Square integration — remaining tasks

The live stack stores Square OAuth tokens and business configuration in Convex (not an external headless CMS). The notes below are a task checklist against the site-nextjs API routes and Convex module.

Vercel project (ftn-vercel-site)

  1. API routes: Implement or adapt api/getSquareItems.ts and the Square OAuth callback path under api/auth/callback/square/ to use the shared Square helpers in lib/square-api.ts and tokens from convex queries (for example api.square.getSquareCredentials).

  2. Install dependencies: pnpm install square (and other app deps as already declared in the package manifest).

  3. Environment variables: Set Square application ID, secret, redirect URI, and Convex / Next public URLs in the Vercel project. Redirect URI must match the deployed /api/auth/callback/square URL.

  4. Deploy the Vercel project.

Post–OAuth: Convex and business tokens

  1. Vercel base URL: Ensure NEXT_PUBLIC_APP_URL (or the URL your UI uses for API calls) matches the deployment used by menu and owner dashboards.

  2. CSRF (if applicable): Harden the Square callback route for CSRF and state validation as needed.

  3. Per-owner tokens: getSquareItems and related routes already resolve the active business owner via requireBusinessAccess and read credentials from Convex. Extend only if new flows require additional fields or token refresh.

Frontend and data model (Convex)

  1. Menu and owner views: Update dashboard components to pass ownerId / business context as required by the Convex-backed APIs.

  2. Store Square identifiers (location, catalog ids, etc.) in the Convex schema and UI that replace any legacy external CMS fields; keep field names consistent with the Convex schema in convex/.

  3. Revisit any Square-related config stored in your schema when Square APIs or webhooks change.