Custom Attributes for Orders

Applies to: Order Custom Attributes API

Learn how to create and manage custom attributes for Square orders using the Order Custom Attributes API.

With custom attributes for orders, you can define your own properties and associate them with individual Order objects. For example, in a restaurant scenario, you can define fields such as Table Number, Seat Number, or Cover Count (how many people are seated at the table). When an order is ready, you can use the Order Custom Attributes API to match the order with the table that requested it.

The following requirements, limitations, and other considerations apply when working with custom attributes for orders:

• Minimum Square version - Square version 2022-11-16 or later is required to work with the Order Custom Attributes API.

• Sensitive data - Custom attributes are intended to store additional information or store associations with an entity in another system. Don't use custom attributes to store any PCI data, such as credit card details. PII is supported in custom attribute values, but applications that create or read this data should observe applicable privacy laws and data regulations such as requesting the hard deletion of custom attribute data when a GDPR request for erasure is received. Never store secret-level information in a custom attribute. The use of custom attributes is subject to developers adhering to the Square API Data Policy Disclosures.

• Limits - A seller account can have a maximum of 100 order-related custom attribute definitions per application.

• Unique name - If the visibility of an order-related custom attribute definition is VISIBILITY_READ_ONLY or VISIBILITY_READ_WRITE_VALUES, the name must be unique (case-sensitive) across all visible order-related custom attribute definitions for the seller. This requirement is intended to help sellers differentiate between custom attributes that are visible in the Customer Directory and other Square products.

• Maximum value for Number custom attributes - The absolute value of a Number-type custom attribute cannot exceed (2^63-1)/10^5 or 92233720368547.

• OAuth permissions - Applications that use OAuth require ORDER_READ or ORDER_WRITE permission to work with order-related custom attributes. For more information, see OAuth API Overview and Order Custom Attributes.

  If a seller revokes the permissions of the application that created a custom attribute definition or the token expires, the application cannot access the definition or corresponding custom attributes until permissions are restored. However, the definition and custom attributes remain available to other applications according to the visibility setting.

• Idempotency - Including an idempotency key in a request guarantees that the request is processed only once. The following endpoints allow you to specify an idempotency_key:

  • CreateOrderCustomAttributeDefinition
  • UpdateOrderCustomAttributeDefinition
  • UpsertOrderCustomAttribute
  • BulkUpsertOrderCustomAttributes

Be sure to generate a unique idempotency key for each request. If an idempotency key is reused in requests to the same endpoint on behalf of the same seller, Square returns the response from the first request that was successfully processed using the key. Square doesn't process subsequent requests that use the same key, even if they contain different fields. For more information, see Idempotency.

The basic workflow for order custom attributes involves the following types of operations:

1. Creating a custom attribute definition for Order objects.

2. Setting a custom attribute for an order, according to the associated custom attribute definition.

3. Retrieving one or more custom attributes from an order and performing other operations with those custom attributes.

To create a new custom attribute for orders, you must first define its properties. To do this, you call CreateOrderCustomAttributeDefinition.

The following example request defines a Cover Count custom attribute. The schema field indicates that the value of the custom attribute is a Number.

The key identifier and visibility setting that you specify for the definition are also used by corresponding custom attributes. The visibility setting determines the access level that other applications (including the Customer Directory and other Square products) have to the definition and corresponding custom attributes.

After you create a custom attribute definition, you can set that custom attribute for any order.

The following example UpsertOrderCustomAttribute request sets the Cover Count custom attribute using the order_id and key. Note the following:

• The key in the path is cover-count, which is the key specified by the definition.
• The value in the request body sets the custom attribute value for the order. This value must conform to the Number data type specified by the schema field in the definition.

You can now retrieve the custom attribute to retrieve the value that was set for the order.

The following example RetrieveOrderCustomAttribute request retrieves the Cover Count custom attribute for an order using the order_id and key:

The value field in the following example represents the custom attribute value:

{
  "custom_attribute": {
    "key": "cover-count",
    "version": 1,
    "updated_at": "2022-11-16T18:00:09.502Z",
    "value": "4",
    "created_at": "2022-11-16T18:00:09.502Z",
    "visibility": "VISIBILITY_READ_WRITE_VALUES"
  }
}

You can include the with_definition query parameter to return the corresponding custom attribute definition in the same call. For example, you might want to retrieve the definition to retrieve the custom attribute's data type or name.

The Order Custom Attributes API supports the following operations:

• CreateOrderCustomAttributeDefinition
• UpdateOrderCustomAttributeDefinition
• ListOrderCustomAttributeDefinitions
• RetrieveOrderCustomAttributeDefinition
• DeleteOrderCustomAttributeDefinition

• UpsertOrderCustomAttribute
• ListOrderCustomAttributes
• RetrieveOrderCustomAttribute
• DeleteOrderCustomAttribute

The data type of a custom attribute is specified in the schema field of the custom attribute definition. For all data types except Selection, this field contains a simple URL reference to a schema object hosted on the Square CDN.

