Leo-keys | Stripe Developers | Page 1

hallow light Aug 8, 2022, 10:06 PM

#

Hello! What specifically do you mean by a "legacy api key

dawn estuary Aug 8, 2022, 10:07 PM

#

https://stripe.com/docs/connect/authentication#see-also

#

see Server-side with the connected account API keys (legacy, not recommended)

hallow light Aug 8, 2022, 10:15 PM

#

Thanks for clarifying! Do you still have your refresh token - that's how you would roll the key to get a new legacy api key

dawn estuary Aug 8, 2022, 10:23 PM

#

I don't; I am able to create connected accounts but I cant find where the account api key / refresh token are created in the first place

normal ether Aug 8, 2022, 10:25 PM

#

@dawn estuary you basically can not, we don't return those anymore. This intregration path was deprecated in 2015 and strongly discouraged

#

Always use your own platform's API keys with the Stripe-Account header: https://stripe.com/docs/connect/authentication#authentication-via-the-stripe-account-header

dawn estuary Aug 8, 2022, 10:27 PM

#

Im not sure it's related but I am trying to verify a signature from an event on a connected account. As far as I understand, I need to have the account's api key in order to validate that the event came from the correct account - is that correct?

normal ether Aug 8, 2022, 10:28 PM

#

yeah that is totally incorrect. API keys are not even involved in webhook signature verification

dawn estuary Aug 8, 2022, 10:29 PM

#

I am using the python sdk; when I receive an event, I call stripe.Webhook.construct_event passing the following params:
payload, sig_header, secret, api_key=None - what are the secret and api keys here then?

normal ether Aug 8, 2022, 10:35 PM

#

secret is the webhook endpoint's secret

#

api_key shouldn't be passed, it's just here for compatibility reasons

#

#Leo-keys