Integrating Square with Lovable requires Edge Functions to proxy the Square Payments API, since Square has no native Lovable connector. Store your Square Access Token and Application ID in Cloud Secrets, create Edge Functions for payment processing and order management, and embed the Square Web Payments SDK on the frontend for the card form. The same credentials power both in-person POS context and online payments, making Square ideal for businesses with both retail and web channels.
Why integrate Square with Lovable?
Square is the go-to payment platform for businesses that operate both physically and online. If you run a café, retail store, or service business with a Square POS terminal and want to extend to a web app — for online ordering, appointment booking, or gift cards — Square's unified API means the same products, inventory counts, and customer records stay in sync across both channels automatically. This is Square's key differentiator from Stripe or PayPal: you get a single source of truth for your business data regardless of where a sale happens.
For Lovable developers, Square integration works through a clean pattern: the Square Web Payments SDK runs in the browser to collect and tokenize card details, and your Edge Function handles the actual charge server-side using the Square Payments API. This keeps payment card data off your servers entirely — Square handles PCI compliance, and your app only ever sees a short-lived payment nonce that can be used once within 24 hours.
Square also provides a Sandbox environment with test card numbers, simulated POS terminals, and a complete copy of their production API for safe development. The Square Sandbox is accessible immediately after creating a Square Developer account — no approval process is needed, unlike some competitors. This makes it fast to build and test a complete payment flow before handling real money.
Integration method
Square has no native Lovable connector. All Square API calls — payment processing, order creation, catalog sync, and webhook handling — run through Supabase Edge Functions on Deno. The Square Web Payments SDK loads on the frontend to tokenize card details into a nonce, which your Edge Function then uses to create a payment. Credentials are stored in Cloud Secrets and never exposed to client-side code.
Prerequisites
- A Lovable project with Cloud enabled
- A Square Developer account — sign up free at developer.squareup.com
- A Square Developer application created in the Square Developer Dashboard
- Your Sandbox Access Token and Application ID from the Square Developer Dashboard
- A Square business account (free) if you want to sync with existing catalog or POS data
Step-by-step guide
Create a Square Developer application and get credentials
Create a Square Developer application and get credentials
Go to developer.squareup.com and sign in with your Square account (or create a free account). In the top navigation, click 'Applications', then click 'Create Your First Application' or the '+' button. Give your application a name like 'My Lovable App' and click 'Save'. You'll land on the application detail page. In the left sidebar, click 'Credentials'. You'll see two sets of credentials: Sandbox (for development) and Production (for live payments). Start with Sandbox. Copy the Sandbox Access Token — it's a long string starting with EAAAlx... or similar. Also copy the Sandbox Application ID, which starts with 'sandbox-sq0idb-...'. Also note the Sandbox Location ID shown on the Credentials page — Square requires a location_id for creating payments and orders, representing which Square business location the transaction belongs to. Copy the Sandbox Location ID as well. Optionally, click 'Webhook Subscriptions' in the left sidebar and note this section — you'll return here in Step 4 to register your webhook endpoint URL. Square webhooks require an HTTPS URL, which your deployed Lovable project URL provides.
Pro tip: Square's Sandbox includes test card numbers for different payment scenarios. The main test Visa is 4111 1111 1111 1111, CVV 111, any future expiry date. Use these in the Square Web Payments SDK form during development.
Expected result: You have the Square Sandbox Access Token, Sandbox Application ID, and Sandbox Location ID copied from the Square Developer Dashboard.
Store Square credentials in Lovable Cloud Secrets
Store Square credentials in Lovable Cloud Secrets
Open your Lovable project. Click the '+' button in the top-right area to open the panels, then select 'Cloud'. In the Cloud panel, expand the 'Secrets' section. You'll add three secrets for the Square integration. Add SQUARE_ACCESS_TOKEN with your Sandbox Access Token value. This is the credential your Edge Function will use to authenticate all Square API calls — it should never appear in any frontend code. Add SQUARE_LOCATION_ID with your Sandbox Location ID value. Square requires a location ID for payment and order operations to associate transactions with a specific business location. Add SQUARE_ENVIRONMENT with value 'sandbox' — the Square API has separate base URLs for sandbox (https://connect.squareupsandbox.com) and production (https://connect.squareup.com), and reading this from a secret lets you switch environments without code changes. For the frontend, you'll also need the Application ID — but this is a publishable identifier safe for client-side use (similar to Stripe's publishable key). Add it as VITE_SQUARE_APP_ID with your Sandbox Application ID value. The VITE_ prefix means Lovable includes it in the frontend build as an environment variable accessible via import.meta.env.VITE_SQUARE_APP_ID. Lovable's security system blocks approximately 1,200 hardcoded API keys daily from being committed to code. Using Cloud Secrets ensures your Square Access Token stays server-side and protected from accidental exposure.
