nicobzz-script-event | Stripe Developers | Page 1

muted nimbus Aug 17, 2022, 9:51 PM

#

Hello @candid bronze, I don't understand what you mean

candid bronze Aug 17, 2022, 9:52 PM

#

Yes sorry. Im french, I dont perfectly speak english

#

for instance this is a call to the api:
$stripe->customers->create( $customer_data );

#

but the is many other kind of call to the api: to create a product, etc.
I mean can on the stripe website, by the way of the interface forbid some of this api call, in order to make my web site safer?

#

I mean if my web site happened to be hacked

muted nimbus Aug 17, 2022, 9:54 PM

#

You would roll your API key for example

#

and then that key wouldn't work anymore https://stripe.com/docs/keys#rolling-keys

candid bronze Aug 17, 2022, 9:55 PM

#

But I would need to change the api key in the php script frequently?

#

I mean can we, on the stripe website, by the way of the interface, forbid some of this api call, in order to make my web site safer?

muted nimbus Aug 17, 2022, 9:57 PM

#

you can make a Restricted API key that only has specific permissions, would that help?

candid bronze Aug 17, 2022, 9:58 PM

#

maybe, I'll search about that on your web site.
It depends on what specific permissions means.
Thank you

muted nimbus Aug 17, 2022, 10:00 PM

#

see https://stripe.com/docs/keys#limit-access

#nicobzz-script-event