Skip to main content
mcpFirst-partyLow risk Safety Privacy
Square logo

Square MCP Server for Claude

Build on Square APIs for payments, inventory, and order management

HarnessClaude CodeCursorClaude Desktop

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://developer.squareup.com/docs/mcp, https://github.com/JSONbored/awesome-claude/blob/main/content/mcp/square-mcp-server.mdx
Brand
Square
Brand domain
squareup.com
Brand asset source
brandfetch
Package URL
/downloads/mcp/square-mcp-server.mcpb
Package SHA256
d641dab1566fd2d5550a21872559701a301470bcfdedd9565a77d8090b301316
Safety notes
Use sandbox or least-privilege credentials because payment, order, inventory, and customer actions can affect real commerce.
Privacy notes
Buyer, seller, payment, order, inventory, location, and customer metadata may be exposed through the integration.
Author
Square
Claim status
unclaimed
Last verified
2025-09-18

Decision playbook

Ready to evaluate for your workflow

Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.

Compare context
Selected

0

Current score

96

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as first-party.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Complete

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    Package marked verified.

    Done
  • Checksum metadata

    SHA-256 hash is present.

    Done

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Package install

Copy-ready — paste the snippet to get started.

1 minute

Install command

Provided

Config snippet

Provided

Copy snippet

Provided

Prerequisites

10 to clear

Platforms

3 listed

Difficulty

6/100

Adoption plan

Balanced adoption plan

Current risk score 0/100. Use staged verification before broader rollout.

Risk 0

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    Package verification/checksum metadata is available.

    Done

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (6/6 signals complete).

Risk 0

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Present

Package integrity metadata is present.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

6/6 steps complete with no blocking gaps for this preset.

Risk 0

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is available.

Done

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

10 prerequisites to line up before setup. Have accounts and credentials ready first. Includes a review or approval gate.

0/10 ready
Account & credentials3Network & hosting2Review & approval1General41 minute

Safety & privacy surface

Safety & privacy surface

1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens.

2 areas
  • SafetyCredentials & tokensUse sandbox or least-privilege credentials because payment, order, inventory, and customer actions can affect real commerce.
  • PrivacyGeneralBuyer, seller, payment, order, inventory, location, and customer metadata may be exposed through the integration.

Safety notes

  • Use sandbox or least-privilege credentials because payment, order, inventory, and customer actions can affect real commerce.

Privacy notes

  • Buyer, seller, payment, order, inventory, location, and customer metadata may be exposed through the integration.

Prerequisites

  • Square merchant account (free or paid plan)
  • OAuth authentication setup (for mcp.squareup.com MCP connection)
  • Square application registration (in Square Developer Console)
  • Network access to mcp.squareup.com (HTTPS required, SSE transport)
  • Understanding of Square commerce concepts (payments, orders, inventory, customers)
  • Square location ID (active location required for API operations)
  • Claude Desktop 0.7.0+ or Claude Code with MCP support
  • Understanding of OAuth scopes (ORDERS_READ, PAYMENTS_WRITE, CUSTOMERS_READ, etc.)
  • Understanding of Square rate limits (REST API throttling, GraphQL: 10 QPS, complexity limits)
  • Optional: PCI compliance knowledge (for payment processing operations)

Schema details

Install type
package
Reading time
1 min
Difficulty score
6
Troubleshooting
Yes
Breaking changes
No
Package metadata
Package verified
Yes
SHA-256
d641dab1566fd2d5550a21872559701a301470bcfdedd9565a77d8090b301316
Skill and platform metadata
Retrieval sources
https://developer.squareup.com/docs/mcphttps://developer.squareup.com/reference/square
Collection metadata
Estimated setup
1 minute
Difficulty
beginner
Full copyable content
{
  "square": {
    "url": "https://mcp.squareup.com/sse",
    "transport": "sse"
  }
}

About this resource

Content

Integrate Square's commerce platform with Claude for payment processing and business management. Process payments and refunds, manage inventory and catalogs, handle orders and fulfillment, track customer profiles, manage multiple locations, access transaction history, and generate sales reports—all through natural language commands. Supports OAuth authentication, PCI-compliant payment processing, and both sandbox and production environments.

