OAuth Permissions Reference

Applies to: OAuth API

View all OAuth permissions (scopes) needed to call Square API endpoints with an OAuth access token.

To get a scoped OAuth access token used in calling a Square API endpoint, you need to specify the permissions that your application needs to access Square account resources. The permissions you specify are shown to the user in an authorization dialog that lets the user grant access to your application.

The following sections list and describe all the Square API services, their endpoints, and the OAuth permissions needed to access them. As a best practice, only request the permissions that your application requires.

The Bank Accounts API lets developers retrieve information about the bank accounts linked to a Square account.

The Bookings API creates and maintains service appointments.

The Booking Custom Attributes API lets you create and manage custom attributes for bookings.

The Cards API provides endpoints to access a payment card stored on file.

The Cash Drawer Shifts API provides details about cash drawer shifts.

The Catalog API syncs items to Square Point of Sale to itemize payments consistently across all channels.

The Checkout API accepts itemized payments on a Square-hosted web page. No frontend experience is required.

The Customers API creates and manages customer profiles and syncs customer relationship management (CRM) systems with Square.

The Customer Custom Attributes API lets you create and manage custom attributes for customer profiles.

The Customer Groups API manages customers by groups.

The Customer Segments API manages customers by segments.

Use the Devices API to configure a Square Terminal.

Use the Disputes API to manage disputes (chargebacks).

Retrieves employees for a seller. The Employees API is deprecated and replaced by the Team API.

The Events API returns information about Square events. This is the same information included in webhook event notifications.

To call Events API endpoints, provide the application's personal access token instead of an OAuth access token. Square uses OAuth on the backend to determine whether the application is authorized to access specific events.

The Gift Cards API provides endpoints to create and manage gift cards.

The Gift Card Activities API provides endpoints to create gift card activities, such as activating a gift card, adding funds to a gift card, and redeeming a gift card.

The Inventory API keeps an inventory of catalog items in sync across all commerce channels.

Use the Invoices API to manage invoices.

The Labor API manages scheduled shifts, timecards (shifts), breaks, and wages for team members.

The Locations API gets a list of a seller's locations.

The Location Custom Attributes API lets you create and manage custom attributes for locations.

The Loyalty API provides endpoints to work with loyalty programs, loyalty promotions, loyalty accounts, loyalty points, loyalty rewards, and loyalty events.

Use the Merchants API to retrieve information about a Square merchant account.

The Merchant Custom Attributes API lets you create and manage custom attributes for merchants.

The Mobile Authorization API provides an endpoint for getting a mobile authorization code for use in Reader SDK applications.

The Orders API gets sales data for a Square seller, itemize payments, push orders to Point of Sale, and more.

The Order Custom Attributes API lets you create and manage custom attributes for orders.

The Payments API lets developers take and manage payments. The Refunds API lets developers refund payments.

Use the Payouts API to see a list of deposits and withdrawals from a seller’s external bank account, a Square checking or savings account (available only in the United States), or a debit card (for instant transfers).

Use the Sites API to list the Square Online sites for a seller account.

Use the Snippets API to manage snippets on Square Online sites.

Use the Subscriptions API to manage subscriptions. For more information about required permissions to create and update subscriptions, see Requirements and limitations.

The Team API lets developers manage team members and job definitions.

The Terminal API lets developers request Square Terminal checkouts and process Interac refunds.

The Vendors API supports managing a seller's suppliers in an application.

The Webhook Subscriptions API lets you programmatically manage webhook subscriptions.

To call Webhook Subscriptions endpoints, provide the application's personal access token instead of an OAuth access token. Square uses OAuth on the backend to determine whether the application is authorized to access specific events.