GET Order sending UNAUTHORIZED but not captured in logs

AaronRoss · August 9, 2024, 5:29pm

Hi, we have an odd case where a customer is unable to complete transactions with us via the Point of Sale system. The basics of how this works:

Customer initiates transaction in our web application
The Square app is presented and the payment is completed
The application returns and a webhook is hit on our server to complete the transaction on our end (via payment.update hook)

This process is working for other customer but this one customer seems to have issues. We can see that the hook is hitting us, but when we try to preform a call to the retrieve Order API endpoint, we are getting a 401 or UNAUTHORIZED. The permissions are set up correctly to use the Orders API. I have manually created a simulation of what happens in the hook to see if I can observer the UNAUTHORIZED occurring for this customer but when I do this it works as expected and I get the order back.

I have two questions:
The UNAUTHORIZED Order API calls are not showing up in the API logs in the developer dashboard though. Is this intended? I can see 400, 403, and 404 but no 401 statuses.

Also Would it be possible to get some support on why these 401’s are occurring for this customer in this specific situation?

Bryan-Square · August 9, 2024, 5:52pm

What’s the application ID and the order_id that your getting this with?

AaronRoss · August 9, 2024, 5:56pm

Hi Bryan,
The application id is sq0idp-oqWVZw2EUpGT9m3LewsSRA and an example order id is OQ1bKkSPppwDhcLfUkupyB9eV.

Bryan-Square · August 9, 2024, 8:02pm

Everything looks correct from what I can see. Is the access token your using valid and if you call RetrieveTokenStatus with it is the merchant_id: EXGD5W18P4NSV?

Also it is expected that UNAUTHORIZED errors won’t show in the API Logs.

AaronRoss · August 12, 2024, 1:48pm

Hi Bryan,
Thanks to your comment I believe I have figured out the cause. We reverse look up the user’s id in our system based on the merchant id from the hook. I looked into it and it looks an old copy of the user has the same merchant id so it was just referencing the wrong user on our end I believe. Thanks for the idea! This can probably be closed.

Bryan-Square · August 12, 2024, 3:49pm

Glad to hear that you were able to figure out the issue.

Topic		Replies	Views
Transaction data Questions payments-api , point-of-sale-api , webhooks-api	8	1709	May 20, 2021
Webhooks and Order Issues Site Feedback orders-api , payments-api	8	344	May 14, 2024
Errors retrieving Orders after Payment.Created webhook Questions orders-api	11	2064	February 9, 2022
The payment.update event delayed Questions orders-api , payments-api , webhooks-api	3	660	July 25, 2023
Orders Not Appearing on Square POS Questions orders-api , terminal-api , pos	2	26	September 18, 2024

GET Order sending UNAUTHORIZED but not captured in logs

Related topics