Authentication Error on Terminal Checkout

I’m trying to do a Terminal API call and I’m having some trouble making the calls. I have generated my OAuth Token (Connect a Square Terminal to a POS Application) for the following permissions.

CUSTOMERS_READ,CUSTOMERS_WRITE,ITEMS_READ,ORDERS_WRITE,PAYMENTS_READ,PAYMENTS_WRITE,MERCHANT_PROFILE_READ,ORDERS_READ,DEVICE_CREDENTIAL_MANAGEMENT

I’m doing the order placing via the Java SDK and that seems to work fine with the generated token but the Terminal REST API call fails. The log is as follows.

2024-02-27 20:18:31 - SQUARE-TERMINAL API >>>>>>>>>> 
URI         : https://connect.squareupsandbox.com/v2/terminals/checkouts
Method      : POST
Headers     : {Accept=[application/json], Content-Type=[application/json], Authorization=[Bearer {Token}], Square-Version=[2024-01-18], Content-Length=[302]}
Request body: {"idempotency_key":"SQT-a7qt11d84ba4","checkout":{"amount_money":{"amount":255,"currency":"USD"},"tip_money":{"amount":0,"currency":"USD"},"order_id":"a7qt11d84ba4","device_options":{"device_id":"22cd266c-6246-4c06-9983-67f0c26346b0","tip_settings":{"allow_tipping":false},"skip_receipt_screen":true}}}
2024-02-27 20:18:32 - SQUARE-TERMINAL API API  <<<<<<<<<< Status = [401] path = [https://connect.squareupsandbox.com/v2/terminals/checkouts]
Status code  : 401
Status text  : Unauthorized
Headers      : {Date=[Tue, 27 Feb 2024 14:48:32 GMT], Content-Type=[application/json], Content-Length=[161], Connection=[keep-alive], CF-Ray=[85c13aad4f1a513a-CMB], CF-Cache-Status=[DYNAMIC], Strict-Transport-Security=[max-age=631152000; includeSubDomains; preload], Vary=[Origin, Accept-Encoding], x-content-type-options=[nosniff], x-download-options=[noopen], x-envoy-decorator-operation=[/v2/terminals/**], x-frame-options=[SAMEORIGIN], x-permitted-cross-domain-policies=[none], x-sq-dc=[sjc2b], x-sq-envoy-safe-auth-decision=[UNAUTHORIZED], x-sq-region=[sjc2b], x-xss-protection=[1; mode=block], Set-Cookie=[__cf_bm=cG7s88PecpRyx1aIOv4SsRt.oq7Mt49u6QdjO8mmwCc-1709045312-1.0-AU5J9kW31GuCrFlDI7s+WoBxeoGnbjoFYkI7kM+WfHIjUrHa+04YotM1SW141VNevKdSLWOBBXQ6tMYhDcq3YqM=; path=/; expires=Tue, 27-Feb-24 15:18:32 GMT; domain=.squareupsandbox.com; HttpOnly; Secure; SameSite=None], Server=[cloudflare]}
Response body: {
  "errors": [
    {
      "category": "AUTHENTICATION_ERROR",
      "code": "UNAUTHORIZED",
      "detail": "This request could not be authorized."
    }
  ]
}

Sandbox Application ID: sandbox-sq0idb-61-sUjlWKyXIx1Gz5pKldQ
Merchant ID: JPP8GBK4V406R

What am I doing wrong here?

The request it correct except the order_id that your passing in isn’t a Square generated order_id. You can only pass in order_ids that are created with the Orders API.

As for the error have you tried to call RetrieveTokenStatus to check the permissions of the token? :slightly_smiling_face:

Hi @Bryan-Square, you were right about the order_id. But still the token issue isn’t resolved.

Try the following cURL.

curl --location --request POST 'https://connect.squareupsandbox.com/oauth2/token/status' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {Token}' \
--header 'Cookie: __cf_bm=V_lrfFsATE8SvoOKSlaoEncqPjVZyblWgmQkFcRxrAs-1709055037-1.0-AUIGecwedWjb1yrTlg1Y3sylZeJPXC/nuM9Bp2xkwf+aOtrKlp31uKPJvfytjD3dWe+PeeAyadQ10tib7hQbum0='

I’m getting the following.

{
    "message": "This request could not be authorized.",
    "type": "UNAUTHORIZED"
}

I’m a little confused here @Bryan-Square. The Bearer Access Token we should be using with the Terminal API calls should be the Access Token from the Square Application, or is it the OAuth 2.0 Access Token each merchant generates for us to communicate with the Square APIs on their behalf?

Okay, so the token that you provided isn’t a valid token which is why your getting the error. Also in the future please don’t expose the access token since those are secret. You will need to get a valid access token for the request to work. :slightly_smiling_face:

1 Like

Noted. Could you check the other query I have mentioned above?

That looks correct. If you remove the cookie and just run a simple curl request like this does it work with your access token?

curl https://connect.squareupsandbox.com/oauth2/token/status \
  -X POST \
  -H 'Square-Version: 2024-02-22' \
  -H 'Authorization: Bearer ACCESS_TOKEN' \
  -H 'Content-Type: application/json'

:slightly_smiling_face:

It doesn’t. I feel like these older tokens generated via the Java SDK don’t work anymore with the newer REST APIs. Even the character lengths of the tokens are different. The token generated via the SDK does work with SDK operations but not the REST APIs.

What version of the SDK are you using? Are you using our existing OAuth process with a refresh_token? :slightly_smiling_face:

<dependency>
            <groupId>com.squareup</groupId>
            <artifactId>square</artifactId>
            <version>6.0.0.20200625</version>
</dependency>

That’s the maven dependency. And yes, I see we use OAuth flow, get a code and then generate the Access Token and Refresh Token using the SDK. And renew the Access Token with the Refresh Token via the SDK as well.

Okay, great! Are you able to make any other API calls with the access token? Like to ListLocations? :slightly_smiling_face:

Nope. Even for that I’m getting an AUTHENTICATION_ERROR.

Is that a production access token or a sandbox one? :slightly_smiling_face:

All these were sandbox accounts and credentials I’ve been providing here.

All the request you’ve provided work for me with my sandbox token. I’m guessing the token you have is and invalid token. If you use your sandbox access token from your application are you able to get the requests to work? :slightly_smiling_face:

Hi @Bryan-Square, the OAuth Tokens generated with the SDK don’t seem to work with the REST APIs. Why is this? Those tokens works as expected with the SDK methods but not REST APIs.

Hi @Bryan-Square. I figured it out. We were making some encryption of the keys for safety. Which I wasn’t aware of. I was trying to use the encrypted key which caused the failure. Apologies for the wild goose chase.

Glad to hear that you were able to figure it out. :slightly_smiling_face: