Is there a difference between the sandbox and production environments with the behaviour of the REST API to CORS requests?
Specifically we started using the OAuth process and had everything working. When we moved to production to test the GET https://api.clover.com/oauth/token endpoint started failing:
If the docs are correct Step 3 mentions that this endpoint can't be called from a browser https://docs.clover.com/docs/using-oauth-20 - however this seems to be working on Sandbox.
Then after fixing that and calling from our server, we tried hitting the GET https://api.clover.com/v3/merchants/:UUID/employees endpoint and I'm getting the exact same failure on Production where it is working just fine on Sandbox.
Is there a difference in behaviour between environments or are we doing something else wrong?
Am I correct in assuming that we cannot call any Clover REST endpoint from a browser directly?
FYI, I have CORS enabled in the app settings: