Not sure why I’m getting this response when calling the order api and how to resolve it:
{“errors”: [{“code”: “FORBIDDEN”,“detail”: “Cannot fetch orders for a different merchant.”,“category”: “AUTHENTICATION_ERROR”}]} - - "{"errors": [{"code": "FORBIDDEN","detail": "Cannot fetch orders for a different merchant.","category": "AUTHENTICATION_ERROR"}]}
I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:
If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.
The error message “Cannot fetch orders for a different merchant” indicates that the access token you’re using in your API call is not authorized to access orders for the merchant ID you’re trying to fetch. This usually happens when the access token is associated with a different merchant account than the one you’re trying to access.
To resolve this issue, ensure that you’re using the correct access token for the merchant account whose orders you’re trying to fetch. If you’re using OAuth, make sure that the merchant has granted your application the necessary permissions to access their orders.
The issue here is that, this error happened on the square side by one of the people who is reviewing my app.
Initially it worked for them when they tested it a week ago but now it seems that they have changed the account they are using to test my app and this error started to happening.
so not sure how to debug it. Is there a way to connect from the team who is reviewing my app?
What is your app doing? Is it trying to get an order from another Square account? The authorization can only get objects from the Square account it’s connected to.
Not sure what am I missing but here are some details about the issue.
I have two sandbox accounts:
Default Test Account
Seller Test Account
Steps:
open the “Default Test Account” dashboard in a new browser tab and go through the authentication process
It gives me back a token which I use for retrieving orders created on the “Default Test Account” by calling the orders api
Then I disconnect the “Default Test Account” account by calling the revoke api, delete the token data from the database and close the dashboard browser tab
Then I open the “Seller Test Account” dashboard in a new browser tab and repeat the steps above
The authentication works and gives me back a token but I’m getting the “Cannot fetch orders for a different merchant” error message when I try to get the orders created on the second account “Seller Test Account”
Hope you give me some directions that I can work on during the weekend.
Thanks
Is feels like my computer or browser has been authorized to my default sandbox account only and cannot be changed to use another account(s).
The access token works every time for my default sandbox account every time I try to revoke its access token and re-authenticate again. Yet it never works when I try to connect it and authenticate it to another sandbox account like my seller sandbox account.
What exactly am I missing here? please let me know.
I believe there is some confusion with the OAuth process and how sandbox test accounts work. The Default test account is designed to work with your access token. There is no need to OAuth to that account. Your other test account you’ll want to OAuth to that and use the generated access token to make API calls on the accounts behalf.
Your Square developer account comes with a default test account in the Sandbox. To simulate third-party application development, you need to create a second Sandbox account to act as a seller account.
In the Sandbox, the seller must be signed in to see the Square authorization page. Sign in to a seller test account by opening the Seller Dashboard. In production, you can also control whether you force the seller to sign in explicitly by setting the session parameter to false (recommended).
I’ve been doing exactly what you have recommended.
I have a “second / seller account” which I sign in to by clicking on its dashboard then I try to authenticate it. It works just fine, It takes me to the “Allow / Deny” auth page. I click on “Allow” and I get the access token back with the new seller account merchant id which is in this case “MLWQJSXSSYF8F”. But it doesn’t work and keeps failing with the same error msg “different location error”.
The access token that your using to get the order does is it for that same merchant_id? You can check with RetrieveTokenStatus. If it doesn’t match then the access token your using is for another account and you’ll need to use the access token that matches the merchant_id in the webhook body.
Please don’t share access tokens they are secret. Anyway’s I got it to work when calling RetrieveOrder. With that access token. When I checked your API Logs I see that the request is coming from a different merchant_id. So that means that the access token that’s being passed to Square isn’t the correct one.
Failed request: