Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Create an Account and App
Make your First API Call
View the API Logs
Verify the Payment
What's Next
Overview
Build Basics
Versioning
Access Tokens
Frontend and Backend Development
General Development Concepts
TLS and HTTPS
Using the REST API
Handling Errors
Collecting Information
Language Preferences
Working with Dates
Working with Monetary Amounts
Working with Addresses
Custom Attributes
Idempotency
Pagination
Optimistic Concurrency
Clear Object Fields
Square eCommerce APIs
Square API Lifecycle
Developer Console
Build a Team of Developers
Square Dashboard
Test in Sandbox
Sandbox Payments
API Explorer
API Logs
Webhook Event Logs
Create a Notification URL
Subscribe to Event Notifications
Verify and Validate an Event Notification
Manage Operations
Move Event Notifications to Production
Webhook Events Reference
Troubleshooting
Authentication
Postman
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Quickstart
Project Setup
Using the SDK
Common API Patterns
Stay Current with SDK Version
Sample Applications
GraphQL Basics
Build your First Query
GraphQL Explorer
Query Examples
Create Redirect URL and Authorization Page URL
Receive Authorization and Manage OAuth Tokens
Refresh and Revoke OAuth Tokens
Token Introspection
OAuth Best Practices
OAuth Walkthrough
Migrate to the Square API OAuth Flow
Move OAuth to Production
Permissions Reference
Webhook Subscriptions
Events
Deprecated Items
v1 Payments API
v1 Refunds API
Square Transactions API
Migrate Employees to Team Members
Migrate from CreateCheckout to CreatePaymentLink
OAuth and Testing
International Payments
Regional Differences for International Development
Compliance with Japan's Tax Invoice System

/

Dev Essentials

/

Build Basics

/

General Development Concepts

Handling Errors

Learn about error responses and best practices for error handling and logging.

Overview
Error object properties
Error handling basics
Authentication errors
Rate limiting errors
Link to section

Overview

Square APIs always return a response. If a request succeeds, the response includes a header with an HTTP status code of 200. If a request fails, the response includes a header with a status code ranging from 400 to 599.

Error responses include an errors array with an Error object for each error that occurred while processing the request. If multiple errors are returned, the status code matches the first one. Depending on how the request is processed, it's possible to receive a subsequent error response after fixing and retrying a request.

Bulk endpoints are an exception; they might also return errors for individual operations within a 200 response.

Link to section

Error object properties

The Error object provides error information using the following properties:

  • category - A high-level classification of the error. For a complete list of category values, see ErrorCategory.
  • code - A specific identifier for the error. For a complete list of error codes, see ErrorCode.
  • detail - A human-readable error description for developers, not intended to be customer facing. This is an optional error field.
  • field - The name of the field in the original request (if applicable) that the error pertains to. This is an optional error field.

The following example requests return an error response:

  • GetPayment using a nonexistent payment ID

    Get payment

  • UpdateCustomer using invalid values

    Update customer

Link to section

Error handling basics

Avoid presenting a raw Error object directly to the user. Instead, your code should anticipate common errors and respond with user-friendly messages. The overall tone of these messages should be similar to other messages that your application shows to users. Direct users to contact your own support team (instead of Square support) about any questions or issues that arise when using your application.

Your application should respond gracefully to errors. Some common techniques include the following:

  • Catch and handle errors so that the application doesn't crash or freeze. Use try-catch blocks or similar mechanisms to handle exceptions and determine next steps.

  • If an API call fails, consider providing a fallback option or alternative approach. This can help users perform their tasks even if an API is temporarily unavailable.

  • Set up a continuous monitoring mechanism for the application to collect information about errors and report them. This can help identify recurring issues and allow developers to proactively address them.

  • Write errors to an error log so developers can diagnose and fix issues. This can include logging relevant information such as error type, stack trace, user context, and any other useful details.

    Did you know?

    Square provides an API Logs feature that captures data about your API calls. You can use the log data for diagnostics, troubleshooting, and auditing.

Link to section

Error handling with Square SDKs

The Square SDKs provide language-specific error-handling mechanisms that you can use in your code. For more information and code snippets, see the following:

Link to section

Authentication errors

If you receive an AUTHENTICATION_ERROR error with a 401 Unauthorized status, the access token used in the API request is probably invalid.

{
  "errors": [
    {
      "category": "AUTHENTICATION_ERROR",
      "code": "UNAUTHORIZED",
      "detail": "This request could not be authorized."
    }
  ]
}

During development, these UNAUTHORIZED errors are commonly encountered when switching between the production and Sandbox environments. To troubleshoot, first make sure you're using the correct access token for the target environment:

  1. If needed, find the access token and target environment in the failing request. For more information, see Use an access token in your code.
  2. Use the access token to call RetrieveTokenStatus in the production or Sandbox environment. A valid token returns a 200 OK response and a scopes array that lists the authorized permissions.

Note

When testing with a personal access token for your own Square account, you can check whether you're using the correct one in the Developer Console. Open your application, toggle to Sandbox or Production, and then view the token on the Credentials page.

Link to section

Other authentication issues

Other issues might result in AUTHENTICATION_ERROR errors. For example:

  • The provided access token is expired or revoked, or you're sending the encrypted value.
  • The provided access token doesn't grant sufficient permissions to use the API endpoint you're calling.
  • The Authentication header isn't properly formatted with a bearer token or the access token is missing from the request.
  • The application ID and secret you provided in the ObtainToken request is from the wrong (production or Sandbox) environment.
  • You didn't remove { }, < >, or other placeholder characters that you copied from a code example.

Make sure to handle these issues in your implementation. For example, test with specific OAuth permissions, regularly refresh access tokens, and listen for oauth.authorization.revoked events. For more information, see OAuth Best Practices and Move OAuth from the Sandbox to Production.

Link to section

Status and error codes for authentication errors

Errors in the AUTHENTICATION_ERROR category return a 401 or 403 status code with one of the error codes shown in the following table:

StatusErrorCode Description
401UNAUTHORIZEDA general authorization error occurred.
401ACCESS_TOKEN_EXPIREDThe access token provided in the request recently expired.
401ACCESS_TOKEN_REVOKEDThe access token provided in the request was revoked. The revoker_type field in the oauth.authorization.revoked event payload indicates the type of client that revoked the token: APPLICATION, MERCHANT, or SQUARE.
401CLIENT_DISABLEDThe provided client has been disabled.
403FORBIDDENA general access error occurred.
403INSUFFICIENT_SCOPESThe access token provided in the request doesn't have sufficient permissions to perform the requested action.

Note

Some INVALID_REQUEST_ERROR errors also return a 403 status code, so make sure to check the ErrorCode type.

Link to section

Rate limiting errors

If your application sends a high number of requests to Square APIs in a short period of time, Square might temporarily stop processing your requests and return RATE_LIMITED errors. These errors have a 429 Too Many Requests status.

Your application should monitor responses for these errors and use a retry mechanism with an exponential backoff schedule to resend the requests at an increasingly slower rate. It's also a good practice to use a randomized delay (jitter) in your retry schedule to avoid a thundering herd effect.

Link to section

See also

On this page
OverviewError object propertiesError handling basicsAuthentication errorsRate limiting errorsSee also