question

Thank you @mark.mullan, @devteam and @tom-porter. We've come up with a short technical guide on using Spreedly with Clover, which you can find here:

https://support.spreedly.com/hc/en-us...

Please don't hesitate to reach out if you have any questions!

We got this to work when making payments against the Clover sandbox. When we switched to api.clover.com in production we got "Sensitive payment data must be encrypted with the "rsa" function before being sent to Clover". Contacted Spreedly tech and someone sent me this: https://docs.spreedly.com/reference/a... . It is not very clear how that is added to the Deliver endpoint payload. Also the /v2/merchant/{mId}/pay/key endpoint does not return a pem so not sure how all this comes together. So frustrating.

I'm assuming Spreedly is probably expecting a real certificate to use with their rsa encrpytion function, rather than just the public key Clover gives me through the /key endpoint, since just using the public key alone always results in a CRYPTO ERROR from Clover. I can send payments directly to the Pay API with no problems using only the public key to encrypt, it's only through Spreedly where we get the encryption error.

So I created a self-signed cert containing the Clover public key and used that with the rsa function. Now I get a different error, this time from Spreedly:

'certificate must be signed by FirstData'

So now it looks like I need a signed certificate, instead of just the public key, correct? If so, how do I obtain this? Is it something I can get programmatically on-the-fly similar to the public key or do I have to request it with a CSR?

Can I confirm if https://api.clover.com/v2/merchant/{mId}/pay is the correct endpoint to be using for Spreedly to deliver the card details?

I'm also having a very frustrating experience working with Spreedly's deliver endpoint. I'm trying to get help from them as all evidence seems to point to no payload (with the encrypted number and other details) being included in the request Spreedly is making to Clover on our behalf. I can see that the response coming back from Clover is "{ "message": "Request cannot be empty." }" which is pretty specific and descriptive, and I can reproduce the same response when making a request directly to the v2 /pay endpoint with an empty body.

Spreedly has not been willing to provide technical support over the phone and I've pointed the above observation out to them every possible way I can think of in what has become an excruciating email exchange. They either don't seem to understand what the response from Clover seems to be indicating or do not seem willing to look into whether they are actually including a payload when making the POST request to Clover's v2 pay endpoint. I have asked them directly if the request they are making to Clover includes a body and cannot get a direct answer. Spreedly keeps deferring to Clover and telling me that I need to request help from you guys. They've also given me the runaround about how they have other customers who've successfully integrated with clover but I'm pretty doubtful at this point this is actually true. Anyway, Spreedly has asked me to confirm about the url above. I know how to read documentation and am pretty confident this is correct -- but I'm at my wits end and really just trying to make some headway here. Hope someone can help and hope I can get to the bottom of this to help the others in a similar boat!

@Tom Porter I hope you are well and can I also politely ask if you've gotten this working?

Hi Neil, unfortunately no. Our whole reason at the time for going this way was because Clover didn't work as a standard credit card vault, ie, we couldn't store a billing method without actually charging it at that time. Our medical crm software requires the ability to add payment methods in advance and then charge them at specific intervals so we tried Spreedly.

We got about as far as my post from April last year and, running up on a deadline and desperate, ended up dropping Clover/Spreedly altogether and instead integrated our app with Authorize.net. Using them for card storage and keyed-in transactions was easy (and a bit embarrassing considering how long we had spun our wheels previously), but later when we decided to integrate physical emv devices it was a bit trickier. We still got it to work, but I'm fairly certain handling POS card swiping in particular would have been easier if we could have somehow stuck with the Clover ecosystem. Maybe things have changed in the last year, but at the time if we could have simply stored payment methods in Clover without charging them immediately we could have stayed with them.