question

ryanram avatar image
ryanram asked ·

Create Payment Record always says unauthorized, but token is supposed to be valid

I'm trying to create a payment record, but it keeps giving me unauthorized, altho the token I'm providing is already valid. here's a sample call in java


MediaType mediaType = MediaType.parse("application/json");
String tenderId = "...";
RequestBody body = RequestBody.create(mediaType, "{
                  \"tender\":{
                  \"id\":\"" + tenderId + "\"},\"amount\":" + order.getTotal() + "}");
okhttp3.Request request = new okhttp3.Request.Builder()
        .url("https://sandbox.dev.clover.com/v3/merchants/" + authResult.merchantId
                + "/orders/" + orderId
                + "/payments?access_token=" + authResult.authToken)
        .post(body)
        .addHeader("content-type", "application/json")
        .addHeader("authorization", "Bearer " + authResult.authToken)
        .build();

client.newCall(request).enqueue...


so if someone can point out what is lacking or if the header format is wrong?

do note that I've already authorized on the dashboard the correct permissions. order and payment r/w for testing.


Cheers

OrdersPayments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered ·

Sorry, I was unaware of this endpoint.

1. Pass the token in the header, not in the request (you don't need to do both and header is more secure).

2. Please read through this for help with the Unauthorized error - https://community.clover.com/articles/23744/resolving-401-unauthorized-responses-when-making-a.html.

3 comments Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks David, I follow the guide, and did most of the checklist for ensuring against the 401 error.


I found that we have to uninstall the app via dev dashboard. will side loading the apk after setting the permissions take effect right away when I side loading the apk?


1. permissions - done that, check all Read/Write boxes for the sake of testing.

2. we get our tokens AuthResult.authToken, we tested it on some GET requests, and it gave use success responses. now the problem now lies when doing POST requests. which supposedly its gonna allow, since we already


will check on those other points on the guide that you shared.

0 Likes 0 · ·

The guide assumes you are using the OAuth flow to obtain the token. It sounds like you are making an auth call from your Android app on the Clover device to obtain the token? I may need to amend the guide a bit depending on what we discover here to account for obtaining a token from an auth call from an app running on a Clover device. It is likely that you have not properly uninstalled/reinstalled the app. If you had to change your apps permissions after it was installed I believe you will need to:

1) uninstall the app from the web dashboard.

2) adb uninstall

3) Set the permissions in the web dashboard.

4) adb install

5) Obtain a new token

If you continue to have issues provide the exact steps you have taken, I can't guess at what you are doing. You can also obtain your token via OAuth after you have set the permissions correctly (I am assuming your app has payment write?) and uninstalled/reinstalled the app via the dashboard. If the token from OAuth works and the token from your app does not you are still not correctly uninstall ing/reinstalling the app.


0 Likes 0 · ·
ryanram avatar image ryanram David Marginian ♦♦ ·

ok thanks for that, I will try to implement the oauth flow on android via webview and get a token that way to confirm. will let you know.


yes I have payment write enabled on dashboard too.

0 Likes 0 · ·
ryanram avatar image
ryanram answered ·

Thanks David, I follow the guide, and did most of the checklist for ensuring against the 401 error.


I found that we have to uninstall the app via dev dashboard. will side loading the apk after setting the permissions take effect right away when I side loading the apk?


1. permissions - done that, check all Read/Write boxes for the sake of testing.

2. we get our tokens AuthResult.authToken, we tested it on some GET requests, and it gave use success responses. now the problem now lies when doing POST requests. which supposedly its gonna allow, since we already
Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community