Pro tip: When switching to Production, update SQUARE_ACCESS_TOKEN with your Production Access Token, SQUARE_LOCATION_ID with a real location ID, SQUARE_ENVIRONMENT with 'production', and VITE_SQUARE_APP_ID with the production Application ID. All four changes are required.
Expected result: SQUARE_ACCESS_TOKEN, SQUARE_LOCATION_ID, SQUARE_ENVIRONMENT, and VITE_SQUARE_APP_ID appear in your Cloud configuration. No Square credentials appear in the source code.
Create the Square payments Edge Function
Create the Square payments Edge Function
Create the core backend function that processes Square payments. The payment flow works differently from Stripe's server-side charge: Square's Web Payments SDK runs in the browser, tokenizes the card details into a short-lived nonce (called a source_id), and sends that nonce to your Edge Function. The Edge Function then calls Square's Payments API with the nonce, amount, and location_id to create the actual charge. The Edge Function must handle the payment creation and return either a success response with the payment details or a structured error. Square returns detailed error codes when payments fail (for example, INSUFFICIENT_FUNDS, INVALID_CARD, EXPIRATION_FAILURE) that you can surface to users with helpful messages. For order management, Square has a two-step approach: you can create a lightweight payment directly (simpler, covered here), or create a full Order first and then attach the payment to it (more powerful for multi-item purchases with tax, discounts, and catalog integration). This tutorial implements the direct payment approach, which is suitable for single-product or fixed-amount checkouts.
Create a Supabase Edge Function at supabase/functions/square-payment/index.ts. It should read SQUARE_ACCESS_TOKEN, SQUARE_LOCATION_ID, and SQUARE_ENVIRONMENT from Deno.env to set the Square API base URL. Accept a POST body with: source_id (the nonce from Square Web Payments SDK), amount_cents (integer, e.g. 4900 for $49.00), currency (default 'USD'), and idempotency_key (UUID string). Call the Square Payments API POST /v2/payments with these fields. On success return the payment id, status, and receipt_url. On failure return the Square error details. Add CORS headers for the frontend.
Paste this in Lovable chat
1// supabase/functions/square-payment/index.ts2import { serve } from "https://deno.land/std@0.168.0/http/server.ts";34const IS_SANDBOX = Deno.env.get("SQUARE_ENVIRONMENT") !== "production";5const SQUARE_BASE = IS_SANDBOX6 ? "https://connect.squareupsandbox.com"7 : "https://connect.squareup.com";8const ACCESS_TOKEN = Deno.env.get("SQUARE_ACCESS_TOKEN") ?? "";9const LOCATION_ID = Deno.env.get("SQUARE_LOCATION_ID") ?? "";1011const corsHeaders = {12 "Access-Control-Allow-Origin": "*",13 "Access-Control-Allow-Methods": "POST, OPTIONS",14 "Access-Control-Allow-Headers": "Content-Type, Authorization",15};1617serve(async (req) => {18 if (req.method === "OPTIONS") return new Response(null, { headers: corsHeaders });1920 try {21 const { source_id, amount_cents, currency = "USD", idempotency_key } = await req.json();2223 const res = await fetch(`${SQUARE_BASE}/v2/payments`, {24 method: "POST",25 headers: {26 Authorization: `Bearer ${ACCESS_TOKEN}`,27 "Content-Type": "application/json",28 "Square-Version": "2024-02-22",29 },30 body: JSON.stringify({31 source_id,32 idempotency_key,33 amount_money: { amount: amount_cents, currency },34 location_id: LOCATION_ID,35 }),36 });3738 const data = await res.json();39 if (data.errors) {40 return new Response(JSON.stringify({ errors: data.errors }), {41 status: 400,42 headers: { ...corsHeaders, "Content-Type": "application/json" },43 });44 }4546 const payment = data.payment;47 return new Response(48 JSON.stringify({ id: payment.id, status: payment.status, receipt_url: payment.receipt_url }),49 { headers: { ...corsHeaders, "Content-Type": "application/json" } }50 );51 } catch (err) {52 return new Response(JSON.stringify({ error: err.message }), {53 status: 500,54 headers: { ...corsHeaders, "Content-Type": "application/json" },55 });56 }57});Pro tip: Always pass an idempotency_key (a UUID generated client-side before the payment attempt) to the Square Payments API. If the network drops during a payment, you can safely retry with the same key and Square will return the original payment result rather than creating a duplicate charge.
