Square · OAuth Scopes
Square OAuth Scopes
OAuth 2.0
derived
Square publishes 58 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Square API on a user’s behalf.
Tokens are issued from https://connect.squareup.com/oauth2/token.
This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.
RestaurantBookingsCatalogCheckoutCustomersDisputesEcommerceFinancial TechnologyGift CardsInventoryInvoicingLaborLocationsLoyaltyMerchantsOrdersPaymentsPoint of SaleRefundsRetailSubscriptionsTeamTerminalWebhooks
Scopes: 58
Flows: authorizationCode
Method: derived
OAuth endpoints
Authorization URL
https://connect.squareup.com/oauth2/authorize
https://connect.squareup.com/oauth2/authorize
Token URL
https://connect.squareup.com/oauth2/token
https://connect.squareup.com/oauth2/token
Flows
authorizationCode
authorizationCode
Scopes (58)
| Scope | Description | Flows |
|---|---|---|
| ADDON_CONFIGURATIONS_READ | __HTTP Method__: `GET` Grants write access for third-party Add-ons to read configurations of their Add-ons, for example, when calling `RetrieveConfiguration` endpoint. | authorizationCode |
| ADDON_CONFIGURATIONS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access for third-party Add-ons to store configurations of their Add-ons, for example, when calling `CreateConfiguration` endpoint. | authorizationCode |
| APPOINTMENTS_ALL_READ | __HTTP Method__: `GET`, `POST` Grants read access to all of a seller's booking information, calendar, and business details. This permission must be accompanied by the `APPOINTMENTS_READ` permission. | authorizationCode |
| APPOINTMENTS_ALL_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to all booking details, including double-booking a seller. This permission must be accompanied by the `APPOINTMENTS_WRITE` permission. | authorizationCode |
| APPOINTMENTS_BUSINESS_SETTINGS_READ | __HTTP Method__: `GET` Grants read access to booking business settings. For example, to call the ListTeamMemberBookingProfiles endpoint. | authorizationCode |
| APPOINTMENTS_READ | __HTTP Method__: `GET`, `POST` Grants read access to booking information. For example, to call the RetrieveBooking endpoint. | authorizationCode |
| APPOINTMENTS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to booking information. For example, to call the CreateBooking endpoint. | authorizationCode |
| BANK_ACCOUNTS_READ | __HTTP Method__: `GET` Grants read access to bank account information associated with the targeted Square account. For example, to call the Connect v1 ListBankAccounts endpoint. | authorizationCode |
| CASH_DRAWER_READ | __HTTP Method__: `GET` Grants read access to cash drawer shift information. For example, to call the ListCashDrawerShifts endpoint. | authorizationCode |
| CHANNELS_CREATE | __HTTP Method__: `POST` Grants write access to create channels, for example, when calling the `CreateChannel` endpoint. | authorizationCode |
| CHANNELS_READ | __HTTP Method__: `GET` Grants read access to view channels, for example, when calling the `RetrieveChannel` endpoint. | authorizationCode |
| CHANNELS_UPDATE | __HTTP Method__: `PUT` Grants write access to update channels, for example, when calling the `UpdateChannel` endpoint. | authorizationCode |
| CUSTOMERS_READ | __HTTP Method__: `GET` Grants read access to customer information. For example, to call the ListCustomers endpoint. | authorizationCode |
| CUSTOMERS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to customer information. For example, to create and update customer profiles. | authorizationCode |
| DEVICES_READ | __HTTP Method__: `GET` Grants read access to device information. For example, to call the `GetDevice` and `ListDevices` endpoints. | authorizationCode |
| DEVICE_CREDENTIAL_MANAGEMENT | __HTTP Method__: `POST`, `GET` Grants read/write access to device credentials information. For example, to call the CreateDeviceCode endpoint. | authorizationCode |
| DISPUTES_READ | __HTTP Method__: `GET` Grants read access to dispute information. For example, to call the RetrieveDispute endpoint. | authorizationCode |
| DISPUTES_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to dispute information. For example, to call the SubmitEvidence endpoint. | authorizationCode |
| EMPLOYEES_READ | __HTTP Method__: `GET` Grants read access to employee profile information. For example, to call the Connect v1 Employees API. | authorizationCode |
| EMPLOYEES_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to employee profile information. For example, to create and modify employee profiles. | authorizationCode |
| GIFTCARDS_READ | __HTTP Method__: `GET`, `POST` Grants read access to gift card information. For example, to call the RetrieveGiftCard endpoint. | authorizationCode |
| GIFTCARDS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to gift card information. For example, to call the CreateGiftCard endpoint. | authorizationCode |
| INVENTORY_READ | __HTTP Method__: `GET` Grants read access to inventory information. For example, to call the RetrieveInventoryCount endpoint. | authorizationCode |
| INVENTORY_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to inventory information. For example, to call the BatchChangeInventory endpoint. | authorizationCode |
| INVOICES_READ | __HTTP Method__: `GET`, `POST` Grants read access to invoice information. For example, to call the ListInvoices endpoint. | authorizationCode |
| INVOICES_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to invoice information. For example, to call the CreateInvoice endpoint. | authorizationCode |
