Question on Reader SDK Authorization and working with multiple Square accounts

We are developing an internal application that will take payments natively from the Square chip reader via the Read SDK, however I am a little confused around the SDK authorization (you have to download the SDK using a Square application ID and generated repository password) requirements and working with multiple Square accounts.

Background: we currently have eight physical locations (depending on how the coronavirus plays out :S) to service. After we grew to three locations, we moved away from having a single Square account with multiple Square “locations”, to individual Square accounts each with a single Square location. This was due to limitations around inventory management.

My concern at the moment is that, given what I can see of the SDK authorization / installation process, an app that uses the Reader SDK can only service/take payments for Square locations associated with the Square account that was used to authorize the SDk download - presumably the App ID or similar is being embedded in the SDK and used as a check reference.

If this is truly the case, then we will have to publish eight different versions of our app, one for each physical location / Square account, with individualized copies of the Reader SDK.

Somewhat annoying, but not the end of the world - I’m just keen to understand the implications before I get too far down any particular path…

Many thanks!

Shaun Hurley

Hey Shaun,

If these are 8 individual Square accounts you can use our OAuth API which enables you to request specific permissions from Square sellers to manage their resources and get access tokens to call the Square APIs on their behalf.

Also Mobile Authorization API. The Mobile Authorization API accepts an account credential (OAuth token or Personal Access Token) and location ID and returns an authorization code that custom mobile apps can use to initialize Square mobile solutions like Reader SDK to accept payments using Square hardware.

Thanks for getting back to me!

Just to clarify on your second point, so long as I authorize the reader with a call to the Mobile Authorization API using a valid access token and location for a specific account, it (the reader / SDK) should work as expected, even though the SDK itself was was authorized / downloaded from a different account.

Thanks again!