tharin_ldt | Stripe Developers | Page 1

wraith beaconBOT Feb 14, 2023, 12:43 PM

#

versed epoch Feb 14, 2023, 12:44 PM

#

if someone has the client_secret and your public key(which they can always get), they can attempt a payment for that PaymentIntent, which is the main reason why you should try to control access to it a bit

haughty widget Feb 14, 2023, 12:48 PM

#

gotcha. In the case that the payment_intent has already been paid for, I assume the secret itself becomes harmless?

versed epoch Feb 14, 2023, 12:49 PM

#

mostly, it also lets you retrieve the PaymentIntent object in conjunction with the key(https://stripe.com/docs/js/payment_intents/retrieve_payment_intent), but nothing sensitive is returned though I suppose you could see thing like the amount and currency

haughty widget Feb 14, 2023, 1:02 PM

#

nice, thanks a lot for the help!

#tharin_ldt