I created a dummy developer account and also a seller account in sandbox.
Trying to authorize from Postman, but I’m seeing this.
What is meant by “first launch the seller test account from the developer dashboard”?
In the Developer Dashboard you’ll need to click Open on your Default Test account at the bottom of the page. Once the Sandbox Dashboard is open you’ll than be able to OAuth in sandbox. This is only for sandbox. In Production you won’t have to have the Dashboard open. 
Is the account you launching this Dashboard the same account that owns the application you’re using?
Yes. The account that launches the dashboard and the one that owns the application(3rd party app that I’m building) are signed up with same email id
Only the Dashboard of the developers default test account needs to be open in this case.
Ok, I’m finding a pattern here.
Developer has to have the test account open in the web browser (preferably non-incognito mode), and then if the developer use the URL* to get authorized things start working.
*https://squareupsandbox.com/oauth2/authorize?client_id=<yourClientId>&scope=CUSTOMERS_READ&session=false&redirect_uri=http://127.0.0.1:3000/oauth/callback&state=<someRandomString>
For some reason, I can’t get authorized from Postman. I tried both via GET URL which I mentioned above with auth option as No Auth and also tried with OAuth2. Am I missing something?
The only way I’ve been able to replicate a Not Authorized error is when something isn’t configured correctly. Do you have you sandbox client_secret and client_id correctly configured?
Hi Bryan,
When you say configured correctly you mean in Square developer dashboard or in Postman API?
Is clientID same as Sandbox Application ID and clientSecret same as Sandbox Application secret?
Configuration in Postman. For example this is what I used:
{
"client_id": "{{sandbox_client_id}}}}",
"client_secret": "{{sandbox_application_secret}}",
"code": "sandbox-sq0cgb-V1uI3DNs2MfGJecBrqb5Ew",
"grant_type": "authorization_code"
}
Also I tested the URL you provided but striped it down a bit to
https://squareupsandbox.com/oauth2/authorize?client_id={{sandbox_client_id}}
&scope=CUSTOMERS_READ&session=false
I all worked as expected.
So where does this go, in the body of GET request in Postman or headers??
It’s to POST request of the ObtainToken call after the Authorize call.
Aah. Ok. But how to get authorized(not obtaining token) via Postman ?
It’s not possible to Authorize with Postman. You’ll need to use the Authorization link in your browser. The callback you have configured in your Developer Dashboard will have the code in the URL which is then used to call ObtainToken which you can use Postman for.
1 Like
Got it. Thanks a lot. THings are clear now. Any reason why authorization won’t be possible via Postman?
Thank you very much.
There’s a few reasons it won’t work. First in sandbox it’s looking for the sandbox Dashboard to be open which it can’t detect within Postman. Second if your using a separate test account it’ll take you to our page where you authorize the app with all the permissions which also isn’t possible in Postman.
Got it. The screen you mentioned in second reason points to
correct?
Although this forum and Slack is super helpful, It would be great if it is mentioned in docs that authorize can happen only via browser. I lost couple of hours on that 
Thanks a lot for all your help 
Yep that’s it! I’ll definitely pass that along to the team.
Thanks, to providing this correct answer.