question

citruspos2 avatar image
citruspos2 asked chrispetchey answered

New Expiring Auth Tokens

Hello,

I have a custom "app" with Clover that is just used to let me access the REST API to process payments using my custom POS system with a physical clover device. I recently learned of a change to expiring tokens and despite reading over everything I'm still confused if this applies to me.


I use the REST api to do various endpoints like:

/connect/v1/payments

/connect/v1/status

/connect/v1/device/read-signature

/connect/v1/cancel

/connect/v1/credits


Right now my workflow for this is:

1. I generate an access token using https://sandbox.dev.clover.com/oauth/authorize?client_id= where I provide the app ID and a redirect url

2. The redirect url gets sent a $_GET['code'] ($code) for which I then load the contents of "https://clover.com/oauth/token?client_id=$client_id&client_secret=$client_secret&code=$code.

3. This returns an access token which I store securely to use and then do the above again if I ever need to + it expires (which as far as I know doesnt happen often).


So in this process what would be changing? I've tried emailing developer relations multiple times but they just don't respond.

OAuth
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
chrispetchey avatar image
chrispetchey answered chrispetchey commented

As far as I've found, your access token will expire after 10 minutes. Your access token is accompanied by a refresh token which expires after a year. You can save the refresh token in your application and use the refresh token to generate a new access token without another call to /oauth/authorize by calling /oauth/v2/refresh

See https://docs.clover.com/docs/refresh-access-tokens

2 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

citruspos2 avatar image citruspos2 commented ·

Your comment on another thread was super helpful but now I'm stuck with this.


$token_url = "https://clover.com/oauth/v2/token";

$post_data = json_encode([
'client_id' => $client_id,
'client_secret' => $client_secret,
'code' => $code
]);

$ch = curl_init($token_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);

$response = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);


Doing the above I'm getting a 301 HTTP code returned telling me that the url I'm sending the POST request to is wrong, but from everything I can see this should be right?

0 Likes 0 ·
chrispetchey avatar image chrispetchey citruspos2 commented ·

Your posting to the clover live url?

See the section on this page sandbox and production urls:
https://docs.clover.com/docs/oauth-intro#sandbox-and-production-environments-urls

0 Likes 0 ·
chrispetchey avatar image
chrispetchey answered

Also, are you getting your "code" as a result of redirecting your user/merchant to https://sandbox.dev.clover.com/oauth/authorize?client_id={app_id}

If you are using the "code" given by the left hand navigation in the merchant, it wont work. Clover intend that when the left hand navigation link to your app is used, your app should redirect the user/merchant to the url above

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community