question

nmonroehlk avatar image
nmonroehlk asked David Marginian edited

Integration with non-POS system (server-to-server)

We have a request from a client to create an integration with their Clover account that creates new customers based on a simple web form.

From my experience with integrating with Clover and the REST API so far, I am able to make a connection using the OAuth 2.0 flow and get the auth token that is needed.

In the case of authenticating with Clover in the first step of the OAuth 2.0 process, it is always redirected to a web-based login form that may or may not ask for a merchant choice, depending on if they have multiple merchants defined.

I am also able to create an app in Clover that is used to complete the OAuth 2.0 flow.


My question: Does Clover allow connections via the REST API and OAuth 2.0 that do not require a physical device or login dialog? We do not wish to bypass this step, just looking for a server-to-server solution where there is no user interface, but proper credentials and merchant ID could still be provided to complete the authorization.


I have spent a good amount of this week pouring over the Clover documentation, so am familiar with a lot of what is there. I did see similar requests for this behavior in the Clover Community forum, but not much in the way of a clear explanation if and how this is made possible.

Thank you for any information regarding this workflow.

REST APIsemi-integrationsOAuthAuthaccess token
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

· Write an Answer
David Marginian avatar image
David Marginian answered David Marginian edited

This sounds like the same question you have been asking, perhaps I am misunderstanding? The first step of the OAuth flow is merchant authorization - https://docs.clover.com/docs/using-oauth-20#step-1-request-merchant-authorization. This step MUST be performed by the merchant as they must AUTHORIZE your app access to their data. The merchant MUST login to their dashboard and install your web-app from their dashboard to complete this step. In order for this to work 1) You must have a Clover web-app. 2) The app must go through our approval process and get published into the Clover App Market. Is there something that is not clear about this?

Now, as I have previously stated, if your solution is for a single Clover merchant only, then you can have the merchant generate an API token (with the correct permissions) and provide it to you. You don't need a Clover web-app and you can just pass that token with your API calls. The merchant has already "authorized" you by providing you with their access token.

3 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

As of right now, the client does have only one merchant defined in their system. I was able to generate an API Token from the merchant to use, however, it is stated in the documentation that this is not allowed in a production environment.

I created a new question because I am seeking a solution that does not need to be published in the App Market. This is a private integration for this merchant only and should not be available to the Clover community, in general. The website that this integration will exist on is owned by the merchant.

If we are able to use the API Token generated at the merchant level in a production environment, then I think this issue is solved.

The way I understand your explanation, then, is that there is no other way to handle the user login (i.e. in code, given the proper credentials from the merchant) than having them use the Clover login form at the time of authentication request.

0 Likes 0 ·
I created a new question because I am seeking a solution that does not need to be published in the App Market. This is a private integration for this merchant only and should not be available to the Clover community, in general. The website that this integration will exist on is owned by the merchant.

In this case, I think it is acceptable to use a merchant API token. The language you are referring to is meant for app developers that are building apps for use by multiple merchants.

Your other option is what we call a "private" app. Private apps still go through our approval process (which can be very long). Once approved we install the app on the merchant's behalf at your request. The merchant would still need to login to their dashboard and "click" your app to initiate the OAuth flow the first time (then you would obtain the token and store it).

You may want to email appmarketbusiness@clover.com and tell them about your integration (it may take awhile to get a response). I generally answer technical questions and I am not an expert on the app approval process.

0 Likes 0 ·
nmonroehlk avatar image nmonroehlk David Marginian ♦♦ ·

Thank you for all for all of your input. This does help clarify some things.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community