I am trying to access the POST /v2/bookings/custom-attribute-definitions - Square API Reference and POST /v2/bookings/custom-attributes/bulk-delete - Square API Reference these endpoints and it seems they require APPOINTMENTS_WRITE as an additional scope, despite passing this as a scope I am facing the exception for 403: forbidden- does not have sufficient permission.
When getting permissions are you getting seller level permissions or buyer level permissions? Seller-level permissions grant an application full visibility into a seller’s calendar and they enable full control of the seller’s bookings. A seller must have a subscription to Appointments Plus or Premium to use this feature.
Buyer-level permissions grant partial visibility into a seller’s calendar, limited to bookings created by the calling application. Buyer-level permissions enable limited control of bookings for buyers only. All sellers have access to this feature.
With seller-level permissions, your application can do the following:
- Access and view every booking of a seller - For example, calling ListBookings can return every booking in the seller’s calendar.
- Generate bookings webhooks - Every change to a booking is sent to webhooks, as a booking.created or booking.updated event.
- Create double bookings - Allows service of different customers at the same time or location. It can also create off-hour bookings outside the seller’s regular business hours.
With buyer-level permissions, your application can do the following:
- Access and view bookings that it created - Calling
ListBookingsreturns bookings created by the application only.- An application must create a booking to get event notifications about changes to a booking. This applies if the booking was created using the API or if an API-created booking is updated using the API, the Square Dashboard, or the seller’s booking site.
- An application cannot create double bookings for the user or create a booking outside the seller’s regular business hours.