| ITEMS_READ | __HTTP Method__: `GET` Grants read access to product catalog information. For example, to obtain objects in a product catalog. | authorizationCode |
| ITEMS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to product catalog information. For example, to modify or add to a product catalog. | authorizationCode |
| LOYALTY_READ | __HTTP Method__: `GET` Grants read access to loyalty information. For example, to call the ListLoyaltyPrograms endpoint. | authorizationCode |
| LOYALTY_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to loyalty information. For example, to call the CreateLoyaltyAccount endpoint. | authorizationCode |
| MERCHANT_PROFILE_READ | __HTTP Method__: `GET` Grants read access to business and location information. For example, to obtain a location ID for subsequent activity. | authorizationCode |
| MERCHANT_PROFILE_WRITE | __HTTP Method__: `POST`, `PUT` Grants write access to business and location information. For example, to create a new location or update the business hours at an existing location. | authorizationCode |
| ONLINE_STORE_SITE_READ | __HTTP Method__: `GET`, `POST` Read access to ECOM online store site details. | authorizationCode |
| ONLINE_STORE_SNIPPETS_READ | __HTTP Method__: `GET`, `POST` Read access to ECOM online store snippets on published websites. | authorizationCode |
| ONLINE_STORE_SNIPPETS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Write access to ECOM online store snippets on published websites. | authorizationCode |
| ORDERS_READ | __HTTP Method__: `GET` Grants read access to order information. For example, to call the BatchRetrieveOrders endpoint. | authorizationCode |
| ORDERS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to order information. For example, to call the CreateCheckout endpoint. | authorizationCode |
| PAYMENTS_READ | __HTTP Method__: `GET` Grants read access to transaction and refund information. For example, to call the RetrieveTransaction endpoint. | authorizationCode |
| PAYMENTS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to transaction and refunds information. For example, to process payments with the Payments or Checkout API. | authorizationCode |
| PAYMENTS_WRITE_ADDITIONAL_RECIPIENTS | __HTTP Method__: `POST`, `PUT`, `DELETE` Allow third party applications to deduct a portion of each transaction amount. __Required__ to use multiparty transaction functionality with the Payments API. | authorizationCode |
| PAYMENTS_WRITE_IN_PERSON | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to payments and refunds information. For example, to process in-person payments. | authorizationCode |
| PAYMENTS_WRITE_SHARED_ONFILE | __HTTP Method__: `POST`, `PUT`, `DELETE` Allows the developer to process payments on behalf of a seller using a shared on file payment method. | authorizationCode |
| PAYMENT_METHODS_READ | ||
| PAYOUTS_READ | __HTTP Method__: `GET` Grants read access to payouts and payout entries information. For example, to call the Connect v2 `ListPayouts` endpoint. | authorizationCode |
| PERMISSION_SETS_READ | __HTTP Method__: `GET` Grants read access to Permission Sets. For example, to call the `ListPermissionSets` and `RetrievePermissionSet` endpoints. | authorizationCode |
| PERMISSION_SETS_WRITE | __HTTP Method__: `PUT` Grants write access to Permission Sets. | authorizationCode |
| RESERVATIONS_READ | __HTTP Method__: `GET` Grants read access to reservation information, for example, when calling the `RetrieveReservation` endpoint. | authorizationCode |
| RESERVATIONS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to reservation information, for example, when calling the `CreateReservation` endpoint. | authorizationCode |
| RESTAURANT_CHECKS_READ | __HTTP Method__: `GET` Grants read access to check information, for example, when calling the `RetrieveCheck` endpoint. | authorizationCode |
| SETTLEMENTS_READ | __HTTP Method__: `GET` Grants read access to settlement (deposit) information. For example, to call the Connect v1 ListSettlements endpoint. | authorizationCode |
| SUBSCRIPTIONS_READ | __HTTP Method__: `GET`, `POST` Grants read access to subscription information. For example, to call the RetrieveSubscription endpoint. | authorizationCode |
| SUBSCRIPTIONS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to subscription information. For example, to call the CreateSubscription endpoint. | authorizationCode |
| TIMECARDS_READ | __HTTP Method__: `GET` Grants read access to employee timecard information. For example, to call the Connect v2 SearchShifts endpoint. | authorizationCode |
| TIMECARDS_SETTINGS_READ | __HTTP Method__: `GET` Grants read access to employee timecard settings information. For example, to call the GetBreakType endpoint. | authorizationCode |
| TIMECARDS_SETTINGS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to employee timecard settings information. For example, to call the UpdateBreakType endpoint. | authorizationCode |
| TIMECARDS_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to employee shift information. For example, to create and modify employee shifts. | authorizationCode |
| VENDOR_READ | __HTTP Method__: `GET`, `POST` Grants read access to vendor information, for example, when calling the `RetrieveVendor` endpoint. | authorizationCode |
| VENDOR_WRITE | __HTTP Method__: `POST`, `PUT`, `DELETE` Grants write access to vendor information, for example, when calling the `BulkUpdateVendors` endpoint. | authorizationCode |