Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Overview
Build a Tip Report
Split an Online Payment
Build a Sales Report
Delayed Capture
Partial Payments
Statement Descriptions
ACH Bank Transfer Payment
Afterpay and Clearpay Payments
Cash App Payments
Cash Payments
External Payments
House Accounts
Collect Application Fees
Update Payment and Tip Amounts
Retrieve Payments
Troubleshoot
Webhooks
Refund Payments
Refund a Payment with an App Fee
Retrieve Refunds
Webhooks
Process Disputes
Test in the Sandbox
Take Payments on Hardware
Quickstart
Take Payments
POS App Pairing with Square Terminal
Dismiss Terminal Checkouts and Refunds
Monitor Square Terminals
Manage Terminal Actions
Save Card on File
Check Device Information
Print or Issue Receipts
Customize the Idle Screen
Confirmation Screen
Signature Capture Screen
Data Collection Screen
Menu Selection List Screen
QR Code Screen
Link and Dismiss Actions
Refund Interac Payments
Take E-Money Payments
Take PayPay QR Code Payments
Mobile Payments SDK
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Handling Errors
Build on iOS
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Handling Errors
Migrate from Reader SDK
Get Credentials
Configure the Sample Application
Take a Cash Payment
Customize the Checkout Amount
Take a Credit Card Payment
How It Works
Build on Android
Build on iOS
Connect a Contactless Reader
Charge a Card on File
Save a Card on File
Configure on iOS for Square Stand
Deauthorize Reader SDK
Capture a Transaction
Delay the Capture of Payments
Configure APK Splits
Update to New Reader SDK Version
Flutter Plugin
React Native Plugin
How It Works
Build on Android
Build on iOS
Build on Mobile Web
Find Your Android Fingerprint
Use the API in Offline Mode
Add an Alert Dialog Helper Class
Accept E-Money Payments
Accept PayPay Payments
Mobile Web Technical Reference
Payments API Integration
Clone the Quickstart Project Template
Add the SDK to the Web Client
Verify the Payment
Add Strong Customer Authentication
Deploy the Application
Take a Card Payment
Apple Pay
Google Pay
Digital Wallet Payment Requests
ACH Bank Transfer
Afterpay
Cash App Pay
Take a Gift Card Payment
Take Partial Payments
Customize the Card Entry Form
Verify the Buyer
Store Card on File with SCA
Charge Card on File with SCA
Set up the Client
Deploy the Server
Install the SDK
Build on Android
Build on iOS
Google Pay
Apple Pay
Enable SRC for Android
Enable SRC for iOS
Localize an Application
Gift Card Payments
Flutter Plugin
React Native Plugin
Customize the Payment Entry Form
Connect to a Backend Service
Remove the Postal Code Requirement
Troubleshoot
How It Works
Verify Buyer
Quick Pay Checkout
Square Order Checkout
Subscription Plan Checkout
Checkout Settings
Checkout Configurations
Manage Checkout
Guidelines and Limitations
Subscription Plans and Variations
Manage Subscriptions
Subscription Actions and Events
Pause, Resume, or Cancel Subscriptions
Subscription Billing and Invoices
Swap Subscription Plan Variations
Create and Publish Invoices
Retrieve, List, or Search Invoices
Create or Delete Invoice Attachments
Update Invoices
Cancel or Delete Invoices
Pay or Refund Invoices
Walkthrough: Create and Publish Invoices
Manage Cards
Create a Card on File from Payment ID
Create a Card on File and a Payment
Create a Shared Card on File and Make a Payment
List Payouts
Get Payout
List Payout Entries
Bank Accounts
How It Works
Build with Mobile Authorization
Get Authorization Code on Command Line
Payment Methods by Country
Payments Pricing
Strong Customer Authentication
Payment Minimums

/

Payments

/

Take Payments on Hardware

/

Mobile Payments SDK

/

Build on iOS

Authorize the Mobile Payments SDK

Overview
Authorization state
Link to section

Overview

To enable your application to securely connect to any Square seller account, the Mobile Payments SDK must be authorized using an OAuth access token and a location ID. Each Square seller who uses your application must be authorized with an OAuth access token The same process should be used even if you only plan to use the Mobile Payments SDK with your own Square account. To get started, see OAuth documentation and OAuth sample applications.

When requesting an OAuth access token from a seller, your application must request the following permissions:

  • MERCHANT_PROFILE_READ is required to get a list of all a seller's locations.
  • PAYMENTS_WRITE and PAYMENTS_WRITE_IN_PERSON are required to take payments with the Mobile Payments SDK.
  • PAYMENTS_WRITE_ADDITIONAL_RECIPIENTS is required only if you want to collect application fees.

When displaying the Square authorization page, it’s recommended to use SFSafariViewController instead of WKWebView. WKWebView can be used if it's required for the look and feel of your application, but using SFSafariViewController is a more supported and stable experience. For information about when to use SFSafariViewController rather than WKWebView, see Apple's guidance.

The Mobile Payments SDK is divided into four managers to provide specific areas of functionality. Authorization is handled by the AuthorizationManager. In your application's authorization or bootstrapping logic, use the authorizationManager authorize() function to authorize the Mobile Payments SDK with the OAuth access token and location ID for the Square seller connecting to your application. When authorization completes, the AuthorizeCompletionHandler provides the result of the authorization, including any errors.

Link to section

Authorization state

You can check whether a user of your application is authorized, notAuthorized, or (in the process of) authorizing by checking AuthorizationManager.state prior to beginning authorization. However, this value isn't modified if the state changes.

To asynchronously track changes in the authorization state, add an AuthorizationStateObserver to your viewController to receive updates to the authorization state whenever the Mobile Payments SDK is authorized or deauthorized.

Link to section

Session expiration

Square OAuth access tokens expire after 30 days. After expiration, applications must generate a new OAuth access token using the refresh token received when the authorization was first granted. The response looks like the following:

{
  "access_token": "EAAAEL_l5ncx260W8yWz2gGO0GtJeFBJqIdHIXZjpQZ_XW-yxh-Tl7MlF8vIE__n",
  "token_type": "bearer",
  "expires_at": "2024-05-15T19:36:00Z",
  "merchant_id": "TVSNN09QQY609",
  "refresh_token": "EQAAEInZRUFx8bgauwrDjXYIioyCDEB7vyOG0cScx-qfczgTpNtUjAGLResAKOe9"
}

Square recommends tracking the expires_at value on your server and refreshing the authorization token before it expires. You can store expiration time on the device and check it during application initialization.

The Mobile Payments SDK also performs checks for an expired authorization token during initialization and application startup and if pairing a card reader fails. If the SDK detects an expired token, it deauthorizes the Square seller account (in the same manner as calling AuthorizationManager.deauthorize()) and your AuthorizationStateObserver is notified of the change in state.

Link to section

Deauthorize the Mobile Payments SDK

To deauthorize the Mobile Payments SDK and sign out of a seller's Square account, use the Authorization Manager's deauthorize() method. This method provides a DeauthorizeCompletionHandler, called when the SDK finishes deauthorizing.

It's a good idea to call this method regularly, when a user logs out of your application or hasn't had any activity within a period of time. This prevents your application from having to track a large number of dangling authorizations.

func deauthorizeMobilePaymentsSDK() {
 MobilePaymentsSDK.shared.authorizationManager.deauthorize {
   // Check authorization status
   print(MobilePaymentsSDK.shared.authorizationManager.state)
 }
}
Link to section

Next steps

After the Mobile Payments SDK is installed and initialized in your mobile application and authorized with a Square account, you're ready to pair and manage card readers.

On this page
OverviewAuthorization stateNext steps