=== Payments Square Connect ===
Contributors: wppayments
Tags: woocommerce, square, payments, checkout
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.3
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

WooCommerce payments via Square Hosted Checkout, OAuth, webhooks, and optional Worker relay for OAuth.

== Description ==

This plugin redirects customers to Square Hosted Checkout and keeps merchant setup inside WooCommerce settings.

When you enable Payments Square Connect, the site exchanges data with **Square** (payments, OAuth, webhooks) and, if configured, with an **HTTPS OAuth relay** (for example a Cloudflare Worker operated by you or your host) so Square's Application Secret does not need to be stored in WordPress.

== External services ==

This plugin is a client for third-party services. By using it you direct WordPress to contact those services.

* **Square (required for payments and connection)**  
  * **What:** OAuth, REST API calls (e.g. locations, payment links), and hosted checkout pages.  
  * **When:** When a store admin uses "Connect with Square", when checkout creates a payment link, and when Square sends webhooks to your site.  
  * **Endpoints (summary):** `https://connect.squareup.com` or `https://connect.squareupsandbox.com` (OAuth and API), plus Square's hosted checkout URLs returned in API responses.  
  * **Data sent:** API requests include OAuth tokens after connection, order/cart-derived totals and references needed to create checkout, and webhook payloads as defined by Square.  
  * **Terms:** https://squareup.com/legal - review Square's developer and seller terms for your region.

* **OAuth relay Worker (optional; typical when using host config or "OAuth via Worker")**  
  * **What:** A small HTTPS service (often Cloudflare Workers) that completes the OAuth **code -> token** exchange using Square's Application Secret on the server side, instead of storing that secret in WordPress.  
  * **When:** Only if you (or your host) configure a Worker base URL.  
  * **Calls from this plugin:** `POST /register` (site URL), `GET /start` (signed redirect to Square), then after you approve Square, `POST /claim` (session id + site key + site URL), and optionally `POST /revoke` when disconnecting.  
  * **Data sent:** Site home URL, a per-site key from registration, short-lived session identifiers, and OAuth tokens only in the claim step between your server and the Worker (not shown in the browser).  
  * **Who runs it:** Whoever deploys the Worker; they are responsible for its privacy and security. Cloudflare: https://www.cloudflare.com/privacypolicy/ (if you use Cloudflare Workers).

Store admins explicitly start OAuth by clicking **Connect with Square**; customers are sent to Square's hosted pages only during checkout.

== Privacy ==

* **Site owners:** OAuth and API usage are initiated by an administrator with `manage_woocommerce`. Tokens are stored in the WordPress database (options) like other WooCommerce payment settings.  
* **Customers:** Personal and payment data on hosted checkout is processed by **Square** under Square's policies, not by form fields added by this plugin on your site for card entry.  
* **Logging:** Optional WooCommerce logs may record technical details when debug logging is enabled; disable debug in normal production.  
* For compliance questions, consult Square's documentation and your legal advisor; this readme is not legal advice.

== Installation ==

1. Activate the plugin.
2. Go to WooCommerce > Settings > Payments > Payments Square Connect.
3. Choose environment (Sandbox/Live).
4. Connect your Square account and select a location.
5. Save settings.

== Changelog ==

= 1.0.3 =
* Plugin display name adjusted for WordPress.org naming checks (removed restricted wording).
* Main bootstrap file and folder slug aligned with `payments-connect-square` for Plugin Check text-domain validation.

= 1.0.2 =
* Plugin display name updated for trademark guidelines.
* Text domain aligned with plugin slug `payments-connect-square`.

= 1.0.0 =
* Initial release.

