Bossin | Stripe Developers | Page 1

robust mortarBOT Nov 8, 2022, 6:11 AM

#

somber timber Nov 8, 2022, 6:12 AM

#

Hi there, Using API keys directly is strongly discouraged. You should use Stripe-Account header to make API call on behalf of the connected account https://stripe.com/docs/connect/authentication#stripe-account-header

Making API calls for connected accounts

Learn how to add the right information to your API calls so you can make calls for your connected accounts.

fresh prawn Nov 8, 2022, 6:22 AM

#

Thanks, Jack! Didn’t know that was encouraged. Will update my requests to suit that. Super easy to do the other requests that way too.

#

Sorry @somber timber, I just noticed that the Stripe secret is still required. How would I get the connected account ID for a secret provided by my client (to their Stripe account)?

somber timber Nov 8, 2022, 6:31 AM

#

You don't need to connected account's secret, you just ned to specify the connected's ID in the stripeAccount param when initializing the client SDK https://stripe.com/docs/connect/authentication#adding-the-connected-account-id-to-a-client-side-application

Making API calls for connected accounts

Learn how to add the right information to your API calls so you can make calls for your connected accounts.

fresh prawn Nov 8, 2022, 6:39 AM

#

I’m not sure I follow. It is a server side request. There are multiple secrets that I have, one is mine and the others are my customers. I need to be able to swap the secret based on the action I’m doing. So for example, if I’m charging my customers for their subscription I need to use my secret. When creating a payment link that my customer will send to their customer, I need to use their secret which is stored in the DB.

somber timber Nov 8, 2022, 6:42 AM

#

Again, using connected account's secret directly is discouraged.

Your connect account can roll the secret anytime
you are responsible to keep the secret safe.

#

Instead of using the key, you should specify the account ID in the Stripe-Account header so that you can make API request on behalf of the connected accounts. You can find out details in the doc I sent earlier.

fresh prawn Nov 8, 2022, 6:45 AM

#

The docs you sent uses the secret and the connected account in the header. How do I use the customers account with my secret? There has to be a way to get their account ID, right? I didn’t think it was possible to perform requests on behalf of them with my secret.

somber timber Nov 8, 2022, 6:48 AM

#

The secret is your secret (e.g., platform), not connected account's secret.

fresh prawn Nov 8, 2022, 6:49 AM

#

So to clarify, I can use my Stripe secret to perform actions on another Stripe account by using the account ID in the header? E.g. using ‘Stripe.apiKey = {{my secret}}’ then using their account ID in the header

somber timber Nov 8, 2022, 6:50 AM

#

Yes you are right

fresh prawn Nov 8, 2022, 6:51 AM

#

How would I get their user account ID? Would this have to be manual from them?

#

And store that instead of their secret?

#

It just seems a little unconventional to me and doesn’t make sense. If a user used their secret and just happened to randomly use my account ID, they could create payouts from my account. Is that right?

somber timber Nov 8, 2022, 6:53 AM

#

You will get the account ID when you create a account via API. You can also view the list of accounts in Dashboard https://dashboard.stripe.com/connect/accounts/overview

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

#

No they can't. Only the controlling platform can create API request on behalf of connected accounts

fresh prawn Nov 8, 2022, 6:57 AM

#

Connect is exactly what I was after. Thanks Jack 👍

#Bossin