Skip to content

Square App Token

Service Name: Square

Service Description: Square provides financial services and digital payment tools for businesses, including payment processing, point-of-sale solutions, and e-commerce services.

Service Address: https://squareup.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Square API resources and services based on the permissions associated with the token.

Secret Revokement URL: https://developer.squareup.com/docs/build-basics/access-tokens#revoking-oauth-tokens

Secret Example: EAAA7dXM6HtGMz6RYoIx9-Acv8Ln4ohDK5YJ4EU9_UW1WiQdrDnf0B7X9d5P7WOq

Suspicious Activity Investigation Instructions:

  • Check Square Developer Dashboard for unusual API calls or access patterns.
  • Review the OAuth application permissions and usage.
  • Monitor for unauthorized transactions or changes to account settings.
  • Examine API logs for requests from unexpected IP addresses or locations.
  • Check for changes to webhook endpoints or notification settings.

Mitigation Instructions:

  • Immediately revoke the compromised token in the Square Developer Dashboard.
  • Generate a new token with appropriate permissions.
  • Update your application to use the new token.
  • Review and update your application's security practices.
  • Enable additional security features like IP allowlisting if available.
  • Consider implementing token rotation policies.