How It Works

Applies to: Mobile Authorization API | Reader SDK | Locations API

Use the Mobile Authorization API to request authorization tokens to initialize Square mobile solutions like the Reader SDK.

Link to section


The Mobile Authorization API accepts an account credential (an OAuth token or a personal access token) and location ID and then returns an authorization code that custom mobile applications can use to initialize Square mobile solutions to accept payments using Square hardware.

In general, requesting a mobile authorization code involves the following steps:

  1. The mobile application calls the custom authorization service.

  2. The authorization service completes the Square OAuth flow and obtains a valid OAuth token.

  3. The authorization service uses the Locations API to call the ListLocations endpoint and gather a list of locations associated with the target account.

  4. The authorization service API selects a target location ID programmatically or with a web UI.

  5. The authorization service calls CreateMobileAuthorizationCode with the OAuth token and selected location ID.

  6. The authorization service returns a mobile authorization code to the mobile application.

    A diagram showing a flowchart of the Mobile Authorization Service process.


Mobile authorization codes are short lived and should be used immediately to authorize mobile solutions like the Reader SDK. Mobile authorization doesn't expire after a set amount of time. Authorization remains valid unless it's explicitly revoked (for example, by calling deauthorize in the Reader SDK) or the authorized application fails to take a payment within 90 days.

Link to section

See also

On this page