https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/158108#M97689 <P>I went ahead and passed this feature request along to our API team <a href="https://community.squareup.com/t5/user/viewprofilepage/user-id/256899">@prgmr</a>. Thanks again for sharing your thoughts here.</P> Sun, 22 Mar 2020 16:18:09 GMT nika 2020-03-22T16:18:09Z https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/156571#M97685 <P>We would like to proactively limit our API access to the information needed to create a transaction in our own billing system.</P> <P>&nbsp;</P> <P>We really don't want card_details to be accessible to the API, nor do we want it sent in the webhook notifications. We also don't see a need to have access to customer information with the exception of their email address.</P> <P>&nbsp;</P> <P>Is there any possibility of square adding finer grains permissions for application access? It doesn't help us if those permissions are part of the request - it needs to be set by a policy.</P> Fri, 13 Mar 2020 18:03:49 GMT https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/156571#M97685 prgmr 2020-03-13T18:03:49Z https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/156971#M97686 <P><a href="https://community.squareup.com/t5/user/viewprofilepage/user-id/256899">@prgmr</a> Glad to see your first post in the Community!!!&nbsp;</P> <P>&nbsp;</P> <P>I just double checked for an answer to your question, and I'm afraid the restrictions you're looking to set is not possible. You can limit what OAuth permissions an application has, but it will only affect what API endpoints you can call, not the information you receive.&nbsp;</P> <P><BR /> If you're interested in checking out&nbsp;our OAuth permissions page, <A href="https://developer.squareup.com/docs/oauth-api/square-permissions" target="_blank">click here</A>.&nbsp;&nbsp;</P> Mon, 16 Mar 2020 22:06:47 GMT https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/156971#M97686 JustinC 2020-03-16T22:06:47Z https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/157872#M97687 <P>OK. Then how do we officially make a feature request?</P> Sat, 21 Mar 2020 01:34:58 GMT https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/157872#M97687 prgmr 2020-03-21T01:34:58Z https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/157874#M97688 <P>We want this as part of defense in depth - if we're going to be offloading our credit card processing to square anyway, it makes sense to limit our own access to what we actually need to operate.</P> <P>&nbsp;</P> <P>We'd actually appreciate the same limits on the UI as well, but that is much less likely to happen.</P> Sat, 21 Mar 2020 01:39:42 GMT https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/157874#M97688 prgmr 2020-03-21T01:39:42Z https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/158108#M97689 <P>I went ahead and passed this feature request along to our API team <a href="https://community.squareup.com/t5/user/viewprofilepage/user-id/256899">@prgmr</a>. Thanks again for sharing your thoughts here.</P> Sun, 22 Mar 2020 16:18:09 GMT https://community.squareup.com/t5/Archived-Discussions-Read-Only/Finer-grained-permissions-for-API-access/m-p/158108#M97689 nika 2020-03-22T16:18:09Z