Order-related custom attributes support the following data types:

• String
• Email
• PhoneNumber
• Address
• Date
• Boolean
• Number
• Selection

For information about defining the data type for an order-related custom attribute, see Specifying the schema.

A CreateOrderCustomAttributeDefinition request is scoped to a specific seller. To make the custom attribute available to other sellers, you must call CreateOrderCustomAttributeDefinition on behalf of each seller. To do so when using OAuth, call this endpoint for each seller using their access token.

The application that creates a custom attribute definition is the definition owner. The definition owner always has READ and WRITE permissions to the definition and to all instances of the corresponding custom attribute.

The visibility of a custom attribute definition determines how other applications that make calls on behalf of a seller can access the definition (and its corresponding custom attributes). This access control applies to third-party applications and Square products, such as the Customer Directory.

The following table shows the access permitted by each supported visibility setting:

You can subscribe to receive notifications for order-related custom attribute events. Each event provides two options that allow you to choose when Square sends notifications:

1. .owned event notifications are sent when changes are made to custom attribute definitions and custom attributes that are owned by your application. A custom attribute definition is owned by the application that created it. A custom attribute is owned by the application that created the corresponding custom attribute definition.

2. .visible event notifications are sent when changes are made to custom attribute definitions and custom attributes that are visible to your application. These changes apply to:

   • All custom attribute definitions and custom attributes owned by your application.
   • All other custom attribute definitions or custom attributes whose visibility setting is VISIBILITY_READ_ONLY or VISIBILITY_READ_WRITE_VALUES. This includes seller-defined custom attributes (also known as custom fields), which are always set to VISIBILITY_READ_WRITE_VALUES.

Notification payloads for both options contain the same information.

Subscribe to the following events to receive notifications for changes to custom attribute definitions and custom attributes that are owned by your application:

Subscribe to the following events to receive notifications for changes to custom attribute definitions and custom attributes that are visible to your application. These .visible events include changes to all custom attribute definitions and custom attributes that are owned by your application, so you do not need to subscribe to an .owned event when you subscribe to the corresponding .visible event.

The following is an example order.custom_attribute_definition.visible.created notification:

{
  "merchant_id": "DM7VKY8Q63GNP",
  "type": "order.custom_attribute_definition.visible.created",
  "event_id": "347ab320-c0ba-48f5-959a-4e147b9aefcf",
  "created_at": "2022-11-16T21:40:49.943Z",
  "data": {
    "type": "custom_attribute_definition",
    "id": "sq0idp-BushoY39o1X-GPxRRUWc0A:homeEmail",
    "object": {
      "created_at": "2022-11-16T21:40:49Z",
      "description": "Home email address",
      "key": "sq0idp-NarsfT33p3V-HZtTHEPg3F:homeEmail",
      "name": "Home email",
      "schema": {
        "$ref": "https://developer-production-s.squarecdn.com/schemas/v1/common.json#squareup.common.Email"
      },
      "updated_at": "2022-11-16T21:40:49Z",
      "version": 1,
      "visibility": "VISIBILITY_READ_WRITE_VALUES"
    }
  }
}

The following is an example order.custom_attribute.visible.updated notification:

{
  "merchant_id": "DM7VKY8Q63GNP",
  "type": "order.custom_attribute.visible.updated",
  "event_id": "1cc2925c-f6e2-4fb6-a597-07c198de59e1",
  "created_at": "2022-11-16T01:22:29Z",
  "data": {
    "type": "custom_attribute",
    "id": "sq0idp-BushoY39o1X-GPxRRUWc0A:homeEmail:ORDER:74PfERnDQ23tFjqxpDFAt45NJKp7VC",
    "object": {
      "created_at": "2022-11-16T21:40:54Z",
      "key": "sq0idp-NarsfT33p3V-HZtTHEPg3F:homeEmail",
      "updated_at": "2022-11-16T01:22:29Z",
      "value": "[email protected]",
      "version": 2,
      "visibility": "VISIBILITY_READ_WRITE_VALUES"
    }
  }
}

Note the following:

• The ORDERS_READ permission is required to receive notifications about order-related custom attribute events.

• The key of the custom attribute definition or custom attribute in the notification is always the qualified key.

• If you subscribe to the .owned and .visible options for the same event, Square sends both notifications for changes to custom attribute definitions and custom attributes owned by the subscribing application.

• The value of the data.id in the notification depends on the affected object:

  • For custom attribute definition events, data.id is the qualified key.
  • For custom attribute events, data.id is generated using the qualified key and the ID of the affected order. This data.id cannot be used directly with the Order Custom Attributes API.

For more information about custom attribute webhooks, see Subscribing to webhooks. For more information about how to subscribe to events and validate notifications, see Square Webhooks.

• Define Custom Attributes for Orders
• Use Custom Attributes for Orders
• Custom Attributes
• API Reference: Custom Attributes for Orders