I can't make the requests to get a first token to work in the new oauth flow. The old flow was working fine for me.
The only differences that I can see in the doc is that the production URL changed from https://www.clover.com to https://api.clover.com. The route changed from /oauth/token to /oauth/v2/token and the the request is now a POST instead of a GET. The params (client_id, client_secret and code) are now passed in the POST request body instead of the GET search params. They are the only changes I made. The new oauth API always returns :
401 {"status":"Unauthorized","message":"Failed to validate authentication code."}
It happens in sandbox and production environment. If it helps, doing the exact same resquest ( a POST with params in the body) on the old API route ( /oauth/token ) succeeds and gets me an access_token, but no refresh_token.
Prod app id: XX4047T4M54AY