Use Customer Webhooks

Applies to: Customers API | Payments API | Cards API | Gift Cards API | Customer Custom Attributes API

Learn how to configure webhooks to get notified of events when a customer profile is created, updated, deleted, or merged.

Link to section

Overview

Use webhooks to receive notifications when customer profiles are created, updated, or deleted. Webhooks help streamline the process of synchronizing customer data across Square and third-party applications. Webhooks also enable custom integration scenarios that respond to changes in near real time. For example, when a customer signs up for a new account, Square creates a customer profile, which triggers an event notification. After your application receives the notification, it can perform some action in response to the event, such as sending a coupon to the new customer to use for their next purchase.

Link to section

Requirements and limitations

The following requirements and limitations apply to webhooks for customer events:

  • Applications that use OAuth must have CUSTOMERS_READ permission to receive notifications about customer events.

  • You must protect personally identifiable information (PII) and other sensitive customer information that you receive in the notification. This includes information such as customer name, address, and phone number. Unless manually added in a note or other field, credit card information is never included in notification data. For more information, see Best Practices for Collecting Information.

  • The following operations don't invoke customer event notifications:

    • Changing membership in customer segments.
    • Creating or deleting customer cards. However, you can subscribe to receive notifications for Cards API events and Gift Cards API events.
    • Creating, updating, or deleting a customer-related custom attribute. However, you can subscribe to receive notifications for Customer Custom Attributes API events.
    • Changing customer-related integrations from other Square APIs, such as the Payments API, Orders API, Loyalty API, or Subscriptions API. For example, changing the customer ID on an order doesn't invoke a customer.updated notification.

    Square doesn't send notifications for events that fail.

For general webhook requirements and limitations, components, and processes see Square Webhooks. For information about viewing webhook logs, see Webhook Event Logs.

Link to section

How customer event notifications work

Webhooks make it possible for Square to notify you when customer events occur, so you don't need to rely only on polling for changes. If you regularly poll the Customers API to synchronize stored customer data, you can use webhooks and increase the time between your polling.

A webhook is a subscription that registers your notification URL and the events that you want to be notified about. You can configure webhooks for the following customer events.

EventPermission Description
customer.createdCUSTOMERS_READA customer profile is created, including when customer profiles are merged into a new customer profile.
customer.deletedCUSTOMERS_READA customer profile is deleted, including when customer profiles are merged into a new customer profile.
customer.updatedCUSTOMERS_READAn attribute on a customer profile is changed, except for the following:
  • cards (deprecated)
  • segment_ids

When an event occurs, Square collects data about the event, creates a notification, and sends the notification as a POST request to the URL of all webhooks that are subscribed to the event.

The following actions can invoke customer events:

Link to section

Customer profile merge events

The use of different tools or information silos might produce multiple customer profiles for the same customer. For example, if a customer makes a payment without signing in to their account, Square might generate an instant profile. To maintain accurate records, Square uses automated detection to identify and merge duplicate customer profiles. In addition, sellers can merge duplicate profiles from the Customer Directory in the Square Dashboard or Square Point of Sale. For more information, see Duplicates.

In a merge operation, Square creates a new profile using aggregated properties from the existing profiles and then deletes the existing profiles. As a result, a merge operation triggers one customer.created event and at least two customer.deleted events. For more information, see Notifications for customer profile merge events.

Link to section

Subscribe to customer events

To subscribe for notifications about customer events, you can configure webhooks for your Square application. A webhook registers the URL that Square should send notifications to, the events you want to be notified about, and the Square API version.

Link to section

To configure a webhook

  1. In the Developer Console, open your application.
  2. In the left pane, under Webhooks, choose Subscriptions.
  3. At the top of the page, choose Sandbox or Production. Square recommends using the Sandbox environment for testing.
  4. Choose Add subscription, and then configure the subscription:
    1. For Webhook name, enter a name such as Customers Webhook.
    2. For URL, enter your notification URL. If you don't have a working URL yet, enter https://example.com as a placeholder.
    3. Optional. For API version, select a Square API version. By default, this is set to the same version as the application. Customer webhooks are available starting in version 2021-02-26.
    4. For Events, select customer.created, customer.deleted, and customer.updated. If you want to receive notifications about other events at the same URL, select them or configure another endpoint.
    5. Choose Save.
Link to section

To validate your webhook subscription

You can send a generic notification from the Developer Console to validate that your webhook is configured correctly.

  1. On the Webhook subscriptions page for your application, choose the webhook that you want to test.
  2. In the Endpoint details pane, choose More, and then choose Send test event.
  3. Select an event, and then choose Send. If the endpoint is configured correctly, the Send test event window displays the response code and notification body. You can choose View logs to open the Webhook logs page.

Did you know?

The Webhook logs page in the Square Dashboard displays webhook event notifications in real time. After you subscribe to customer.created, customer.deleted, and customer.updated events, you can use API Explorer to create, update, and delete customer profiles and then view the event logs.

Link to section

Handle customer event notifications

When customer profiles in your account are created, updated, deleted, or merged, Square sends a notification for any webhooks that are subscribed to the corresponding event.

