I'd like some clarification regarding the differences between a merchant dashboard generated API token vs one generated by an app.
Being that you can only generate one per merchant, and they are usually linked to an App, Merchant and App, Merchant and Employee respectively. If I understand this correctly, the dashboard generated one uses an internal App.
As a developer, other than not being able to charge a subscription fee or metered fees, are there any limitations or drawbacks? Having only used Oauth, I can't quite wrap my head around how no CORS support applies to Dashboard generated keys if you can only generated one and don't put in a domain you plan to use it on.
As a merchant, other than having to set up the key by yourself, as well as sharing a common point of failure ( The same key ) between different integrations, are there any limitations or drawbacks?
Thirdly, since it only asks for location for fraud verification during the merchant dashboard generated key setup, what difference does this make as far as fraud verification for Oauth generated keys VS Dashboard generated keys? Will it decline more often if it's not Oauth generated?
I understand the ease of access being a plus for Clover, but I'd like to offer some plus value to merchants that don't go with the internal app, charge for it or for transactions and in turn help Clover profit as well. If there is no programmatic limitation between the 2, it will kill a portion of the market that only care about supporting Clover, and in turn, will kill a portion of Clover's revenue that could be gained from (Sometimes more secure) paid apps, regardless of how much easier we can make those integrations for them.
It makes me uneasy about the long term future of paid app development with Clover.