2.20180712.2

Version 2.20180712.2 (2018-08-21)

The Connect SDK now includes functionality for the OAuth API. The Square OAuth API lets applications request and obtain permission from a Square account to make API calls on behalf of that account. Applications can request individual permissions so that users do not need to grant full access to their Square accounts.

OAuth API

• ObtainToken endpoint — Exchanges the authorization code for an access token. After a merchant authorizes your application with the permissions form, an authorization code is sent to the application's redirect URL (See Implementing OAuth for information about how to set up the redirect URL).

• RenewToken endpoint — Renews an OAuth access token before it expires. OAuth access tokens besides your application's personal access token expire after 30 days. You can also renew expired tokens within 15 days of their expiration. You cannot renew an access token that has been expired for more than 15 days. Instead, the associated merchant must complete the OAuth flow from the beginning. Important: The Authorization header you provide to this endpoint must have the following format: Authorization: Client APPLICATION_SECRET Replace APPLICATION_SECRET with your application's secret, available from the application dashboard.

• RevokeToken endpoint — Revokes an access token generated with the OAuth flow. If a merchant has more than one access token for your application, this endpoint revokes all of them, regardless of which token you specify. If you revoke a merchant's access token, all of the merchant's active subscriptions associated with your application are canceled immediately. Important: The Authorization header you provide to this endpoint must have the following format: Authorization: Client APPLICATION_SECRET Replace APPLICATION_SECRET with your application's secret, available from the application dashboard.