Features

  • Process payments and refunds (secure payment processing)
  • Manage inventory levels and catalogs (real-time inventory management)
  • Handle orders and fulfillment (order lifecycle management)
  • Track customer profiles and history (customer relationship management)
  • Manage multiple business locations (multi-location support)
  • Access transaction history and reports (financial reporting)
  • Manage product catalog and pricing (catalog operations)
  • Process refunds and void transactions (payment reversals)
  • Advanced Square payment and transaction management with point-of-sale integration, inventory tracking, and merchant analytics
  • Batch operations support for efficient bulk payment operations, transaction management, and inventory processing with automatic rate limit handling and retry logic
  • Real-time payment synchronization capabilities with webhook integration support for monitoring Square events and triggering automated workflows

Use Cases

  • Process customer payments efficiently (secure payment acceptance)
  • Update inventory levels in real-time (inventory synchronization)
  • Create customer profiles for marketing (customer data management)
  • Generate sales reports and analytics (business intelligence)
  • Track order fulfillment status (order management)
  • Manage product catalogs and pricing (catalog administration)
  • Process refunds and handle disputes (payment reversals)
  • Monitor multi-location sales performance (enterprise reporting)
  • Build automated payment processing workflows that sync external systems with Square for real-time transaction management and point-of-sale operations

Installation

Claude Code

  1. Run: claude mcp add --transport sse square https://mcp.squareup.com/sse
  2. Verify installation: claude mcp list
  3. Test connection: claude mcp status square
  4. Authenticate with your Square account (OAuth flow)
  5. Grant required permissions (ORDERS_READ, PAYMENTS_WRITE, etc.)

Claude Desktop

  1. Open Claude Desktop configuration file (see configPath below)
  2. Add the Square server configuration with SSE transport and URL
  3. Restart Claude Desktop
  4. Authenticate with your Square account (OAuth flow)
  5. Grant required permissions (ORDERS_READ, PAYMENTS_WRITE, etc.)
  6. Verify connection in Claude Desktop

Requirements

  • Square merchant account (free or paid plan)
  • OAuth authentication setup (for mcp.squareup.com MCP connection)
  • Square application registration (in Square Developer Console)
  • Network access to mcp.squareup.com (HTTPS required, SSE transport)
  • Understanding of Square commerce concepts (payments, orders, inventory, customers)
  • Square location ID (active location required for API operations)
  • Claude Desktop 0.7.0+ or Claude Code with MCP support
  • Understanding of OAuth scopes (ORDERS_READ, PAYMENTS_WRITE, CUSTOMERS_READ, etc.)
  • Understanding of Square rate limits (REST API throttling, GraphQL: 10 QPS, complexity limits)
  • Optional: PCI compliance knowledge (for payment processing operations)

Configuration

{
  "square": {
    "url": "https://mcp.squareup.com/sse",
    "transport": "sse"
  }
}

Examples

Process a $50 payment

Common usage pattern for this MCP server

Ask Claude: "Process a $50 payment"

Check inventory for SKU-123

Common usage pattern for this MCP server

Ask Claude: "Check inventory for SKU-123"

Create order for customer

Common usage pattern for this MCP server

Ask Claude: "Create order for customer"

Generate today's sales report

Common usage pattern for this MCP server

Ask Claude: "Generate today's sales report"

Create Payment

Create a new Square payment with idempotency key

// Create Square payment
const payment = await square.payments.createPayment({
  source_id: "source-id",
  idempotency_key: "unique-key",
  amount_money: {
    amount: 1000,
    currency: "USD",
  },
});

