I am building a custom website for a client. They use a Clover POS and want to use Clover for online order payment processing. From what I understand by reading the docs, I need to specify a domain for CORS, so the API tokens are tied to my domain. This leads me to believe that I need to publish an app, which then my client installs and only then they can consume the ecommerce payment API. Correct?
I that's the case, how do I stop random people from installing the app? Cus' it will only be for my client. Or am I missing something here? and i can just use the ecommerce by some other means