question

tom-porter avatar image
tom-porter asked tom-porter answered

Using Spreedly to deliver payment methods to Clover

Does anyone have a working connection between Spreedly and Clover? We've begun a subscription to Spreedly with Clover configured as a payment method receiver. The receiver requires credentials to auth with Clover, but Spreedly support is not able to tell us what those required fields actually are. I realize we need to send the API token somehow, but don't know the field name Clover is expecting ('app-token', 'access_token', 'app-secret', etc. we've tried everything we can think of and nothing works).

We also don't know what fields need to be sent with the delivery payloads for Clover to accept successfully. We need to send a merchant id somehow, but does that go with the credentials for the receiver? Or with the delivery payload? We're just guessing on everything, because we get no error response from Clover on our delivery attempts.

So basically, does anyone have this integration working? If so, how are you doing it? Spreedly assures us other people are successfully delivering payment methods to Clover.

Thanks, any help is greatly appreciated.

6 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Mark Mullan avatar image Mark Mullan commented ·

Nothing new to add here - currently working 1 on 1 with this developer in thread #21328, for internal reference. Will continue to update this public thread.

0 Likes 0 ·
Loyal Loops avatar image Loyal Loops commented ·

Hi. We too have this question. @markmullan can we contact you for information about this?

0 Likes 0 ·
Mark Mullan avatar image Mark Mullan commented ·

Hi @devteam,

@gregschraff from Spreedly, can you please assist for a better answer than I can provide?

I think Spreedly just tokenizes the credit card information on their end that you pass them. So you'll pass Spreedly a payload of cardNumber, cvv, expiration, etc., Spreedly will vault that card in their db and return you a token, all completely independent of Clover's Dev Pay API. This token is used by Spreedly later to retrieve their own vaulted cc information, which only then is sent as a payload to Clover's Pay API.

This page has a good diagram: https://docs.spreedly.com/#overview

0 Likes 0 ·
Mark Mullan avatar image Mark Mullan commented ·

I can't really speak specifically to the payload that Spreedly wants you to pass because I'm not too sure which endpoint of ours they integrate with. I'm assuming our Developer Pay API? But I'm not sure. The endpoint will dictate the payload.

@gregschraff, thanks

0 Likes 0 ·
a-salty-strudel avatar image a-salty-strudel commented ·

@mark.mullan Mark, Danae from Spreedly chiming in here. The hostname we're hitting is https://api.clover.com. Is that helpful to know?

0 Likes 0 ·
Show more comments
a-salty-strudel avatar image
a-salty-strudel answered

Thank you @mark.mullan, @devteam and @tom-porter. We've come up with a short technical guide on using Spreedly with Clover, which you can find here:

https://support.spreedly.com/hc/en-us...

Please don't hesitate to reach out if you have any questions!

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jvictor avatar image
jvictor answered tom-porter commented

We got this to work when making payments against the Clover sandbox. When we switched to api.clover.com in production we got "Sensitive payment data must be encrypted with the "rsa" function before being sent to Clover". Contacted Spreedly tech and someone sent me this: https://docs.spreedly.com/reference/a... . It is not very clear how that is added to the Deliver endpoint payload. Also the /v2/merchant/{mId}/pay/key endpoint does not return a pem so not sure how all this comes together. So frustrating.

2 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

tom-porter avatar image tom-porter commented ·

The card number needs to be encrypted according to the Pay API documentation. You'll need to create the .pem yourself (we use the CryptRSA PHP lib) . So in the payload, the { {creditcard_number}} variable is encompassed by the base64 and rsa functions as outlined in the Spreedly docs. I'm assuming your payload would look something like this:

{ {#base64}}{ {#rsa}}public_key,oeap,prefix{ {creditcardnumber}}{ {/rsa}}{ {/base64}}

0 Likes 0 ·
tom-porter avatar image tom-porter commented ·

At least I guess thats what it should look like, we've never actually gotten it to work. Please post here if you figure it out!

0 Likes 0 ·
tom-porter avatar image
tom-porter answered

I'm assuming Spreedly is probably expecting a real certificate to use with their rsa encrpytion function, rather than just the public key Clover gives me through the /key endpoint, since just using the public key alone always results in a CRYPTO ERROR from Clover. I can send payments directly to the Pay API with no problems using only the public key to encrypt, it's only through Spreedly where we get the encryption error.

So I created a self-signed cert containing the Clover public key and used that with the rsa function. Now I get a different error, this time from Spreedly:

'certificate must be signed by FirstData'

So now it looks like I need a signed certificate, instead of just the public key, correct? If so, how do I obtain this? Is it something I can get programmatically on-the-fly similar to the public key or do I have to request it with a CSR?

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Neil avatar image
Neil answered Neil edited
Can I confirm if https://api.clover.com/v2/merchant/{mId}/pay is the correct endpoint to be using for Spreedly to deliver the card details?

I'm also having a very frustrating experience working with Spreedly's deliver endpoint. I'm trying to get help from them as all evidence seems to point to no payload (with the encrypted number and other details) being included in the request Spreedly is making to Clover on our behalf. I can see that the response coming back from Clover is "{ "message": "Request cannot be empty." }" which is pretty specific and descriptive, and I can reproduce the same response when making a request directly to the v2 /pay endpoint with an empty body.

Spreedly has not been willing to provide technical support over the phone and I've pointed the above observation out to them every possible way I can think of in what has become an excruciating email exchange. They either don't seem to understand what the response from Clover seems to be indicating or do not seem willing to look into whether they are actually including a payload when making the POST request to Clover's v2 pay endpoint. I have asked them directly if the request they are making to Clover includes a body and cannot get a direct answer. Spreedly keeps deferring to Clover and telling me that I need to request help from you guys. They've also given me the runaround about how they have other customers who've successfully integrated with clover but I'm pretty doubtful at this point this is actually true. Anyway, Spreedly has asked me to confirm about the url above. I know how to read documentation and am pretty confident this is correct -- but I'm at my wits end and really just trying to make some headway here. Hope someone can help and hope I can get to the bottom of this to help the others in a similar boat!
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Neil avatar image
Neil answered
@Tom Porter I hope you are well and can I also politely ask if you've gotten this working?
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

tom-porter avatar image
tom-porter answered
Hi Neil, unfortunately no. Our whole reason at the time for going this way was because Clover didn't work as a standard credit card vault, ie, we couldn't store a billing method without actually charging it at that time. Our medical crm software requires the ability to add payment methods in advance and then charge them at specific intervals so we tried Spreedly.

We got about as far as my post from April last year and, running up on a deadline and desperate, ended up dropping Clover/Spreedly altogether and instead integrated our app with Authorize.net. Using them for card storage and keyed-in transactions was easy (and a bit embarrassing considering how long we had spun our wheels previously), but later when we decided to integrate physical emv devices it was a bit trickier. We still got it to work, but I'm fairly certain handling POS card swiping in particular would have been easier if we could have somehow stuck with the Clover ecosystem. Maybe things have changed in the last year, but at the time if we could have simply stored payment methods in Clover without charging them immediately we could have stayed with them.
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community