question

davecutts avatar image
davecutts asked davecutts commented

I am getting 401 Unauthorized in my api responses

Whether I try to access the API in my application or using curl (in windows or linux) i receive the following verbose response.

C :\Program Files\cURL\bin>curl -v "https://api.clover.com/v3/merchants/[mId]" --header "Authorization: Bearer [token]"
  • Trying ***...
  • Connected to api.clover.com (**) port 443 (#0)
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: c:\Program Files\cURL\bin\curl-ca-bundle.crt CApath: none
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • ALPN, server did not agree to a protocol
  • Server certificate:
  • subject: OU=GT15615774; OU=See www.rapidssl.com/resources/cps (c)13; OU=Domain Control Validated - RapidSSL(R); CN=api.clover.com
  • start date: Dec 1 20:21:39 2014 GMT
  • expire date: Feb 17 23:41:08 2017 GMT
  • subjectAltName: api.clover.com matched
  • issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA - G3
  • SSL certificate verify ok. > GET /v3/merchants/[mid] HTTP/1.1 > Host: api.clover.com > User-Agent: curl/7.46.0 > Accept: /> Authorization: Bearer [token] > < HTTP/1.1 401 Unauthorized < content-length: 30 < content-type: application/json; charset=utf-8 < X-Frame-Options: SAMEORIGIN < {"message":"401 Unauthorized"}* Connection #0 to host api.clover.com left intact
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sam avatar image
sam Deactivated answered davecutts commented

Hi David,

Are you replacing '[mId]' with an actual merchant id and the '[token]' with an actual auth token? If not, you will need to replace those with the appropriate information. You will need to get your auth token following our OAuth.

On a side-note, if you're working with a sandbox development account, make sure to replace 'www.clover.com/...' with 'sandbox.dev.clover.com/...' ;

Same with https://api.clover.com..., replace with https://apisandbox.dev.clover.com...

Best, Sam

10 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

davecutts avatar image davecutts commented ·

Hi Thanks for the response,

I am replacing [mid] and [token] with my customers mid and auth token they generated from the dashboard. I am trying to access it from a .net webpage as I am trying to write a central reporting application for a large group of shops that the management teams want to access from laptops and pc's.

0 Likes 0 ·
sam avatar image sam commented ·

If you're working in development (sandbox), you will need to use "https://apisandbox.dev.clover.com..." More info

curl -v "https://apisandbox.dev.clover.com/v3/merchants/[xxxxxxxx]" --header "Authorization: Bearer [xxxxxx]"

You can also test your api endpoints using our api reference

Additionally, I would recommend using OAuth2 to generate auth tokens, since generating from dashboard is only limited to testing.

0 Likes 0 ·
davecutts avatar image davecutts commented ·

Hi I have tested the endpoints using the reference but i am still not retrieving data.

0 Likes 0 ·
sam avatar image sam commented ·

@daveCutts sorry the previous linked to the production reference. You need to use the sandbox reference: https://sandbox.dev.clover.com/api_docs

If you have the correct auth token and merchantId, it should definitely work.

0 Likes 0 ·
davecutts avatar image davecutts commented ·

Dim UUID As String = Request.QueryString.Item("merchantid").ToString Dim Token As String = Request.QueryString.Item("code").ToString 'Get an OAuth token using the code Dim OAuthUri As String = "https://www.eu.clover.com/oauth/token?clientid=[appid]&client_secret=[appsecret]&code=" & Token Dim OAuthRequest As HttpWebRequest = DirectCast(System.Net.HttpWebRequest.Create(OAuthUri), HttpWebRequest) OAuthRequest.Method = "GET" Dim OAuthResponse As HttpWebResponse = DirectCast(OAuthRequest.GetResponse(), HttpWebResponse) Dim OAuthresponseStream = OAuthResponse.GetResponseStream

0 Likes 0 ·
Show more comments
davecutts avatar image
davecutts answered

Hi Thanks for the response,

I am replacing [mid] and [token] with my customers mid and auth token they generated from the dashboard. I am trying to access it from a .net webpage as I am trying to write a central reporting application for a large group of shops that the management teams want to access from laptops and pc's.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community