question

jeremyinvoiceasap avatar image
jeremyinvoiceasap asked jeremyinvoiceasap commented

PAKMS endpoint returning 401 Unauthorized for some merchants

We use the e-commerce iframe/api integration to accept Clover payments for our merchants on the web. Since yesterday, we have started to see an increase in 401 Unauthorized responses to the PAKMS endpoint (https://api.clover.com/pakms/apikey). This is happening for a number of merchants.

Retrieving the permissions for the access token (https://api.clover.com/v3/access_tokens/[token] shows that the token is valid and the merchant has the appropriate permissions, but the PAKMS endpoint returns Unauthorized.


Token response:

{   "id": [redacted],   "permissions": {     "elements": [       {         "name": "INVENTORY_W"       },       {         "name": "PROCESS_CARDS"       },       {         "name": "INVENTORY_R"       },       {         "name": "ORDERS_W"       },       {         "name": "MERCHANT_R"       },       {         "name": "PAYMENTS_W"       },       {         "name": "PAYMENTS_R"       },       {         "name": "MERCHANT_W"       },       {         "name": "ORDERS_R"       }     ]   } }
e-commerce api
11 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sdesai avatar image sdesai commented ·

We started seeing this yesterday too for a subset of our merchants.

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ sdesai commented ·

Hmm, I can't think of a scenario where you would get a 401 when the token has the correct permissions. Is the process cards permission new for your app? Is it possible the merchants had the app installed before you added that permission and this they need to uninstall/reinstall your app?

0 Likes 0 ·
sdesai avatar image sdesai David Marginian ♦♦ commented ·

Both merchants that contacted us have been working since March and had orders on August 11th. Our access token is still working for every other permission too.

0 Likes 0 ·
Show more comments
Show more comments
David Marginian avatar image
David Marginian Deactivated answered jeremyinvoiceasap commented

This issue should be resolved, please let me know ASAP if you are still having problems.

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jeremyinvoiceasap avatar image jeremyinvoiceasap commented ·

We are no longer seeing the issue on our end. Thanks for addressing this.

0 Likes 0 ·
David Marginian avatar image
David Marginian Deactivated answered tombialy commented

You should be retrieving the pakms key once per merchant and caching it not retrieving it per payment.

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

tombialy avatar image tombialy commented ·

David, thanks for info. I have additional question on this:

If pakms keys are retrieved just once:

  • How long are they valid?
  • And if they are lost as result of some outage can they be re-requested for merchant?
0 Likes 0 ·
David Marginian avatar image
David Marginian Deactivated answered

Currently they don't expire, yes.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community