Authentication problem 401: AUTHENTICATION_ERROR

Questions
1

Hello,
I have been tasked by a client to build a data extraction code, he provided me with an access token to apply it. The problem is that when I run my code or try the test directly (GET /v2/locations - Square API Explorer), it gives me a 401 response (UNAUTHORIZED).
I’m from the Czech Republic and he’s from the US, but I run everything through VPN on US servers.
Any idea where the problem might be, I’m including a piece of code that I tried the approaches on.

import requests

token = "TOKEN"
url="https://connect.squareup.com/v2/locations"

headers = {
"Square-Version": "2024-09-19",
"Authorization": f "Bearer {token}", 
"Content-Type": "application/json"
}

response = requests.get(url, headers=headers)

if response.status_code == 200:
print("Response:", response.json())
else:
print(f "Error: {response.status_code}, {response.text}")

I tried Postman and your library but still the same result

Error: 401, {
  "errors": [
    {
      "category": "AUTHENTICATION_ERROR",
      "code": "UNAUTHORIZED",
      "detail": "This request could not be authorized."
    }
  ]
}

The token is correct it was tested directly by the client (US localization), and it worked for him both in Postman and in GET /v2/locations - Square API Explorer. But when I run it, the result is always 401.


from square.http.auth.o_auth_2 import BearerAuthCredentials
from square.client import Client

client = Client(
    bearer_auth_credentials=BearerAuthCredentials(
        access_token='TOKEN'  
    ),
    environment='production'
)

result = client.locations.list_locations()

if result.is_success():
    for location in result.body['locations']:
        print(f"{location['id']}: ", end="")
        print(f"{location['name']}, ", end="")
        print(f"{location['address']['address_line_1']}, ", end="")
        print(f"{location['address']['locality']}")

elif result.is_error():
    for error in result.errors:
        print(error['category'])
        print(error['code'])
        print(error['detail'])
2

:wave: I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:

Additional Documentation

Request a Mobile Authorization Code on the Command Line
Mobile Authorization API: How It Works
Access Tokens and Other Credentials

If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.

3

The 401 Unauthorized error typically indicates that the access token you’re using is not valid. Here are a few things you could check:

  1. Ensure that the access token is correct. Even a small typo could cause this error.

  2. Make sure you’re using the correct access token for the environment you’re targeting. Square provides separate access tokens for the Sandbox and Production environments. If you’re making a call to the Production environment, you should use the Production access token, and vice versa for the Sandbox environment.

  3. Check that the access token has not expired. Square OAuth access tokens expire after 30 days, so if you haven’t refreshed your token recently, it might have expired.

  4. Verify that the access token has the necessary permissions to access the endpoint you’re trying to reach. If your token doesn’t have the required permissions, you’ll need to go through the OAuth flow again and request the necessary permissions.

  5. If you’re using a VPN, make sure it’s not causing any issues. Try making the request without the VPN to see if that resolves the issue.

  6. Lastly, ensure that the access token is being included correctly in the Authorization header of your request. The header should be in the format “Authorization: Bearer YOUR_ACCESS_TOKEN”.

This answer was reviewed by @Bryan-Square.