To handle notifications, applications typically perform the following steps:

  1. Validate the authenticity of the notification.
  2. Respond with an HTTP 2xx response code after receiving the notification.
  3. Inspect, process, store, or forward the notification.
  4. Synchronize customer data or take some other action based on the event.

For code examples that show how to validate that notifications are from Square and send a 200 response code, see Verify and Validate an Event Notification.

The body of the notification is a JSON object that contains the following properties.

Property Description
merchant_idThe ID of the seller whose directory contains the affected customer.
typeThe type of event:
  • customer.created
  • customer.deleted
  • customer.updated
event_idThe unique ID of this event, used for idempotency support.
created_atA timestamp of when the event occurred. For example, 2021-07-30T21:59:15.286Z

data

Information about the affected customer, represented by one of the following objects, depending on the event type:

The data.object property represents the Customer resource and includes attributes defined for the customer, except cards (deprecated) and segment_ids.

If your use case requires the full Customer resource, use the customer ID from the notification to call the RetrieveCustomer endpoint.

Link to section

Notifications for customer.created events

A customer.created event is invoked when a customer profile is created. The following is an example event notification:

Note

The following fields are removed from the returned customer object in customer.created notifications: cards (deprecated) and segment_ids.

Notifications for customer.created events from merge operations also include an event-context object. For more information, see Notifications for customer profile merge events.

Link to section

Notifications for customer.deleted events

A customer.deleted event is invoked when a customer profile is deleted. The following is an example event notification. Notifications for delete events contain "deleted": true.

Note

The following fields are removed from the customer object in customer.deleted notifications: cards (deprecated), group_ids, and segment_ids.

Notifications for customer.deleted events from merge operations also include an event-context object. For more information, see Notifications for customer profile merge events.

Link to section

Notifications for customer.updated events

A customer.updated event is invoked when a customer profile is updated, except when changes are made to the following attributes:

  • cards (deprecated)
  • segment_ids

The following is an example event notification:

Note

The following fields are removed from the customer object in customer.updated notifications: cards (deprecated) and segment_ids.

To discover which customer profile attributes changed, compare the updated customer resource in the notification with your local copy of the customer profile.

If customer.updated events for the same customer profile occur concurrently, Square compares their version numbers and sends a webhook notification for the latest version only. If you receive multiple customer.updated notifications for the same customer profile before you process them, you can use the version field of the customer object to determine the latest version.

Link to section

Notifications for customer profile merge events

When two or more customer profiles are merged, Square creates a new customer profile using aggregated properties from the existing profiles and then deletes the existing profiles. As a result, a merge triggers a combination of notifications:

  • One customer.created event for the new customer profile.
  • Two or more customer.deleted events, one for each existing customer profile that was merged and deleted.

All notifications from a merge include an event_context field with a merge object that contains the IDs of the affected customer profiles.

"event_context": { "merge": { "from_customer_ids": [ // ID of existing customer profile A that was merged and deleted, // ID of existing customer profile B that was merged and deleted, // ... ], "to_customer_id": // ID of new customer profile C with aggregated properties } }

All notifications sent for a particular merge operation contain the same merge object.

Did you know?

If you only want to track the IDs of customer profiles affected by a merge, you can listen for customer.created events and check whether the notifications contain the event_context.merge field. This method is more efficient than checking customer.deleted events because a merge always create a single customer profile and the associated merge object contains the IDs of all affected customer profiles.

If you need additional information about the deleted customer profiles, make sure to also subscribe for customer.deleted event notifications, which include the customer object. You cannot retrieve a customer profile after it is deleted.

Link to section

Example notifications from a merge operation

In this example scenario, two customer profiles are merged, so Square sends three notifications: one customer.created notification and two customer.deleted notifications.

The customer.created notification is sent when the new profile is created. Note the following customer profile attributes:

  • creation_source is set to MERGE.
  • note lists the merge date and any non-transferable attributes.

The following is an example customer.created notification:

Two customer.deleted notifications are sent when the two existing profiles are merged and then are automatically deleted as part of the merge operation. The following are example event notifications:

  • Example for existing customer profile 1:

  • Example for existing customer profile 2:

Link to section

Test your webhooks

To test your webhook with actual resources, you can make changes to the customer profiles in your account. Make sure to test with the same environment (Sandbox or Production) that you registered for the webhook.

The following are some ways you can trigger customer event notifications.

Test from the Square Dashboard

  1. Open the Square Dashboard.

    • To test with Sandbox resources, open the the Sandbox test accounts page in the Developer Console, and then choose Square Dashboard next to the test account. This opens the Sandbox Square Dashboard associated with the test account.
    • To test with production resources, open the Square Dashboard.
  2. In the left pane, choose Marketing & loyalty and Customer directory, and then create, update, delete, or merge customers.

    To merge profiles, select two or more customers, and then choose Merge. For more information, see Duplicates.

Test from API Explorer

Sign in to API Explorer and choose your Sandbox or Production environment. Then, call the following Customers API endpoints as needed to test your webhook:

Test using cURL

Send cURL requests to Customers API endpoints. For more information, see the following documentation:

Note

You can also send a generic test notification from the Developer Console.

You should receive notifications for customer events that you subscribe to. Square doesn't send notifications for events that fail.

For information about troubleshooting Square Webhooks, see Troubleshoot Webhooks.