Expected result: The square-payment Edge Function is deployed and visible in Cloud → Edge Functions. Sending a test request with a Sandbox nonce returns a successful payment response.
Embed the Square Web Payments SDK in your frontend
Embed the Square Web Payments SDK in your frontend
Square's Web Payments SDK renders a secure card input form inside an iframe hosted by Square. This keeps raw card numbers completely off your servers — the SDK tokenizes the card data client-side and gives you a short-lived nonce (source_id) to pass to your Edge Function. To use the SDK in a Lovable React component, you load the Square SDK script dynamically, initialize it with your Application ID and location ID, and call the SDK's card.tokenize() method when the customer submits the form. The tokenize call returns a source_id that you immediately send to your square-payment Edge Function. The frontend never sees the raw card number — only the nonce. Ask Lovable to create a SquarePaymentForm component. The component should load the SDK from the Square CDN, render the card container div that Square's SDK fills with its iframe, and handle the payment submission flow. Use a UUID library or crypto.randomUUID() to generate an idempotency_key before each payment attempt. For multi-item checkouts, build a cart data structure client-side and include the total amount as amount_cents in the Edge Function call. The Edge Function calculates and validates the total server-side before charging — never trust a client-supplied amount for the actual payment amount.
Add a Square payment form to the /checkout page. Load the Square Web Payments SDK from https://sandbox.web.squarecdn.com/v1/square.js (use production URL https://web.squarecdn.com/v1/square.js when VITE_SQUARE_ENVIRONMENT is 'production'). Initialize Square Payments with VITE_SQUARE_APP_ID and VITE_SQUARE_LOCATION_ID. Render the card container. On form submit: tokenize the card with card.tokenize(), generate a UUID idempotency_key with crypto.randomUUID(), call the square-payment Edge Function with source_id, amount_cents (4900 for $49.00), and idempotency_key. Show success with receipt_url or display Square's error details if payment fails.
Paste this in Lovable chat
1// src/components/SquarePaymentForm.tsx2import { useEffect, useRef, useState } from "react";3import { Button } from "@/components/ui/button";4import { supabase } from "@/integrations/supabase/client";56declare global { interface Window { Square: any; } }78interface SquarePaymentFormProps {9 amountCents: number;10 onSuccess?: (receiptUrl: string) => void;11}1213export function SquarePaymentForm({ amountCents, onSuccess }: SquarePaymentFormProps) {14 const cardRef = useRef<HTMLDivElement>(null);15 const cardInstance = useRef<any>(null);16 const [loading, setLoading] = useState(false);17 const [error, setError] = useState("");1819 const appId = import.meta.env.VITE_SQUARE_APP_ID;20 const locationId = import.meta.env.VITE_SQUARE_LOCATION_ID;21 const isSandbox = import.meta.env.VITE_SQUARE_ENVIRONMENT !== "production";2223 useEffect(() => {24 const script = document.createElement("script");25 script.src = isSandbox26 ? "https://sandbox.web.squarecdn.com/v1/square.js"27 : "https://web.squarecdn.com/v1/square.js";28 script.async = true;29 script.onload = async () => {30 const payments = window.Square.payments(appId, locationId);31 const card = await payments.card();32 if (cardRef.current) {33 await card.attach(cardRef.current);34 cardInstance.current = card;35 }36 };37 document.head.appendChild(script);38 return () => { document.head.removeChild(script); };39 }, [appId, locationId, isSandbox]);4041 const handlePay = async () => {42 if (!cardInstance.current) return;43 setLoading(true);44 setError("");45 try {46 const result = await cardInstance.current.tokenize();47 if (result.status !== "OK") {48 setError(result.errors?.map((e: any) => e.message).join(", ") ?? "Tokenization failed");49 setLoading(false);50 return;51 }52 const { data } = await supabase.functions.invoke("square-payment", {53 body: { source_id: result.token, amount_cents: amountCents, idempotency_key: crypto.randomUUID() },54 });55 if (data?.errors) {56 setError(data.errors.map((e: any) => e.detail).join(", "));57 } else {58 onSuccess?.(data.receipt_url);59 }60 } catch (e: any) {61 setError(e.message);62 }63 setLoading(false);64 };6566 return (67 <div className="space-y-4">68 <div ref={cardRef} className="min-h-[90px] border rounded-md p-2" />69 {error && <p className="text-red-500 text-sm">{error}</p>}70 <Button onClick={handlePay} disabled={loading} className="w-full">71 {loading ? "Processing..." : `Pay $${(amountCents / 100).toFixed(2)}`}72 </Button>73 </div>74 );75}Pro tip: Also add VITE_SQUARE_LOCATION_ID as a build-time environment variable in Cloud Secrets (with VITE_ prefix). Square's Web Payments SDK requires the location ID at initialization time, before the user interacts with the form.
Expected result: A Square card input form renders on the checkout page. Entering Sandbox test card 4111 1111 1111 1111 and clicking Pay processes a test payment. A success message and receipt URL appear.
Set up Square webhooks for real-time payment confirmation
Set up Square webhooks for real-time payment confirmation
Like all payment integrations, relying solely on the frontend success callback is not sufficient for production. Set up a Square webhook receiver Edge Function to independently confirm payment completion server-side. Create an Edge Function that listens for Square webhook events. Square sends a signature in the x-square-hmacsha256-signature header that you verify by computing an HMAC-SHA256 of the notification URL + request body using your webhook signature key. This verification is critical for preventing forged payment confirmations. After creating and deploying the Edge Function, register the webhook in the Square Developer Dashboard. In your application settings, click 'Webhook Subscriptions' → 'Add Subscription'. Enter your Edge Function URL (https://[project-id].supabase.co/functions/v1/square-webhook), give it a name, and select the events to subscribe to. For a basic payment flow, select 'payment.completed' and 'payment.failed'. Square will show you the Signature Key — copy this and save it as SQUARE_WEBHOOK_SIGNATURE_KEY in Cloud Secrets. For complex catalog sync workflows or multi-location businesses using Square's full inventory system, RapidDev's team can help architect a robust event-driven data pipeline that keeps your Lovable app's database in sync with Square in real time.
Create a Supabase Edge Function at supabase/functions/square-webhook/index.ts. It should: 1) read the x-square-hmacsha256-signature header and verify the webhook signature using HMAC-SHA256 with SQUARE_WEBHOOK_SIGNATURE_KEY from Deno.env and the notification URL https://[your-project].supabase.co/functions/v1/square-webhook concatenated with the raw request body, 2) on payment.completed events update the orders table in Supabase setting status='paid' where square_payment_id matches the event's payment.id, 3) always return 200 OK quickly.
Paste this in Lovable chat
1// supabase/functions/square-webhook/index.ts2import { serve } from "https://deno.land/std@0.168.0/http/server.ts";3import { createClient } from "https://esm.sh/@supabase/supabase-js@2";45serve(async (req) => {6 const body = await req.text();7 const signature = req.headers.get("x-square-hmacsha256-signature") ?? "";8 const sigKey = Deno.env.get("SQUARE_WEBHOOK_SIGNATURE_KEY") ?? "";9 const notificationUrl = Deno.env.get("SQUARE_WEBHOOK_URL") ?? "";1011 const payload = notificationUrl + body;12 const key = await crypto.subtle.importKey(13 "raw",14 new TextEncoder().encode(sigKey),15 { name: "HMAC", hash: "SHA-256" },16 false,17 ["sign"]18 );19 const signed = await crypto.subtle.sign("HMAC", key, new TextEncoder().encode(payload));20 const expectedSig = btoa(String.fromCharCode(...new Uint8Array(signed)));2122 if (expectedSig !== signature) {23 return new Response("Invalid signature", { status: 400 });24 }2526 const event = JSON.parse(body);27 if (event.type === "payment.completed") {28 const supabase = createClient(29 Deno.env.get("SUPABASE_URL") ?? "",30 Deno.env.get("SUPABASE_SERVICE_ROLE_KEY") ?? ""31 );32 const paymentId = event.data?.object?.payment?.id;33 if (paymentId) {34 await supabase.from("orders").update({ status: "paid" }).eq("square_payment_id", paymentId);35 }36 }3738 return new Response("OK", { status: 200 });39});Pro tip: Add SQUARE_WEBHOOK_URL to Cloud Secrets with the full URL of your webhook Edge Function (e.g., https://abcdefgh.supabase.co/functions/v1/square-webhook). Square includes your notification URL in the signature payload, so it must match exactly — including the trailing path.
Expected result: The webhook Edge Function is deployed and registered in the Square Developer Dashboard. Triggering a test event from the Square Dashboard sends a POST to your function and you can verify receipt in Cloud → Logs.
Common use cases
Online ordering for a retail or food service business
A restaurant or retail store with a Square POS wants to add online ordering to their Lovable app. Customers select items from the Square catalog synced to the app, add them to a cart, and pay online. The order is automatically created in Square's system where the kitchen or fulfillment team sees it alongside in-person orders, keeping inventory and reporting unified.
Build an online ordering page that loads products from my Square catalog via an Edge Function. Display items with name, price, and image. When a customer submits an order with the Square Web Payments SDK card form, call an Edge Function to create a Square order and charge the payment. Save the order to Supabase with status tracking. Show a confirmation page with order details.
Copy this prompt to try it in Lovable
Subscription box checkout with inventory tracking
A subscription box business wants customers to sign up on their Lovable site and pay via Square, with inventory automatically decremented on each sale. Square's catalog and inventory API lets the Edge Function check stock levels before processing payment and update inventory counts after a successful charge, keeping everything in sync with the physical warehouse.
Add a Square checkout flow for a $39/month subscription box. The Edge Function should: 1) check Square inventory for the current box using the Inventory API, 2) create a Square payment with the card nonce from the Web Payments SDK, 3) decrement inventory by 1 using Square's Inventory Adjustment API if payment succeeds, 4) save the subscriber to Supabase with their Square customer_id and subscription start date.
Copy this prompt to try it in Lovable
Gift card purchase and redemption system
A local business wants to sell digital gift cards through their Lovable app that can be redeemed both online and in-store at their Square POS. Square's Gift Cards API handles the card creation, balance management, and redemption — the Edge Function creates new gift cards on purchase and deducts balances when customers apply them at checkout.
Build a gift card purchase page using Square. When a customer buys a gift card, the Edge Function should use Square's Gift Cards API to create a new gift card with the specified amount and link it to a Square customer record. Email the gift card code to the buyer. Add a gift card redemption field to the checkout page that validates and applies the balance via an Edge Function before processing the remaining amount.
Copy this prompt to try it in Lovable
Troubleshooting
Square Web Payments SDK card form doesn't render — the card container div stays empty
Cause: The Square SDK script failed to load, the Application ID is invalid, or the Location ID is incorrect. The SDK silently fails to initialize if any of these are wrong. In Sandbox mode, the Application ID must start with 'sandbox-sq0idb-' — if you're using the production Application ID in sandbox mode, initialization will fail.
Solution: Open your browser console and look for JavaScript errors after the SDK loads. Verify VITE_SQUARE_APP_ID starts with 'sandbox-sq0idb-' in Sandbox mode. Verify VITE_SQUARE_LOCATION_ID is your Sandbox location ID (not production). Confirm the SDK script URL matches the environment — use https://sandbox.web.squarecdn.com/v1/square.js for Sandbox and https://web.squarecdn.com/v1/square.js for Production.
Edge Function returns 401 Unauthorized from Square API
Cause: The SQUARE_ACCESS_TOKEN in Cloud Secrets is from the wrong environment (using Production token with Sandbox API URL or vice versa), or the token has been revoked. Square Access Tokens are environment-specific — a Sandbox token cannot authenticate against the production API.
Solution: In Cloud Secrets, verify SQUARE_ACCESS_TOKEN matches SQUARE_ENVIRONMENT. If SQUARE_ENVIRONMENT is 'sandbox', the token must be your Sandbox Access Token from the developer dashboard (starts with EAAAlx... in sandbox). Go to developer.squareup.com → Your App → Credentials → Sandbox tab to confirm the token matches exactly.
Webhook signature verification fails even though the webhook arrives correctly
Cause: The notification URL used in the signature computation doesn't exactly match the URL Square used to send the webhook. Square includes the notification URL as part of the signature payload, so any mismatch (including trailing slashes, http vs https, or different URL in the dashboard vs the SQUARE_WEBHOOK_URL secret) causes verification to fail.
Solution: In the Square Developer Dashboard, go to Webhook Subscriptions and copy the exact URL of your subscription. Make sure SQUARE_WEBHOOK_URL in Cloud Secrets matches this URL character-for-character. The URL should be the full HTTPS URL of your Edge Function without any trailing slash.
