2
votes

I'm integrating Square POS with a web application using the web api (both Android and IOS).

How do I pass my system's transaction ID to square in the Intent calls to Android and IOS so that I can later verify them in the Retrieve Transaction endpoint of the Connect API?

The IOS documentation mentions using "state" but I'm currently working on Android and there's no such mention.

Should I be trying to use the "Note" field (S.com.squareup.pos.NOTE for Android or "Notes" for IOS)?

I really need to have a single field I can count on for both IOS and Android because my Retrieve Transaction get to the Connect API isn't going to know the original client's operating system.

Added Note: After tristansokol's comment I wanted to add that the reason I'm doing this is to tighten up the integration between the Square POS client and the web application I'm integrating. Otherwise, what would prevent someone to paste in a URI from a previous transaction to make a new payment?

If someone copied this URI from their browser after a payment: https://192.168.1.2/ctSquarePayDemo/Default?com.squareup.pos.CLIENT_TRANSACTION_ID=XXXXXXX&com.squareup.pos.SERVER_TRANSACTION_IDValue:YYYYYYYYY

Then that same URI could be pasted again for a new payment transaction and I'd have no way to verify it was from the "old" transaction. I know you might say that I could store the Transaction_ID the first time and then not allow it the second time but that isn't the best arrangement.

When we've integrated with other payment systems using a webapi we are typically able to pass our own orderID/transactionID of some sort to be sure it is easy to verify transactions.


Final ANSWER (Explained from below)
For the Android Web API use S.com.squareup.pos.NOTES=TRANSACTIONIDHERE in your anchor tag.

For the IOS Web API use the "notes" json element and put your transaction ID there.

Then you need to use the Square Rest API V1 (you CANNOT use V2, it does not expose the notes data element) to retrieve the transaction data and verify it after a successful payment. The endpoint will look like this:

https://connect.squareup.com/v1/YOURLOCATIONID/payments/THESQUARETRANSACTIONID

I recommended you ALWAYS lookup your transaction using the api after a payment has been processed. You can be sure then that your system's transaction ID matches the "notes" field and double check the amount is correct. This will help to prevent fraud/misuse and also prevent data problems for your system if the callback URL fails to load because of bad internet connection.

1
Can you use the returned transaction id at the end of the of the payment flow? - tristansokol
The Transaction_ID that is returned after a successful payment is generated by Square's server not my application. I need to send a value that I can push into the payment transaction that I can verify using Retrieve Transaction so that I can confirm when the POS client calls the Web Callback URI. - JeffC
Why can't you verify the id that Square gives back to you? Why do you have to create the id? - tristansokol
Hi tristansokol, thanks for you response, please see updated question for more detail that I think explains. - JeffC

1 Answers

1
votes

In your use case, you could use the notes field to meet your needs. However, if your primary concern is preventing people from pasting in arbitrary data to your callback url, you should do some verification on the transaction ids that you get back. For example you could look at the timestamp of the transaction, or other fields depending on your business use case.