Square App Token
Service Name: Square
Service Description: Square provides financial services and digital payment tools for businesses, including payment processing, point-of-sale solutions, and e-commerce services.
Service Address: https://squareup.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Square API resources and services based on the permissions associated with the token.
Secret Revokement URL: https://developer.squareup.com/docs/build-basics/access-tokens#revoking-oauth-tokens
Secret Example: EAAA7dXM6HtGMz6RYoIx9-Acv8Ln4ohDK5YJ4EU9_UW1WiQdrDnf0B7X9d5P7WOq
Suspicious Activity Investigation Instructions:
- Check Square Developer Dashboard for unusual API calls or access patterns.
- Review the OAuth application permissions and usage.
- Monitor for unauthorized transactions or changes to account settings.
- Examine API logs for requests from unexpected IP addresses or locations.
- Check for changes to webhook endpoints or notification settings.
Mitigation Instructions:
- Immediately revoke the compromised token in the Square Developer Dashboard.
- Generate a new token with appropriate permissions.
- Update your application to use the new token.
- Review and update your application's security practices.
- Enable additional security features like IP allowlisting if available.
- Consider implementing token rotation policies.