Gurgen Chlingaryan avatar image
Gurgen Chlingaryan asked shahzadkhan commented

REST Pay Display API. How to hook up OAuth mechanism to Windows Desktop Application


All the documentation about REST Pay Display API is for Web-based applications. Setting Site URL in settings to allow Clover to redirect user to authenticate and obtain access token for further authorized calls...

However, I don't fully understand how this approach can be implemented for Windows Desktop application?

What is Site URL for desktop application,

When or on which step the call happens?

I need to have that call to get Auth Code from query string and then make another call to clover API to get access token, but how do I pass that access token to my desktop app ?

Is there any other way to get that access Token?

Can someone provide simple readable steps to accomplish this?

Please don't send me standard documentation pages, because I've been digging Clover docs two days now, unless the page answers these questions :))


10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

David Marginian avatar image
David Marginian Deactivated answered shahzadkhan commented

You need to have a server in place that can handle the redirect from us. Your server will take the code and use your app id (client_id) along with your app's secret to obtain an access token. Once you have the access token you can securely store it on your server and retrieve it from your Windows client as required.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Gurgen Chlingaryan avatar image Gurgen Chlingaryan commented ·
Hi David,

Thank you for quick reply.

So how do you see the workflow?

1. I setup that server side single api route that waits to be called and saves the token into the DB. I'm not clear when this route will be called?

2. Desktop application user clicks PAY button, Obviously, on that step I need to have a valid token to make further calls to device. I can request my db to get the token, but if the token is not there in db or if it is expired, what should I do?

0 Likes 0 ·
David Marginian avatar image David Marginian ♦♦ Gurgen Chlingaryan commented ·

1) That happens via the OAuth flow when a merchant installs your app or navigates to it via their merchant dashboard. I know you don't want links, but this is documented quite well here -

2) I assume you have some sort of login mechanism, you would want to store the token per session. If a user doesn't have a token you will need to provide them with instructions on obtaining one.

0 Likes 0 ·
Gurgen Chlingaryan avatar image Gurgen Chlingaryan David Marginian ♦♦ commented ·

Thank you David,

I figure out the workflow as following

When user clicks PAY I do db call to get a list of available devices with tokens and let user choose the device to communicate with.

I suppose that if device is active and user activates (opens/logs in ?) the app on device, then that call to obtain the token had already been done by clover app and I have the token in db, else: I just don't show the device in my list of available devices (or show it but let user know that it is not ready to be used)

I'm not sure should I post another question here or I should open a new thread

When I try to call that route from sandbox by clicking Open App it redirects to my local app with following params


obviously with actual values instead of {****}

according to this doc I suppose to receive the authCode as one of params to make that second call for access token.

So why do I receive access_token right away instead of authcode?

How do we force users to authenticate with different employees when on clover device ? I have two employee on in my test merchant, but it always takes the first one

0 Likes 0 ·
Show more comments
shahzadkhan avatar image shahzadkhan commented ·


Is there any expiry date associated with OAuth2 token? Our solution is similar to McDonald's self ordering. Is it required to merchant to choose always their merchant account to grant access.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community