Getting "The `Authorization` http header of your request was incorrect or expired." on Production, but not Sandbox


I have a custom developed ecommerce platform and have successfully integrated Square based on the following tutorial:

It’s being used in combination with the Square PHP SDK.

It works perfectly in Sandbox mode, but when I move over to production, I get the following error:

[{"category":"AUTHENTICATION_ERROR","code":"UNAUTHORIZED","detail":"The `Authorization` http header of your request was incorrect or expired. The header value is expected to be of the format \"Bearer TOKEN\" (without quotation marks), where TOKEN is a valid access token (e.g. \"Bearer ABC123def456GHI789jkl0\"). For more information, see https:\/\/\/docs\/build-basics\/using-rest-api#__set-the-headers__ ."}] 

I made sure all the credentials are correct and that square.js is loading the production one and not the sandbox one.

To test it further, I setup my production site to run the sandbox square.js and credentials, and that worked correctly, so this eliminates any development vs. production disparities.

I see that there are similar topics here on the forum, but none of them matched my exact experience. Furthermore, they weren’t using the newer and recently released square.js approach.

I’d appreciate any help.

:wave: With Square an authentication error only happen when credentials or targeted environments/libraries aren’t configured correctly. When you switched to production did you make sure to go through the Deploy application checklist? :slightly_smiling_face:

Ack. My bad. I forgot to set this part to PRODUCTION:

$client = new SquareClient([
    'accessToken' => 'YOUR SANDBOX ACCESS TOKEN HERE',
    'environment' => Environment::SANDBOX

Glad to hear you figured it out. :slightly_smiling_face: