Square OAuth Secret
Service Name: Square
Service Description: Square provides financial services and digital payment tools for merchants, including point-of-sale solutions, payment processing, and business management tools.
Service Address: https://squareup.com/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants OAuth access to Square merchant accounts and their data, allowing third-party applications to perform actions on behalf of merchants.
Secret Revokement URL: https://developer.squareup.com/docs/oauth-api/revoke-token
Secret Example: sq0csp-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Suspicious Activity Investigation Instructions:
- Review Square Developer Dashboard for unauthorized application access.
- Check OAuth token usage logs for suspicious activities.
- Verify if any unauthorized applications have been granted access.
- Monitor for unusual transaction patterns or API calls.
- Check for unexpected changes to merchant account settings.
Mitigation Instructions:
- Immediately revoke the compromised OAuth secret using the Square Developer Dashboard.
- Generate a new OAuth secret for your application.
- Update all application instances with the new secret.
- Review and update application security settings.
- Enable additional security features like IP restrictions if available.
- Audit all connected applications and remove unnecessary integrations.