Square Access Token
Service Name: Square
Service Description: Square provides financial services and digital payment tools for businesses, including payment processing, point-of-sale solutions, and e-commerce services.
Service Address: https://squareup.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Square merchant accounts and their associated resources, allowing for payment processing, customer management, inventory tracking, and other Square services.
Secret Revokement URL: https://developer.squareup.com/docs/oauth-api/revoke-token
Secret Example: sq0atp-Z9sl38CgWMiQQxyz123456
Suspicious Activity Investigation Instructions:
- Review Square Dashboard for unauthorized transactions or changes to account settings.
- Check API usage logs for unusual patterns or access from unexpected locations.
- Verify if any new applications have been authorized to access your Square account.
- Look for changes in webhook configurations or notification settings.
- Monitor for unexpected refunds or payment disputes.
Mitigation Instructions:
- Immediately revoke the compromised token through the Square Developer Dashboard.
- Generate a new access token for legitimate applications.
- Update any applications or services using the compromised token.
- Review and update application permissions to follow the Principle of Least Privilege.
- Enable additional security features like two-factor authentication for your Square account.
- Consider implementing IP restrictions if available for your account type.