Build with Mobile Authorization API
Build with the Mobile Authorization API to request authorization tokens to initialize Square mobile solutions like Reader SDK.
To embed Square mobile development solutions (e.g., Reader SDK), you must create a service to request mobile authorization codes. We recommend integrating this into your existing OAuth process if possible.
To build with the Mobile Authorization API, the following must be true:
You are using HTTPS. HTTPS is required for all production Square API calls. HTTP calls are only supported for developing and testing on localhost.
You are using production credentials. The Mobile Authorization API is not supported in the Square sandbox.
Additionally, you will need the following information:
To use the steps in this guide you will need the following information:
An active location ID. Copy a valid Developer Account location ID from the Locations setting page of your Square application in the Developer Dashboard, or set the dashboard to Sandbox Settings mode and then copy a sandbox location ID.
A valid access token. Square recommends testing with sandbox credentials whenever possible. See Square API Access Tokens for more information.
Add code to use the location ID and OAuth token to request a mobile authorization code. The authorization service should return the mobile authorization code to the calling application but for the sake of this example, we will simply print it to the screen.
// Create a MobileAuthorizationApi client to request an authorization code $mobileAuthzClient = new \SquareConnect\Api\MobileAuthorizationApi($apiClient) ; $body = new \SquareConnect\Model\CreateMobileAuthorizationCodeRequest(); $body->setLocationId($locationId); $apiResponse = $mobileAuthzClient->CreateMobileAuthorizationCode($body); $mobileCode = $apiResponse->getAuthorizationCode(); echo "Mobile authz code:" . $mobileCode;
Mobile authorization codes are short lived and should be used immediately to
authorize mobile solutions like Reader SDK. Mobile authorization does not expire
after a set amount of time. Authorization remains valid unless it is explicitly
revoked (for example, by calling
deauthorize in Reader SDK) or the authorized
application fails to take a payment within 90 days.
Now that you have a basic build in place, expand on it with this recipe!