Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Overview
Build a Tip Report
Split an Online Payment
Build a Sales Report
Delayed Capture
Partial Payments
Statement Descriptions
ACH Bank Transfer Payment
Afterpay and Clearpay Payments
Cash App Payments
Cash Payments
External Payments
House Accounts
Collect Application Fees
Update Payment and Tip Amounts
Retrieve Payments
Troubleshoot
Webhooks
Refund Payments
Refund a Payment with an App Fee
Retrieve Refunds
Webhooks
Process Disputes
Test in the Sandbox
Take Payments on Hardware
Quickstart
Take Payments
POS App Pairing with Square Terminal
Dismiss Terminal Checkouts and Refunds
Monitor Square Terminals
Manage Terminal Actions
Save Card on File
Check Device Information
Print or Issue Receipts
Customize the Idle Screen
Confirmation Screen
Signature Capture Screen
Data Collection Screen
Menu Selection List Screen
QR Code Screen
Link and Dismiss Actions
Refund Interac Payments
Take E-Money Payments
Take PayPay QR Code Payments
Mobile Payments SDK
Build on Android
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Handling Errors
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Configure for Square Stand
Handling Errors
Migrate from Reader SDK
Get Credentials
Configure the Sample Application
Take a Cash Payment
Customize the Checkout Amount
Take a Credit Card Payment
How It Works
Build on Android
Build on iOS
Connect a Contactless Reader
Charge a Card on File
Save a Card on File
Configure on iOS for Square Stand
Deauthorize Reader SDK
Capture a Transaction
Delay the Capture of Payments
Configure APK Splits
Update to New Reader SDK Version
Flutter Plugin
React Native Plugin
How It Works
Build on Android
Build on iOS
Build on Mobile Web
Find Your Android Fingerprint
Use the API in Offline Mode
Add an Alert Dialog Helper Class
Accept E-Money Payments
Accept PayPay Payments
Mobile Web Technical Reference
Payments API Integration
Clone the Quickstart Project Template
Add the SDK to the Web Client
Verify the Payment
Add Strong Customer Authentication
Deploy the Application
Take a Card Payment
Apple Pay
Google Pay
Digital Wallet Payment Requests
ACH Bank Transfer
Afterpay
Cash App Pay
Take a Gift Card Payment
Take Partial Payments
Customize the Card Entry Form
Verify the Buyer
Store Card on File with SCA
Charge Card on File with SCA
Charge and Store Card on File with SCA
Set up the Client
Deploy the Server
Install the SDK
Build on Android
Build on iOS
Google Pay
Apple Pay
Enable SRC for Android
Enable SRC for iOS
Localize an Application
Gift Card Payments
Flutter Plugin
React Native Plugin
Customize the Payment Entry Form
Connect to a Backend Service
Remove the Postal Code Requirement
Troubleshoot
How It Works
Verify Buyer
Quick Pay Checkout
Square Order Checkout
Subscription Plan Checkout
Checkout Settings
Checkout Configurations
Manage Checkout
Guidelines and Limitations
Subscription Plans and Variations
Manage Subscriptions
Subscription Actions and Events
Pause, Resume, or Cancel Subscriptions
Subscription Billing and Invoices
Swap Subscription Plan Variations
Create and Publish Invoices
Retrieve, List, or Search Invoices
Create or Delete Invoice Attachments
Update Invoices
Cancel or Delete Invoices
Pay or Refund Invoices
Walkthrough: Create and Publish Invoices
Manage Cards
Create a Card on File from Payment ID
Create a Card on File and a Payment
Create a Shared Card on File and Make a Payment
List Payouts
Get Payout
List Payout Entries
Bank Accounts
How It Works
Build with Mobile Authorization
Get Authorization Code on Command Line
Payment Methods by Country
Payments Pricing
Strong Customer Authentication
Payment Minimums

/

Payments

/

Take Payments on Hardware

/

Mobile Payments SDK

/

Build on Android

Authorize your Android Application

Overview
Authorization state
Session expiration
Deauthorize the Mobile Payments SDK
Link to section

Overview

To enable your application to securely connect to a Square seller account, the Mobile Payments SDK must be authorized using an OAuth access token and a location ID. Each Square seller who uses your application must be authorized with an OAuth access token. The same process should be used even if you only plan to use the Mobile Payments SDK with your own Square account. To get started, see OAuth documentation and OAuth sample applications.

When requesting an OAuth access token from a seller, your application must request the following permissions:

  • MERCHANT_PROFILE_READ is required to get a list of all of a seller's locations.
  • PAYMENTS_WRITE and PAYMENTS_WRITE_IN_PERSON are required to take payments with the Mobile Payments SDK.
  • PAYMENTS_WRITE_ADDITIONAL_RECIPIENTS is required if you want to collect application fees.

The Mobile Payments SDK is divided into four managers to provide specific areas of functionality. Authorization is handled by the AuthorizationManager. Use authorizationManager.authorize() to authorize your Mobile Payments SDK application with a Square seller's accessToken and locationId. You also pass in a callback to be notified of authorization errors and successes and display those to the user.

Link to section

Authorization state

You can check whether a user of your application is currently authorized by checking AuthorizationState.isAuthorized() prior to beginning authorization.

To track changes in the authorization state, register a callback by using authorizationManager.setAuthorizationStateChangedCallback(). This callback can give you live updates to the authorizationManager.authorizationState whenever the Mobile Payments SDK is authorized or deauthorized.

Link to section

Session expiration

Square OAuth access tokens expire after 30 days. After expiration, applications must generate a new OAuth access token using the refresh token received when the authorization was first granted. The response looks like the following:

{
  "access_token": "EAAAEL_l5ncx260W8yWz2gGO0GtJeFBJqIdHIXZjpQZ_XW-yxh-Tl7MlF8vIE__n",
  "token_type": "bearer",
  "expires_at": "2024-05-15T19:36:00Z",
  "merchant_id": "TVSNN09QQY609",
  "refresh_token": "EQAAEInZRUFx8bgauwrDjXYIioyCDEB7vyOG0cScx-qfczgTpNtUjAGLResAKOe9"
}

Square recommends tracking the expires_at value on your server and refreshing the authorization token before it expires. If the SDK detects an expired token, it deauthorizes the Square seller account and invokes the callback registered with setAuthorizationStateChangedCallback with AuthorizationState(isAuthorized = false, isAuthorizationInProgress = false).

Link to section

Deauthorize the Mobile Payments SDK

To deauthorize the Mobile Payments SDK and log out of a seller's Square account, use authorizationManager.deauthorize(). This method provides a completion handler, called when the SDK finishes deauthorizing.

The seller remains authorized as long as their access token is valid. Therefore, it is a good idea to call this method when a user logs out of your application or has not had any activity within a period of time. This prevents your application from tracking a large number of dangling authorizations. Calling authorizationManager.deauthorize() doesn't expire a user's OAuth access token, it only deauthorizes the user from the mobile device running the Mobile Payments SDK.

Link to section

Next steps

After authorizing your application, you're ready to pair a card reader and prepare to start taking payments.

On this page
OverviewAuthorization stateSession expirationDeauthorize the Mobile Payments SDKNext steps