it seems that you can't really call the REST API without sending the access_token as a query param, because the Authorization Header is not send during the OPTION preflight.

Example will better explain. 1/ you can the REST API through an Ajax call, and you plan to pass the access_token through the Authorization header (Authorization: Bearer mytoken). 2/ You brower does a preflight OPTION call WITHOUT that header (since it's asking CORS if that header is allowed) 3/ Clover API answer with a 401, because access token is missing.

No other choice than to pass access token as a query param.

Has anyone been able to work only with the Authorization header ?

Thanks people

asked 2016-11-30 10:50:42 -0500

Kevin gravatar image

updated 2016-11-30 11:02:03 -0500


I can't even get the query param option to work in IE.

kocurek gravatar image
kocurek 2016-11-30 16:17:23 -0500

1 answer

Sort by  

You know I've been dealing with issue 6+ months after this was originally posted. I cannot establish a reliable connection to the clover API without putting the access_token directly in the query string.

Ridiculous, considering the docs specifically advise against doing that, and it does NOT support CORS....

answered 2017-05-04 20:19:29 -0500

rawrkats gravatar image