Sandbox 101: OAuth Best Practices

The OAuth API lets you request specific permissions from Square sellers to manage their resources and get access tokens to call the Square APIs on their behalf. Using the access tokens you receive using OAuth, you can build applications that integrate with Square. Usually, you make OAuth part of your setup process when you onboard a Square seller to your application. At a high level, the OAuth flow is as follows: Authorization: Your application requests authorization from the owner of the seller account by sending the owner to the Square authorization page to grant access to your application. Callback: The authorization page returns an authorization code. Request token: Your application server uses that authorization code, along with the client secret, to call the ObtainToken endpoint to get an access token and a refresh token. If you plan to build an application for the App Marketplace, you must follow these best practices for your application submission to be accepted. OAuth Overview: https://developer.squareup.com/docs/oauth-api/overview OAuth Best Practices: https://developer.squareup.com/docs/oauth-api/best-practices Square Developer Forums – https://developer.squareup.com/forums Square Developer Community – https://squ.re/slack Square Developer Twitter – https://twitter.com/squaredev Square Developer Blog – https://developer.squareup.com/blog