question

leojaimes avatar image
leojaimes asked David Marginian Deactivated edited

Develop Android/IOS that only runs clover's rest api

Is it possible to develop an app (Android / IOS) that only makes requests to the REST API that works like Dashboard (inside a Clover Device) of another mobile application that is executed outside the environment of a Clover Device ? I have already developed the presentation layer of both apps

Thank you in advance

Auth
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image
David Marginian Deactivated answered

The Rest API can of course be used remotely. However, we probably don't publicly expose all of the endpoints used by our dashboard.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

leojaimes avatar image
leojaimes answered David Marginian Deactivated edited

Hi David, Thank you for you reply.

In the flow that we have designed, we have a mobile android application (smartphone) that will be used by the user who wants to make a reservation.

The mobile client (smartphone) must log in and select a merchant from the list of merchants that have given permissions to the Bar Owner Application.
Then the customer can generate an order for items and make the payment in favor of the merchant.

I plan to develop a backend for authentication to be performed by calling the REST API and delivering the authentication token to the customer mobile app


What would be the authentication flow for a mobile app so that a customer can access the inventory of a specific merchant from a merchant list and place an order through the Clover REST API?


Thank you in advance.

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image David Marginian ♦♦ commented ·

It doesn't work that way the merchant will need to grant your application access to their data. You must have a Clover application to do this and you must obtain a token via the oauth flow (https://docs.clover.com/docs/using-oauth-20). We have some information here although the example may be outdated - https://docs.clover.com/docs/oauth-for-web-views-non-clover-devices.

0 Likes 0 ·
leojaimes avatar image
leojaimes answered David Marginian Deactivated edited

In the documentation that you share it is evident that a WebViewActivity must be created.


https://github.com/clover/android-examples/tree/master/oauthexample/app/src/main/java/com/clover/example/oauthexample/app


Where I have the following code


String url = "https://clover.com/oauth/authorize" +

"? client_id =" + Config.APP_ID +

"& response_type = token" +

"& redirect_uri =" + Config.APP_DOMAIN;



It is assumed that the WebViewActivy will make a request to Clover Station API and the Merchant will have to Sign In to deliver to my Web APP its Merchant_ID, the client_id and the authorization code in the redirec_uri


https://www.example.com/oauth_callback?merchant_id={mId-lex.europa.eu&client_id=[appId-lex.europa.eu&code=[AUTHORIZATION_CODE}


And then a request should be made to https://sandbox.dev.clover.com/oauth/token?client_id={appId-lex.europa.eu&client_secret=[APP_SECRET-lex.europa.eu&code=[AUTHORIZATION_CODE}


This is correct?

Does the merchant have to sign in to authorize?


The Customer use case is different, is there a way to make the Customer get the token?

For example: When the Merchante authorizes the app, can I save the merchantId and AUTHORIZATION_CODE in my own database and then use them to obtain the API_TOKEN?

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Marginian avatar image David Marginian ♦♦ commented ·

Yes, the merchant needs to login and "connect" (install your app). You can then obtain the toke. I am concerned about the security of the token though per your description (one device would have to have access to multiple merchant tokens). Perhaps you keep the token on the server and make all the Clover API calls from your server

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community