Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Overview
Square APIs and SDKs
Mobile SDKs
Web Payments SDK
Payment Form
App Marketplace Requirements

/

App Marketplace Requirements

2024-08-23 Changelog

App Marketplace Requirements
Customers API
Labor API
Locations API
OAuth API
Orders API
Payments API
Terminal API
Link to section

Version summary

Link to section

Details

The App Marketplace requirements appear in developer documentation (App Marketplace API Usage Requirements) and in the Developer Dashboard. In most cases, requirement questions and resulting requirements appear in both places. Otherwise, they appear in the Developer Dashboard only.

Link to section

Developer Dashboard only

The following requirements are added or updated in the Developer Dashboard:

Link to section

General

  • New question - "In 1-2 sentences, describe what your integration does and how it benefits Square sellers."
  • New question - "App Usage Instructions: Square reviewers will test your app as if they're real Square sellers. Provide instructions for how to use your integration after onboarding onto your app by including links to relevant guides."
  • New question - "Confirm that your app uses exponential backoff to manage rate-limit errors."
  • Updated question:
    • Original question - "Is there any additional setup required by the seller after the OAuth flow and data import (if applicable) and prior to using the integration?"
    • New question - "Is there any additional setup required by the seller in your app after connecting their Square account (via OAuth)?"
  • Updated question:
    • Original question - "Onboarding/App Instructions: Use this space to provide any additional instructions for onboarding or app use, such as links to documentation or setup guides."
    • New question - "Onboarding Instructions: Provide instructions for onboarding onto your app. Include links to relevant setup guides, or create a document with instructions and share the link here."
Link to section

OAuth API

  • New question - "Confirm that Square access tokens are AES-encrypted in your database."
  • New question - "Confirm that your AES encryption key isn't stored in source control and separate keys are used for staging and production."
  • New question - "Confirm that your Square OAuth secret isn't stored in source control."
Link to section

Documentation and Developer Dashboard

The following requirements are added or updated in the documentation and the Developer Dashboard:

Link to section

App Subscriptions

  • Updated labels and titles from "App Subscriptions API" to "App Subscriptions" to correct misleading information. App subscriptions are enabled by use of the Subscriptions API, not an App Subscriptions API.
Link to section

Customers API

  • New question - "Does your app import customer data from Square?"
  • New requirement - "Upon initial sync, customer data is imported accurately into your app." This requirement only appears if your app imports customer data from Square.
  • Moved question - "Do you update customers in your app when customers are updated in Square?" This question only appears if your app imports customer data from Square.
  • Updated question:
    • Original question - "Does your app create or update customer data?"
    • New question - "Does your app create or update customer data in Square?"
Link to section

General

  • New requirement - "Your app can paginate through API results using the cursor field."
Link to section

Labor API

  • Requirements for the Labor API (initial publication).
Link to section

Locations API

  • Updated question:
    • Original question - "How does your app connect the seller's desired Square locations? A seller selects their locations from a field in the user interface."
    • New question - "How does your app connect the seller's desired Square locations? A seller selects their locations from a field in the user interface. (Recommended)"
Link to section

OAuth API

  • New question - "Confirm that your app has implemented logic to refresh OAuth tokens asynchronously every 7-14 days."
  • Removed requirement - "The session parameter is set to false."
  • Updated question answer - "Do you provide a mechanism for sellers to revoke OAuth access from within your app?"
    • Original answer - "Yes No""
    • New answer - "Yes (Recommended) No""
  • Updated question answer - "Do you use hosted or on-premise OAuth?"
    • Original Answer - "Hosted On-Premise"
    • New answer - "Hosted (Recommended) On-Premise"
Link to section

Orders API

  • New requirement - "Your app deducts refunds to accurately display daily sales amounts." - This requirement is for applications that show any order sales data that belongs to Square sellers, including order items, prices, taxes, or fulfillment states.
Link to section

Payments API

  • New requirement - "Location names in your Square account are descriptive and representative of your business." This requirement is for applications that collect app fees on payments.
Link to section

Terminal API

  • New requirement - "Location names in your Square account are descriptive and representative of your business." This requirement is for applications that collect fees on payments made with Square Terminal.