What kind of authorization should I be using for postman with my sandbox app. for example: No auth, api key, bearer token etc
I typically just pass “Authorization” as an additional header, with the value “Bearer {{access_token}}”. This may be the same as “Bearer Token” choice you mentioned, not honestly sure about that.
On the topic of Postman, though, note that we do have a Postman collection here: https://developer.squareup.com/docs/testing/postman.