Security

  • OAuth authentication for secure access (token-based authentication)
  • PCI compliance for payment processing (secure payment handling)
  • Test in sandbox environment first (safe testing before production)
  • Monitor transaction logs (audit trail and security monitoring)
  • Access token expiration management (30-day expiration, refresh token usage)
  • Square API credentials and access tokens must be securely stored and never exposed in client-side code or public repositories - use environment variables and secure credential management
  • Square OAuth access tokens should be used for third-party integrations to ensure proper access control, token lifecycle management, and automatic token refresh
  • Square payment, transaction, and location IDs may expose financial data and business information - ensure Square resource identifiers are kept private and not shared in public configurations
  • Rate limiting and API quota management are critical for Square MCP servers - implement proper rate limit handling, retry logic, and quota monitoring to prevent service disruption
  • Square webhook configurations and payloads may contain sensitive payment data and transaction information - ensure webhook endpoints are properly secured with authentication and HTTPS encryption

Troubleshooting

Rate limit exceeded - 429 RATE_LIMITED error returned

Square doesn't publish specific REST API rate limits but throttles high request volumes. For GraphQL: maximum 10 queries per second (QPS), max depth 10, max complexity 250 points. Implement exponential backoff with randomized jitter for retries (wait time increases with each retry). Reduce request frequency. Batch operations where possible. Use worker queue system to manage API call frequency. Monitor 429 errors in API Logs. Contact Square support if legitimate traffic blocked. For GraphQL, optimize queries to reduce complexity score.

Authentication failed - UNAUTHORIZED error using wrong environment

Square uses separate environments with different base URLs and access tokens. Production: https://connect.squareup.com/v2 requires production access token. Sandbox: https://connect.squareupsandbox.com/v2 requires sandbox access token. Use correct access token for environment from Developer Console. Verify application ID matches environment (production vs sandbox). Check token not expired (access tokens expire after 30 days) or revoked. Ensure token has required OAuth scopes for the API endpoint. Verify token corresponds to the correct base URL.

Sandbox limitations - payment method not supported

Square Sandbox only supports credit/debit card payments for testing. Afterpay, Cash App Pay, Google Pay, Apple Pay, and other payment methods are not available in Sandbox. Test payment flows in production with real cards after Sandbox validation. Use Sandbox for testing basic payment flows, order management, and inventory operations. For production testing, use small transaction amounts and test cards. Verify payment method availability in production environment before deploying.

Location permissions insufficient for operation

Square API operations require an active location. Verify merchant account has active location enabled in Square Dashboard. Check access token has permissions for specific location ID (include location_id in API requests). Ensure user role allows API operations (check OAuth scopes: ORDERS_READ, PAYMENTS_WRITE, etc.). Review location settings in Square Dashboard. Verify location is not archived or disabled. For multi-location accounts, ensure token has access to the target location. Check location capabilities match required operations (e.g., CREDIT_CARD_PROCESSING for payments).

Square MCP server authentication errors with API credentials

Verify API credentials (Application ID and Access Token) are valid and not expired. Check credentials match the correct environment (sandbox vs production). Ensure credentials format is correct (Bearer token in Authorization header). For OAuth integrations, verify token refresh logic is working correctly.

Square rate limit errors when processing multiple payment requests

Implement exponential backoff retry logic with jitter. Use Square API rate limit headers to monitor usage. Reduce concurrent requests. Cache frequently accessed payment data. Square allows 1,000 requests per minute per application.

Square payment or transaction access denied errors

Verify API credentials have access to the payment or transaction. Check location permissions and merchant account status. Ensure API credentials have required scopes for target operations.

Square MCP server connection timeouts or network errors

Check network connectivity and firewall settings. Verify Square API endpoints are accessible. Increase request timeout values. Implement connection pooling and retry mechanisms with exponential backoff.

Source citations

Add this badge to your README

Show that Square MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/square-mcp-server.svg)](https://heyclau.de/entry/mcp/square-mcp-server)

How it compares

Square MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Source provenance).

