question

jeremyinvoiceasap avatar image
jeremyinvoiceasap asked ·

PAKMS endpoint returning 401 Unauthorized for some merchants

We use the e-commerce iframe/api integration to accept Clover payments for our merchants on the web. Since yesterday, we have started to see an increase in 401 Unauthorized responses to the PAKMS endpoint (https://api.clover.com/pakms/apikey). This is happening for a number of merchants.

Retrieving the permissions for the access token (https://api.clover.com/v3/access_tokens/[token] shows that the token is valid and the merchant has the appropriate permissions, but the PAKMS endpoint returns Unauthorized.


Token response:

{   "id": [redacted],   "permissions": {     "elements": [       {         "name": "INVENTORY_W"       },       {         "name": "PROCESS_CARDS"       },       {         "name": "INVENTORY_R"       },       {         "name": "ORDERS_W"       },       {         "name": "MERCHANT_R"       },       {         "name": "PAYMENTS_W"       },       {         "name": "PAYMENTS_R"       },       {         "name": "MERCHANT_W"       },       {         "name": "ORDERS_R"       }     ]   } }
e-commerce api
11 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

We started seeing this yesterday too for a subset of our merchants.

0 Likes 0 ·

Hmm, I can't think of a scenario where you would get a 401 when the token has the correct permissions. Is the process cards permission new for your app? Is it possible the merchants had the app installed before you added that permission and this they need to uninstall/reinstall your app?

0 Likes 0 ·
sdesai avatar image sdesai David Marginian ♦♦ ·

Both merchants that contacted us have been working since March and had orders on August 11th. Our access token is still working for every other permission too.

0 Likes 0 ·
Show more comments
Show more comments
David Marginian avatar image
David Marginian answered ·

This issue should be resolved, please let me know ASAP if you are still having problems.

1 comment
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

We are no longer seeing the issue on our end. Thanks for addressing this.

0 Likes 0 ·
David Marginian avatar image
David Marginian answered ·

Currently they don't expire, yes.

10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian answered ·

You should be retrieving the pakms key once per merchant and caching it not retrieving it per payment.

1 comment
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David, thanks for info. I have additional question on this:

If pakms keys are retrieved just once:

  • How long are they valid?
  • And if they are lost as result of some outage can they be re-requested for merchant?
0 Likes 0 ·

Welcome to the
Clover Developer Community