sandy.nozaki | Stripe Developers | Page 1

empty badgeBOT Apr 26, 2023, 6:31 PM

#

twilit saddle Apr 26, 2023, 6:32 PM

#

Are you referring to the Stripe IDs for Transfer objects and Balance Transaction objects?

tight hawk Apr 26, 2023, 6:35 PM

#

yeah referring to the Stripe transaction and transfer ids

#

we just want to make sure its not containing any sensitive info

#

like the fingerprint in the transaction or transfer_ids

#

we want to have those available on our portal so that our vendors can refer to for tracking from our portal to stripe

twilit saddle Apr 26, 2023, 6:43 PM

#

I can't speak to what is and isn't PCI compliant, but those are Stripe-specific IDs, so they should have nothing to do with PCI requirements as far as I know.

tight hawk Apr 26, 2023, 6:43 PM

#

but do those stripe-specific ids contain any sensitive info? such as fingerprint?

twilit saddle Apr 26, 2023, 6:43 PM

#

no

tight hawk Apr 26, 2023, 6:44 PM

#

can i assume that the transaction id contains just the order details?

#

even if some hacker was to get those stripe-specific ids, they wouldnt be able to obtain any sensitive info right? unless they took those and hacked into stripe?

empty badgeBOT Apr 26, 2023, 6:46 PM

#

silver thunder Apr 26, 2023, 6:48 PM

#

The id itself doesn't contain any info. They'd need access to your API keys or Stripe's system to get anything with the ID

#

It's not considered sensitive data

tight hawk Apr 26, 2023, 6:49 PM

#

so any stripe-specific ids do not contain any sensitive info.

silver thunder Apr 26, 2023, 6:49 PM

#

The id themselves are not sensitive

tight hawk Apr 26, 2023, 6:50 PM

#

the API key you are referring to is the private client key right?

silver thunder Apr 26, 2023, 6:50 PM

#

yes

#

that is sensitive

tight hawk Apr 26, 2023, 6:50 PM

#

the secret key

silver thunder Apr 26, 2023, 6:50 PM

#

yes

tight hawk Apr 26, 2023, 6:50 PM

#

ok thank you so much

#sandy.nozaki