I can’t seem to find any documentation that lists the OAuth Permission scopes for the Webhooks Subscription API.
Also, the Ruby SDK does not include any documentation on the Webhooks Subscription API, although I did find the code in the SDK.
I can’t seem to find any documentation that lists the OAuth Permission scopes for the Webhooks Subscription API.
Also, the Ruby SDK does not include any documentation on the Webhooks Subscription API, although I did find the code in the SDK.
Ok, so when I try to create a Webhook Subscription, I get the message -
AUTHENTICATION_ERROR - The merchant has not given your application sufficient permissions to do that. The merchant must authorize your application for the following scopes: DEVELOPER_APPLICATION_WEBHOOKS_WRITE (RuntimeError)
Ok. Fine. Let’s add that to the list of scopes that we need for OAuth and disconnect and reauthorize.
Guess what? There’s no prompt for the Webhooks permission, and I still can’t use the API.
Is this API available for use??? If so, how do I actually manage to use it?
BTW. I noticed that there are VENDOR_READ and VENDOR_WRITE scopes, but I hadn’t added them to my authorization list. However, it looks like you don’t even check that this permission has been granted because I’ve been able to read and write using the Vendor API without a problem.
Looks like you might have a bit of a security exposure there!
Hey @spiffybrian!
Thanks for checking out the new API!
A couple of things:
A quick update – but looking at the Ruby SDK on github, I do see the docs; though we are missing from the front README, we’ll get that updated.
https://github.com/square/square-ruby-sdk/blob/master/doc/api/webhook-subscriptions.md is a direct link to the documentation
Thanks for bringing this to our attention. I’m looking into the scope issue.
Hi Bryan, I am also trying to implement a use case where adding / removing webhooks for our customers using oauth integration inside our application.
Is there any update when Its possible to request for DEVELOPER_APPLICATION_WEBHOOKS_WRITE
scope using oauth.
Thank you,
Mohammad.
With the Webhooks Subscriptions endpoints you only call it with your personal access token. It’s not used with OAuth access tokens.
Hi Bryan,
Thank you for the fast reply. Is this feature in Square roadmap?
No plan to support it cause there’s no need for it. Your app is where the subscription is managed. This is why only your personal access token can make changes to it. The subscriptions that are configured in your application with work with all OAuth’d accounts