Field

Build on Square APIs for payments, inventory, and order management

Open dossier

Payment processing, subscription management, and financial transaction handling

Open dossier

Integrate PayPal commerce capabilities, payment processing, and transaction management

Open dossier

Read and write records, manage bases and tables in Airtable directly from Claude

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage verifiedPackage verifiedPackage verifiedPackage verified
Source provenanceDiffersSource-backedNo submission linkNo submission linkNo submission link
Submitter
Install riskLow riskLow riskLow riskLow risk
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
BrandSquare logoSquareStripe logoStripePayPal logoPayPalAirtable logoAirtable
Categorymcpmcpmcpmcp
Sourcefirst-partyfirst-partyfirst-partyfirst-party
AuthorSquareStripePayPaldomdomegg
Added2025-09-182025-09-182025-09-182025-09-18
Platforms
Claude CodeCursorClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesUse sandbox or least-privilege credentials because payment, order, inventory, and customer actions can affect real commerce.Use restricted or sandbox Stripe keys because customer, payment, invoice, and subscription actions can affect billing.Use sandbox or least-privilege credentials because payment, order, and commerce actions can affect real money flows.Restrict the Airtable API key to the bases and write scopes Claude is allowed to use before enabling record or schema changes.
Privacy notesBuyer, seller, payment, order, inventory, location, and customer metadata may be exposed through the integration.Customer records, invoices, subscriptions, payment metadata, account identifiers, and transaction details may be sent through model context.Transaction details, buyer and seller information, order metadata, account identifiers, and payment context may be exposed.Airtable records, field values, attachments, and base metadata may be sent through the MCP client and model context.
Prerequisites
  • Square merchant account (free or paid plan)
  • OAuth authentication setup (for mcp.squareup.com MCP connection)
  • Square application registration (in Square Developer Console)
  • Network access to mcp.squareup.com (HTTPS required, SSE transport)
  • Stripe account (free or paid plan)
  • Stripe API key authentication (for mcp.stripe.com MCP connection)
  • Stripe secret API key (sk_test_ for test mode, sk_live_ for live mode)
  • Network access to mcp.stripe.com (HTTPS required, HTTP transport)
  • PayPal Business account (not Personal account - Business account required for API access)
  • OAuth 2.0 Client Credentials (Client ID and Client Secret from PayPal Developer Dashboard)
  • SSE or HTTP transport support (remote MCP server at https://mcp.paypal.com/sse or https://mcp.paypal.com/mcp)
  • Internet connection (remote PayPal API access required)
  • Node.js 18+ installed for running npx commands and MCP server packages
  • Airtable Personal Access Token (PAT) from https://airtable.com/account
  • Required API scopes: data.records:read (minimum), data.records:write (for updates), schema.bases:read (for schema operations)
  • Base ID for the Airtable base you want to access (starts with 'app' prefix)
Install
claude mcp add --transport sse square https://mcp.squareup.com/sse && claude mcp list
claude mcp add --transport http stripe https://mcp.stripe.com && claude mcp list
claude mcp list && claude mcp status paypal
claude mcp add airtable --env AIRTABLE_API_KEY=YOUR_KEY -- npx -y airtable-mcp-server && claude mcp list
Config
{
  "mcpServers": {
    "square": {
      "url": "https://mcp.squareup.com/sse",
      "type": "sse"
    }
  }
}
{
  "mcpServers": {
    "stripe": {
      "url": "https://mcp.stripe.com",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "paypal": {
      "url": "https://mcp.paypal.com/sse",
      "type": "sse"
    }
  }
}
{
  "mcpServers": {
    "airtable": {
      "env": {
        "AIRTABLE_API_KEY": "${AIRTABLE_API_KEY}"
      },
      "args": [
        "-y",
        "airtable-mcp-server"
      ],
      "command": "npx",
      "type": "stdio"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.