Payment amount is wrong — customer is charged a different amount than expected
Cause: Square's Payments API amount_money.amount field expects the amount in the smallest currency unit (cents for USD). Passing a decimal like 49.00 instead of 4900 will charge $0.49 instead of $49.00, and Square may also reject amounts below the minimum charge threshold.
Solution: Always convert dollar amounts to cents before passing to the Edge Function or Square API. Multiply by 100 and round to the nearest integer. Validate the amount in your Edge Function before sending to Square to catch accidental decimal amounts.
1// Convert dollars to cents correctly2const amountCents = Math.round(parseFloat(dollarAmount) * 100);3// 49.00 → 4900, 19.99 → 199945// Validate in Edge Function6if (!Number.isInteger(amount_cents) || amount_cents < 100) {7 return new Response(JSON.stringify({ error: "Amount must be an integer in cents, minimum 100" }), { status: 400 });8}Best practices
- Always pass an idempotency_key (UUID) to Square's Payments API. If a network error causes the frontend to be uncertain whether payment succeeded, retrying with the same key is safe and returns the original result rather than creating a duplicate charge.
- Store your Square Access Token in Cloud Secrets and never reference it in frontend code. The Web Payments SDK Application ID (VITE_ prefix) is safe to expose; the Access Token is not.
- Validate the payment amount in your Edge Function before calling Square. Never trust an amount value from the client — compute the correct charge amount server-side from your own database records.
- Verify Square webhook signatures on every incoming event using HMAC-SHA256. Skip this step and your webhook endpoint becomes an open door for fake payment confirmation events.
- Use the Square-Version header in all API calls (e.g., '2024-02-22'). Square versions their API by date and deprecates older versions — pinning to a specific version prevents unexpected breaking changes from automatic upgrades.
- Test all payment failure scenarios in Sandbox: declined card, invalid CVV, and insufficient funds. Square provides specific test card numbers for each failure mode in their developer documentation.
- Use separate Square applications for development (Sandbox) and production. This keeps test data, webhooks, and credentials cleanly separated and prevents accidental production charges during development.
Alternatives
Stripe has a native Lovable connector with AI-assisted setup and is generally simpler for online-only payment flows without POS requirements.
PayPal is better for international markets and customers who prefer paying with their PayPal wallet rather than entering card details.
Plaid is the right choice when you need bank account data access or ACH transfer initiation rather than card payment processing.
Frequently asked questions
Does Square work for businesses outside the United States?
Square is available in the US, Canada, Australia, Japan, the UK, France, Spain, and Ireland as of 2026. The available products and features vary by country — some markets have the full POS and Payments API suite while others have limited API access. If your primary market is outside these countries, consider PayPal or Stripe which have broader international coverage.
Can I sync my Square product catalog with my Lovable app?
Yes. Square's Catalog API lets you fetch all products, categories, images, and pricing from your Square account into your Lovable app's Supabase database. Create an Edge Function that calls GET /v2/catalog/list and stores the results. Run this sync on a schedule using Supabase's pg_cron extension, or trigger it manually from an admin panel. Changes made to your Square catalog (price updates, new items, stock changes) will sync to your app on the next catalog refresh.
How do refunds work with Square in Lovable?
Create an Edge Function that calls Square's Refunds API at POST /v2/refunds. You'll need the original payment_id (stored in your database after successful payment), the amount to refund in cents, and an idempotency_key for the refund. Both full and partial refunds are supported. Square processes refunds back to the original payment method and sends a refund.created webhook event you can use to update your database.
What's the difference between Square's Sandbox and Production environments?
Sandbox uses completely different credentials and a separate API endpoint (connect.squareupsandbox.com). All payments, customers, and orders in Sandbox are simulated and no real money moves. The Web Payments SDK also has separate Sandbox and Production script URLs. When switching to Production, you must update all four environment variables: SQUARE_ACCESS_TOKEN, SQUARE_LOCATION_ID, SQUARE_ENVIRONMENT, and VITE_SQUARE_APP_ID.
How do I handle Square's OAuth flow for multi-merchant applications?
If you're building a platform where multiple merchants connect their Square accounts (like a marketplace or SaaS), Square uses OAuth2 for merchant authorization. Each merchant clicks an authorization link, grants your application permissions, and you receive an access token specific to their account. The OAuth flow requires additional Edge Functions to handle the authorization redirect and token exchange. This is more complex than single-merchant integration and typically requires custom implementation with RapidDev or careful study of Square's OAuth documentation.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation