#cesperian

that...is a handle for the win. Nice

Haha thanks. Both the payment intent id and payment intent client secret aren't considered sensitive info. You need to initialize Elements in your client-side .js code with the payment intent client secret: https://stripe.com/docs/payments/accept-a-payment?platform=web&ui=elements#add-the-payment-element-to-your-payment-page

Your API secret key is what you never want to expose

ya. The docs state that client_secret is supposed to be more or less treated as sensitive... id: {bsonType: 'string'},

whoops. wait..

https://stripe.com/docs/api/payment_intents/object#payment_intent_object-client_secret

but the same is not for the id?...

So it shouldn't be logged or stored, that's true

But you have to expose it to the customer who is paying

API object id's aren't sensitive at all

In fact, folks share API object id's in Discord all the time so we can look into things for them

ok, that's really what i was trying to find out

really

hm. ok

Yeah

Never share your API key anywhere though

Even the test one

maybe everybody on discord is creating security breaches for their respective companies

lol. ok all good to know

No API id's aren't sensitive and you can't do anything with just an id

gotcha

yep

gotcha

ok, cool. Thanks for the insight : )