar image
David Marginian answered ·

I just looked at your application and it is currently set-up to use CODE, not token. The redirect URL should include a code, and that code is used to obtain an access token - https://docs.clover.com/clover-platform/docs/using-oauth-20 (see steps 2-4).

Another common issue is that your application did NOT have the required permissions at the time it was installed. I see that it does now, but it MUST have the permissions when the app was installed. If you set the correct permissions after the app was installed you must uninstall the app, re-install the app, and obtain a new access token.

1 comment Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

I have just reinstalled the app and double checked that it does say

"Default OAuth Response: TOKEN"

new access token still fails to authenticate.

c540346f-xxxx-xxxx-xxxx-9de409fb117b

I am not currently trying to use the code method. I had only switched to code before posting this question as a test. and had since set it back to token not code.

My edit rest config screen currently has the Token (Testing Only) radio button selected. I have also reinstalled the app since making the change back.

0 Likes 0 · ·

Welcome to the
Clover Developer Community