Pistonlog uses Square OAuth to take payments on your behalf — there's no need to share your Square password or API key. The connection is set up once per garage and refreshes itself automatically.
How to connect
Open Integrations settings
Settings → Integrations → Square.
Click Connect Square
Pistonlog redirects you to Square's OAuth screen. Sign in with your Square account.
Approve the scopes
Square shows the permissions Pistonlog needs: read/write payments, read/write orders, manage Terminal devices, read merchant profile.
You're redirected back
Square sends you back to Pistonlog with the connection live. You'll see "Square — connected" on the Integrations page.
What happens to your tokens
The access token and refresh token are encrypted at rest with AES-256-GCM before being stored in the database. They're never shown to the client and never transmitted in plaintext. A daily background job refreshes them before they expire.
Per-garage, not per-company
Each garage in your company connects its own Square account. That's deliberate — different garages may have different bank accounts, different tax IDs, or just different Square logins. See Multi-garage scoping.
Going live
By default Pistonlog uses Square's sandbox in development. Production credentials are configured via environment variables on the hosting side. If you're self-hosting, see the foundry docs for the go-live checklist.