I have a question regarding an email we received about our app. It is saying that our app was removed because of using "URL query parameters to authenticate API Calls".
We are using a private app that is not listed in the App Market. We are also using the Remote Cloud Pay SDK found here: https://github.com/clover/remote-pay-cloud
I can confirm that we are on the latest version.
The email we received had the following in regards to private apps:
NOTE: If your app is private and not listed on the Clover App Market, please note that the ability to authenticate via the URL query parameters will be officially removed from production on September 6, 2022. If your app is still authenticating through this method, your merchants will be affected. We urge you to take immediate action to comply with Clover’s App Security Standards as soon as possible.
If you made the necessary changes to your app and you received this message, one of the following may have happened:
• You are using an older version of Remote Pay Cloud.
• Merchants using your app have not downloaded the updated version.
• Someone has harvested tokens generated by your app for either testing or malicious purposes.
We continue to review process stats to ensure that all apps stop making API calls via the URL query parameters. Help us help you, your clients, and all Clover merchants. Adopt the recommended best practices.
What is the process to check some of these "one of the following may have happened..." items? How can we confirm when we are properly updated and no longer in violation?
Any insight would be appreciated.
Thanks!
-Steve
