Skip to content

Square Access Token

Service Name: Square

Service Description: Square provides financial services and digital payment tools for businesses, including payment processing, point-of-sale solutions, and e-commerce services.

Service Address: https://squareup.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Square merchant accounts and their associated resources, allowing for payment processing, customer management, inventory tracking, and other Square services.

Secret Revokement URL: https://developer.squareup.com/docs/oauth-api/revoke-token

Secret Example: sq0atp-Z9sl38CgWMiQQxyz123456

Suspicious Activity Investigation Instructions:

  • Review Square Dashboard for unauthorized transactions or changes to account settings.
  • Check API usage logs for unusual patterns or access from unexpected locations.
  • Verify if any new applications have been authorized to access your Square account.
  • Look for changes in webhook configurations or notification settings.
  • Monitor for unexpected refunds or payment disputes.

Mitigation Instructions:

  • Immediately revoke the compromised token through the Square Developer Dashboard.
  • Generate a new access token for legitimate applications.
  • Update any applications or services using the compromised token.
  • Review and update application permissions to follow the Principle of Least Privilege.
  • Enable additional security features like two-factor authentication for your Square account.
  • Consider implementing IP restrictions if available for your account type.