Skip to content

Square OAuth Secret

Service Name: Square

Service Description: Square provides financial services and digital payment tools for merchants, including point-of-sale solutions, payment processing, and business management tools.

Service Address: https://squareup.com/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants OAuth access to Square merchant accounts and their data, allowing third-party applications to perform actions on behalf of merchants.

Secret Revokement URL: https://developer.squareup.com/docs/oauth-api/revoke-token

Secret Example: sq0csp-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Suspicious Activity Investigation Instructions:

  • Review Square Developer Dashboard for unauthorized application access.
  • Check OAuth token usage logs for suspicious activities.
  • Verify if any unauthorized applications have been granted access.
  • Monitor for unusual transaction patterns or API calls.
  • Check for unexpected changes to merchant account settings.

Mitigation Instructions:

  • Immediately revoke the compromised OAuth secret using the Square Developer Dashboard.
  • Generate a new OAuth secret for your application.
  • Update all application instances with the new secret.
  • Review and update application security settings.
  • Enable additional security features like IP restrictions if available.
  • Audit all connected applications and remove unnecessary integrations.