question

jamescdev avatar image
jamescdev asked David Marginian Deactivated edited

API Token for API References gives me a 401 Unauthorized Code for JS

Hello to all, I'm currently testing some API keys I generated after making a sandbox developer account. I need these API tokens to work for Javascript, every time I copy and paste these tokens to the access_token filed like so:

screen-shot-2020-11-30-at-12830-pm.png

I get a 401 Unauthorized error. It seems to me that the URL parsing is wrong, but I'm unsure as to how it should look like. I tried it in cURL personally changing a few things around and it worked.


This:

fetch("https://sandbox.dev.clover.com/v3/merchants/mId?access_token=xxxx-xxxxx-xxxxxx-xxxxxx-xxxxxx", {
  "method": "GET",
  "headers": {
    "Accept": "application/json"
  }
})
.then(response => {
  console.log(response);
})
.catch(err => {
  console.error(err);
});


Seems wrong, can anybody advice on how it should be written, thanks in advance.

REST APIe-commerce apiAPI TokenAuthaccess token
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited

It appears you are trying to use merchant tokens, is that correct? Merchant tokens are largely forbidden in production. They are only allowed if you are building a solution for a single merchant. Any other integration requires a Clover app and the use of OAuth tokens.

Can you be more specific here? You said you need to tokens to work from "JavaScript", you can have server or client side JavaScript. So, do you need the tokens to work from the web browser? If you need the tokens to work directly from the web browser you cannot use merchant tokens. You need to set-up a Clover app and configure the CORs domain correctly. If you do have an integration designed for a single merchant you can use merchant tokens but they cannot be used directly from the web browser. You need to proxy the calls to your server which could make the Clover API calls (the token should be passed as a header, not in the query string) and send the response back to the browser.

4 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jamescdev avatar image jamescdev commented ·

I'm building a solution for a single merchant, my idea is to use third party apps like Smart Print to print orders as they are placed in my web app. I need client side JS working, my server uses a different language. I've modified my code so the access_token is a header.

fetch("https://sandbox.dev.clover.com/v3/merchants/XXXXXXXXXXXXX", {
  "method": "GET",
  "headers": {
    "Authorization": "Bearer xxxxxxxx-xxx-xxx-xxxx-xxxxxxxxxx",
    "Accept": "application/json"
  }
})
.then(response => {
  console.log(response);
})
.catch(err => {
  console.error(err);
});

I do still get the No 'Access-Control-Allow-Origin' error. Not sure how to set-up a Clover app and configure the CORs domain correctly.


0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ jamescdev commented ·

It doesn't matter what language your server is written in, you need to make the Clover requests from the server and then pass the data back down to the client if you want to use merchant tokens (there is no way to configure the CORs URL via merchant tokens).

Building an app is also an option but the process is long and involved for single merchant use (approval is taking at least 9 weeks right now). You can read more about the approval process here - https://docs.clover.com/docs/developer-app-approval.


0 Likes 0 ·
jamescdev avatar image jamescdev David Marginian ♦♦ commented ·

Thank you for the response. I'm not going to build an app, I'm planning to use Smart Print. I'll figure out how to make calls from the server, still I should be getting some sort of response even in the Clover test environment. Like stated in my original post, it gives me a response using cURL.


This works:

curl --request GET \
  --header "Authorization: Bearer xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx" \
  --header "Content-Type: application/json" \
  https://apisandbox.dev.clover.com/v3/merchants/XXXXXXX 


All I need is the equivalent to this in JS.

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community