If you are ready to code and test an OAuth flow in your application, see OAuth Walkthrough: Authorization Using a Test Account.ĭuring development, you might not be ready to add an OAuth flow, but you might want to verify that your application can access a Square account with an OAuth token. On flow completion, an OAuth access token is returned to your application. In-production applications can start the OAuth authentication flowby calling the OAuth API Authorize endpoint. Redact any access tokens in the Authorization: Bearer header before sharing.ĭepending on whether you want an OAuth access token for use by an in-production application or for testing in the Square Sandbox, you have the following considerations: Sharing a personal access token is similar to sharing your account password. Make sure that these examples do not include your personal access token. For example, during debugging you might copy and paste your example cURL code publicly on Stack Overflow or buildwithsquare.slack. You can then prevent accidentally sharing your personal access token with others.īe careful when copy and pasting and when sharing cURL snippets. Instead of using a personal access token to access resources in your account, you might use an OAuth access token, as explained in the next section. One option might be to leverage a secret management system such as Keywhiz. You should consult relevant documentation for specific environments. There are framework-specific considerations (for example, Ruby on Rail uses encrypted credentials) and platform-specific considerations (web and mobile applications) that apply for best practices for storing credentials securely. It is strongly recommended that you do not hardcode your personal access token in your code. When using a personal access token, the following guidelines apply:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |