cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
vic18t
‎07-25-2020 03:13 PM

What information is shared with third-party APIs?

[The title of this thread has been edited from the original: Security flaw with Square API?]

 

Hi, I currently have a 3rd party who is using the Square platform API to push orders to my registers from a self-serve kiosk. 

I found that they were able to access my entire sales history simply by being able to push orders to the register, and there is no way to block off their access without killing the order pushes.

 

This means that any 3rd party that pushes orders to a Square account will have access to your entire sales history - Postmates, Doordash, and others.

 

I think this is a serious privacy and security flaw. Getting order history should not be paired with pushing orders! There needs to be a separate permission option for pushing orders and getting orders.

 

Not happy about this and anyone who is using the api for orders need to be aware of this.

Reply
209 Views
Message 1 of 4
Report
3 REPLIES 3
PreOrder_Apps
‎07-25-2020 08:48 PM

Whoa, really? Very good to know. 

GetPreOrder.com, Official Square Partner - Create a $250K custom SuperSite for Square free. https://getpreorder.com/supersites
Reply
0 Kudos
170 Views
Message 2 of 4
Report
Alex_
Alumni
‎07-26-2020 10:14 AM

HI @vic18t,

 

Thank you for posting in the Seller Community.

Happy to provide a bit more insight on this. With Square and any third party integration, all activation and set-up is handled by the API on their side. Whenever Square integrates with a third party website or platform, Square will only see the payment information being processed from the card that was used during the transaction. We do not have any visibility into the actual back-end mechanics of linking the website to our payment system.

I highly recommend contacting the API to discuss what their terms an conditions state to see what you have allowed access to during initial set up.
 

Alex_
Community Moderator, Square // Moderador de la Comunidad, Square
Sign in and click Mark as Best Answer if my reply answers your question.
Inicie seción y haga clic en Marcar como "Mejor Respuesta" si mi respuesta contesta su pregunta.
Reply
0 Kudos
144 Views
Message 3 of 4
Report
vic18t
‎07-26-2020 02:48 PM

In response to Alex_

Hi Alex, I already did contact customer support, who did confirm that posting orders is shared with getting ALL orders, not just the ones transacted with the 3rd party. 

My 3rd party also confirmed this. 

I find it disingenuous that you would change the title of my thread when it is you who are misinformed. 

Reply
0 Kudos
101 Views
Message 4 of 4
Report
Anonymous

Square Community

Square Products

Resources

More

© 2025 Square, Inc.