Hello!
I am trying to create new team members in Square using Zapier. I have selected the new API Request (Beta) event in Zapier and setup a connection to my Square account. This seems to work for other GET requests, but when I try to POST to the /v2/team-members endpoint, I get the below error message.
{
“category”: “AUTHENTICATION_ERROR”,
“code”: “INSUFFICIENT_SCOPES”,
“detail”: “The merchant has not given your application sufficient permissions to do that. The merchant must authorize your application for the following scopes: EMPLOYEES_WRITE”
}
It doesn’t seem like Zapier allows you to pick a specific API application or specify scopes during authentication. Any idea how to fix this?
I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:
Additional Documentation
OAuth Permissions Reference
Square Developer
Migrate to the Square API OAuth Flow
If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.
The error message you’re seeing indicates that the access token you’re using doesn’t have the necessary permissions to create team members. The “INSUFFICIENT_SCOPES” error is returned when the access token used in the API request doesn’t have the required permissions for the endpoint being called.
In this case, the endpoint you’re trying to access requires the “EMPLOYEES_WRITE” permission. This means you need to ensure that the access token you’re using has been granted this permission.
However, it’s important to note that team member permissions cannot be assigned via a Square API. They must be set in the Team application in the Seller Dashboard. Also, team members cannot be created in the Sandbox Seller Dashboard.
If you’re using OAuth, you’ll need to include the “EMPLOYEES_WRITE” scope in your authorization request to get an access token with the necessary permissions. If the seller has already authorized your application, they’ll need to re-authorize it with the additional scope.
If you’re not using OAuth and are using your personal access token, you’ll need to make sure your account has the necessary permissions. If your account doesn’t have these permissions, you’ll need to update your account settings or use a different account.
This answer was reviewed by @Bryan-Square.
I am creating the Zapier connection using my owner Square Credentials. This account should have sufficient scoping for all actions. The Zapier connection does not allow for specification of scopes.
Is this with the Supported Square Zapier integration? If so have you reached out to them about this? All API calls which include setting the Header access token for each call is managed by them. The access token that they pass to us needs to have the correct scopes. 
Makes sense! Yes it is the supported integration. I will open a Zapier ticket.
Hi Bryan!
Following on this. I opened a Zapier ticket and they are not able to specify scopes in the header, but I’m not sure that they should.
The scope should be set by the application in Square. My applications have the employee_write scope enabled, so I would think that when Zapier makes the connection to Square, that the access token that is created would reference the application with that scope set.
Let me know if I am off track on this.
Is this the Zapier integration your using?
I also tried a different call today and got the below error. Same issue but different scope. If I look at my application though, all scopes are defined.
Response Body
{
“errors”: [
{
“category”: “AUTHENTICATION_ERROR”,
“code”: “INSUFFICIENT_SCOPES”,
“detail”: “The merchant has not given your application sufficient permissions to do that. The merchant must authorize your application for the following scopes: CASH_DRAWER_READ”
}
]
}
data
errors
1
Response Data Errors Category
AUTHENTICATION_ERROR
Response Data Errors Code
INSUFFICIENT_SCOPES
Response Data Errors Detail
The merchant has not given your application sufficient permissions to do that. The merchant must authorize your application for the following scopes: CASH_DRAWER_READ
Okay, since this is the Zapier integration they provide you with the link for authorization. That link includes scopes for the integration. Zapier will need to add the additional scopes to the authorization and you’ll need to re-authorize the integration.
Perfect! You got it.
For anyone else facing this issue, if you reconnect the Zapier integration, Zapier will display a popup window with a Square login. In the URL, you can copy it and add the additional scopes required for the integration.
ex. scope string provided in the url
%2BCUSTOMERS_WRITE%2BITEMS_READ%2BITEMS_WRITE%2BORDERS_READ
In this case if I add %2BEMPLOYEES_WRITE%2BCASH_DRAWER_READ to the end of the scope string and log in, this now works as expected. (FYI - %2B is special character encoding for ‘+’)
Also, there is a “state” param at the end of the URL. This updates each time you reconnect, so you have to make sure this matches as well to get it working!
Thanks,
Kaleb
