OAuth Grant Event Webhook

Hi Square Forum,

Is it possible to send a webhook notification when a Square account grants access to an application? I see oauth.authorization.revoked in the docs but only for revoked authorizations. If the answer is negative, could you please tell me if it’s feasible as an enhancement so I can request the feature?

Thanks in advance for your assistance.
Andres.

:wave: I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:

Additional Documentation

Square Developer
OAuth API
Payments API Webhooks

If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.

Hi Andres,

Currently, Square’s OAuth API only supports the “oauth.authorization.revoked” webhook event, which notifies an application whenever a seller revokes all access tokens and refresh tokens granted to the application. There isn’t a corresponding webhook event for when a Square account grants access to an application.

As for your suggestion about this being a potential enhancement, while it’s a good idea, I don’t have the ability to implement new features or make changes to the API. I would recommend reaching out to Square directly through their official channels to suggest this feature.

This answer was reviewed by @Bryan-Square.

Thanks for your answer.

It’s not unreasonable to consider the whole oAuth process as a webhook, assuming it’s hitting the same place you use as the oAuth redirect point.

If the oAuth redirect point is not the site you want to know, you could implement a simple webhook-like push of a JSON packet to the remote site. Probably goes without saying, I’m not at all sure how you’d secure this and you’d need to put some careful thought into that - you don’t want random sites pushing oAuth notifications to your remote/child sites, of course.