I am developing web app and OAuth flow is followed I can access API but what is the best API endpoint to get current authorised user having token only. is there something like https://api.clover.com/v3/merchants/{mId}/me I understand I receive employee_id in OAuth flow but this is 2 steps before I can make API call.
Yes
I can retrieve token but then I have to map clover authenticated user to my web app user.
So every time user logs in from the device I know who I am dealing with.
Also is token refreshed or is set on once forever can I save it to my user record and use clover API directly
The only one flow I managed to understand is: Get merchant Get his owner Create my web app user from the owner details. Login the user (clover employee). 3 API calls to get user. Is there a merchant_id/me endpoint?
Merchant does not have email property returned in the API therefore I cannot use merchant as user
Hi,
The "get merchant, then get owner, then get owner details" requests can be condensed using an expansion query param: https://apisandbox.dev.clover.com/v3/merchants/{MID}?expand=owner,address. This should give you everything you'd need for login/signup/etc. to your web app. It also returns an email value.
It's also worth noting that when your web app is launched from the Clover Web Dashboard, the URL will have a whole bunch of query params http://localhost:8080/?merchant_id={MID}&employee_id={MID}&client_id={client_id}&code={code} and the employee_id will always be that of the owner.
Mark Thank you for the very good hint Let me elaborate on second part of your answer if you say it is always the owner id how do I know the employee not owner or admin is logged in to clover and launches our app shall the request state his own employee id? My web app is allowing to sign in via connect with clover and launch from dashboard
So, the Clover ecosystem assumes that all app launches that come from the Web Dashboard have been done by the owner (or at least, someone that the owner really, really trusts). In reality, an owner should not allow anyone else in their store to access the Web Dashboard, as they'll be able to access all kinds of sensitive information about Sales, employee PINs, and any other information exposed by 3rd party apps (think Payroll information, for example!)
That being said... if you want regular employees to launch your app, you could launch to a "Who are you?" page that pulls from...
2 People are following this question.
