Learn about the relationship between TLS and HTTPS.
Build Basics

TLS and HTTPS

HTTPS is required for all API calls to Square endpoints. Make sure your website is served using HTTPS and that you are making HTTPS calls to Square APIs.

Overview Permalink Get a link to this section

Transport Layer Security (TLS)—previously known as Secure Socket Layer (SSL)—is the process of securing communication over a computer network by encrypting traffic. Encrypting traffic helps prevent eavesdropping, tampering, and man-in-the-middle attacks.

HTTP is a protocol for transferring data between websites. An HTTPS transfer or API call is simply an HTTP call over a connection secured by TLS. For more information about HTTPS, see Wikipedia and Why HTTPS Matters on the Google Developer Blog.

You should use TLS 1.3; however, TLS 1.2 still works when making Square API calls. TLS 1.1 is not supported.

Enable HTTPS on your website Permalink Get a link to this section

You enable TLS on your website by installing a small data file that authenticates your server's identity and encrypts information sent to that server. The authentication and encryption file is called an SSL certificate, which is issued by a certificate authority.

A certificate authority is a trusted entity (such as a company, nonprofit, or governing body) that issues SSL certificates after verifying the identities of users or servers. For example, Let's Encrypt is a free, automated, open-source certificate authority. SSL certificates from Let's Encrypt are easy to use and many hosting providers support one-click installation of Let's Encrypt certificates.

Your options to enable HTTPS might be:

To confirm that you have successfully enabled HTTPS, load your website and verify that the address bar has "https://" at the beginning of your website address. Your browser might also display a closed lock icon.

HTTPS libraries Permalink Get a link to this section

HTTPS libraries are available for a selection of programming languages.

Language Built-in HTTPS library Open-source HTTPS library
PHP cURL
Ruby Net::HTTP Faraday
Python httplib Requests
.NET System.Net RestSharp
Objective-C (iOS and OS X) URL loading system AFNetworking
Java (including Android) HTTPURLConnection OkHttp
Node.js http Request
Go net/http

Additional build basics considerations Permalink Get a link to this section

There are several other introductory topics provided for a new developer to quickly learn the basics of developing applications with Square. For more information, see Basics of Building Applications with Square.

If you need more assistance, contact Developer Support or ask for help in the Developer Forums.