question

ryanram avatar image
ryanram asked ryanram commented

Create Payment Record always says unauthorized, but token is supposed to be valid

I'm trying to create a payment record, but it keeps giving me unauthorized, altho the token I'm providing is already valid. here's a sample call in java


MediaType mediaType = MediaType.parse("application/json");
String tenderId = "...";
RequestBody body = RequestBody.create(mediaType, "{
                  \"tender\":{
                  \"id\":\"" + tenderId + "\"},\"amount\":" + order.getTotal() + "}");
okhttp3.Request request = new okhttp3.Request.Builder()
        .url("https://sandbox.dev.clover.com/v3/merchants/" + authResult.merchantId
                + "/orders/" + orderId
                + "/payments?access_token=" + authResult.authToken)
        .post(body)
        .addHeader("content-type", "application/json")
        .addHeader("authorization", "Bearer " + authResult.authToken)
        .build();

client.newCall(request).enqueue...


so if someone can point out what is lacking or if the header format is wrong?

do note that I've already authorized on the dashboard the correct permissions. order and payment r/w for testing.


Cheers

OrdersPayments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated commented

Sorry, I was unaware of this endpoint.

1. Pass the token in the header, not in the request (you don't need to do both and header is more secure).

2. Please read through this for help with the Unauthorized error - https://community.clover.com/articles/23744/resolving-401-unauthorized-responses-when-making-a.html.

3 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

ryanram avatar image ryanram commented ·

Thanks David, I follow the guide, and did most of the checklist for ensuring against the 401 error.


I found that we have to uninstall the app via dev dashboard. will side loading the apk after setting the permissions take effect right away when I side loading the apk?


1. permissions - done that, check all Read/Write boxes for the sake of testing.

2. we get our tokens AuthResult.authToken, we tested it on some GET requests, and it gave use success responses. now the problem now lies when doing POST requests. which supposedly its gonna allow, since we already


will check on those other points on the guide that you shared.

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ ryanram commented ·

The guide assumes you are using the OAuth flow to obtain the token. It sounds like you are making an auth call from your Android app on the Clover device to obtain the token? I may need to amend the guide a bit depending on what we discover here to account for obtaining a token from an auth call from an app running on a Clover device. It is likely that you have not properly uninstalled/reinstalled the app. If you had to change your apps permissions after it was installed I believe you will need to:

1) uninstall the app from the web dashboard.

2) adb uninstall

3) Set the permissions in the web dashboard.

4) adb install

5) Obtain a new token

If you continue to have issues provide the exact steps you have taken, I can't guess at what you are doing. You can also obtain your token via OAuth after you have set the permissions correctly (I am assuming your app has payment write?) and uninstalled/reinstalled the app via the dashboard. If the token from OAuth works and the token from your app does not you are still not correctly uninstall ing/reinstalling the app.


0 Likes 0 ·
ryanram avatar image ryanram David Marginian ♦♦ commented ·

ok thanks for that, I will try to implement the oauth flow on android via webview and get a token that way to confirm. will let you know.


yes I have payment write enabled on dashboard too.

0 Likes 0 ·
ryanram avatar image
ryanram answered

Thanks David, I follow the guide, and did most of the checklist for ensuring against the 401 error.


I found that we have to uninstall the app via dev dashboard. will side loading the apk after setting the permissions take effect right away when I side loading the apk?


1. permissions - done that, check all Read/Write boxes for the sake of testing.

2. we get our tokens AuthResult.authToken, we tested it on some GET requests, and it gave use success responses. now the problem now lies when doing POST requests. which supposedly its gonna allow, since we already
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community