The BuddyCloud Python Sample Code by James Tait presents examples of how to interact with the API to access secure group messaging features. Methods allow to implement search of clients and items. Documentation available at https://buddycloud.org/wiki/Channel_Directory_Project
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.