question

anthonypinto avatar image
anthonypinto asked admin-1 commented

What is an API secure token, and how do I use it?

What is an API secure token, and how do I use it?

OAuth
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

anthonypinto avatar image
anthonypinto answered admin-1 commented

A 'secureToken', or 'API Token' is a token generated for a particular merchant account, and can be used with the REST api to allow access to some, or all of that merchant's data, depending on the permissions associated with the token.

There are three ways of generating a secure token:

  1. OAuth, standard for webapps deployed in the Clover app market

  2. From a Clover Android App

  3. From the merchant dashboard > Setup App > API Tokens (Should be used for testing purposes only)

Generally, developers should use an API token that is generated via OAuth. This token gives a particular app access to the Clover API for a specific merchant. To quickly test an app during development, it is possible to get a merchant API Token via the Setup App.

Once you have a secure token it can be passed into REST API requests: https://docs.clover.com/build/web-app...

3 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

If the use the Android App to generate the token, can we control the permission level and expiration of the token ?

0 Likes 0 ·

Permissions for your app is set in the Developer Dashboard.

If you change or add requested permissions, merchants will have to reauthorize your app in order for your it to access those parts of the merchant's database, for instance, you publish your app and require the permission to read inventory information, and later on you add the functionality to create new inventory items so, on your dashboard, you click (under Inventory, "Write"), merchants will have to log in again for a new token to be generated with those permissions granted.

Current tokens have a hard set expiration of 365 days after generation, unless you change permissions.

0 Likes 0 ·

Hey @Jonathan Ryan Grice

Sorry for the confusion I was reference to the option 2. From a Clover Android App https://github.com/clover/android-examples/tree/master/gettoken

on the question above

We are creating a store front for our Clover Acount and it is going to be only for our Store, we are not planing to provide it as a service to others Clovers clients, that is why we need just our merchant production token only for our Clover

My question is how can we generate a production token with control access without the need of submit a Clover app to the Clover Market Place, because for what I understood Clover Apps is to provide the same service to others Clover accounts but in our case we just building a store front only for our clover acount

Thanks

Francisco

0 Likes 0 ·
mkonnekt avatar image
mkonnekt answered

Hi,

I am not able to create a new orderType by calling the POST /v3/merchants/{mId}/order_types

I get blank / no content response header, body and response code as 0. Please help in resolving this issue.

I am passing the access token got using OAuth and merchant ID and my JSON is following. However, I am able to do GET on order_types using the same access token and merchant ID. { "id": "", "label": "my custom label", "taxable": true, "isDefault": false, "filterCategories": false, "isHidden": true, "hoursAvailable": "BUSINESS" }

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community