Where do I put the production access token?

Hello, I’m stuck. I followed the quickstart project template steps inside my Sandbox, using the “web-payments-quickstart-main” files. https://developer.squareup.com/docs/web-payments/take-card-payment That worked fine. Now I am working on the production files. Step 4:
Configure your backend server to use a production access token.
This instruction is very vague.
I created a .dev.production file defining SQUARE_ACCESS_TOKEN with my production access token. I uploaded it to the root folder of my website at GoDaddy (outside of public_html). When I do a $1 test payment on my payment page a Payment failed is returned. The only error message shown in the console is “JSON.parse: unexpected character at line 1 column 1 of the JSON data”, returned from square.js.
What could be going on? This is very opaque to me. I wonder if the SQUARE_ACCESS_TOKEN needs to be somewhere else, but I am just guessing.
I appreciate any help!

The JSON error seems to imply whatever JSON is attempted to be parsed is just invalid, but I’m not sure what specific line this is failing at without further information. Do you know what line of code is failing to be parsed?

Did it work in production on localhost, or was that not tested?

Thanks, Stephen.

The error happens in the function block async function handlePaymentMethodSubmission(event, paymentMethod) of the square.js sample file.

I had not tried to test production mode on localhost (my iMac). I did just now and I got a 400 Bad Request response. It was on the following line of code:

/square.cjs.development.js:16687:15

Before, I was actually porting the sample code to my website when I got stuck.

I am still wondering about the access token. I saw somewhere else in the documentation a warning NOT to upload the .env file.

What’s your Square application id? I should be able to look up that 400 bad request error.

As for the access token: the .env file is an example of how you can do it. Realistically, you can put it anywhere you choose, it should just be in a secure location (for example, you could store it in a database that only you have access to, and retrieve it when you need it). The warning about uploading means do not upload the file to public repositories (like GitHub) as anyone would be able to see your access token.

My Square application id is sq0idp-uCEi65nGfxqyctwVkrLpsQ
The 400 Bad Request error happens only when I use the production id’s in localhost.

OK, now the access token makes a bit more sense.

Do you know what endpoint you’re hitting when this 400 bad request happens? I’m not seeing this error in our logs for that particular application id. I see several successful nonce creations, but that’s about it (no payment attempts).

Can you print out the entire error details to see what’s going wrong? We should be providing a detailed message with the error if it’s coming from Square.

Here is what the console shows:

[Error] Failed to load resource: the server responded with a status of 400 (Bad Request) (payment, line 0)

Error: Response status code was not ok: 400.
at /Volumes/Docs/Jobs/hamilton/square/web-payments-quickstart-main/node_modules/square/dist/square.cjs.development.js:16687:15
at _callee$ (/Volumes/Docs/Jobs/hamilton/square/web-payments-quickstart-main/node_modules/square/dist/square.cjs.development.js:16290:66)
at tryCatch (/Volumes/Docs/Jobs/hamilton/square/web-payments-quickstart-main/node_modules/square/dist/square.cjs.development.js:276:40)
at Generator.invoke [as _invoke] (/Volumes/Docs/Jobs/hamilton/square/web-payments-quickstart-main/node_modules/square/dist/square.cjs.development.js:506:22)
at Generator.next (/Volumes/Docs/Jobs/hamilton/square/web-payments-quickstart-main/node_modules/square/dist/square.cjs.development.js:331:21)
at asyncGeneratorStep (/Volumes/Docs/Jobs/hamilton/square/web-payments-quickstart-main/node_modules/square/dist/square.cjs.development.js:17:24)
at _next (/Volumes/Docs/Jobs/hamilton/square/web-payments-quickstart-main/node_modules/square/dist/square.cjs.development.js:39:9)
at processTicksAndRejections (node:internal/process/task_queues:96:5)