Vitalii | Stripe Developers | Page 1

junior beaconBOT Jul 5, 2023, 8:11 PM

#

dark fable Jul 5, 2023, 8:12 PM

#

Usually the secret key will be stored on the server itself

#

The Stripe backend libraries need your secret key so as long as you are providing it, the client library will be able to make calls on your account

#

You can store it and retrieve it as you do for other sensitive info on the server

#

Does that help? If not can you tell me more about where you are getting stuck?

icy oyster Jul 5, 2023, 8:17 PM

#

Sorry for not being that clear. As I understand, when the app is installed by some client (Stripe account?) the app should obtain somehow this client API key, to make API calls on clients behalf. The question is how to obtain this API key in the first place?

#

After the app obtain API key it can be stored in db for further usage

dark fable Jul 5, 2023, 8:21 PM

#

Gotcha, thank you for clarifying. Looking in to this and will get back to you.

icy oyster Jul 5, 2023, 8:21 PM

#

Thank you very much

dark fable Jul 5, 2023, 8:40 PM

#

Hey apologies for the delays here, still looking in to this. Have you checked in to our secret store API? https://stripe.com/docs/stripe-apps/store-secrets

#

It looks like that is a good way of creating and retrieving client secrets for accounts that have installed your app. I am admittedly less familiar with apps so I'm still looking to see how this may apply to your situation

icy oyster Jul 5, 2023, 8:44 PM

#

I think this store doesn't contain clients API key

#

As I understand we can create some new secret and place it to that store

junior beaconBOT Jul 5, 2023, 8:45 PM

#

icy oyster Jul 5, 2023, 8:46 PM

#

I think I checked all the docs and didn't find an answer

tawdry hound Jul 5, 2023, 8:49 PM

#

I'm stepping in for my teammate. Give me a few minutes to catch up!

icy oyster Jul 5, 2023, 8:49 PM

#

sure, thanks

tawdry hound Jul 5, 2023, 8:53 PM

#

So I don't think you should need a client's API keys for this

#

A client installing your app will go through OAuth. Once they go through this, we'll return a stripe_user_id which is the ID you should use when making calls on their behalf: https://stripe.com/docs/stripe-apps/install-links-oauth

Using install links and OAuth with Stripe Apps

Allow users to install your app outside the Stripe App Marketplace.

icy oyster Jul 5, 2023, 8:56 PM

#

The doc is related to installing the app outside the Stripe App Marketplace. I'm not sure that it is relevant to installing the app right from the Marketplace

wet karma Jul 5, 2023, 9:10 PM

#

Hi 👋

I'm stepping in here to offer some assitance. Based on what I can see I think you just misread the doc you originally posted
https://stripe.com/docs/stripe-apps/build-backend#authenticate-requests

The API requests being shown here are made on the App back-end using the Platform's (your) API key. They include the Stripe Account parameter that identifies the Account that installed the app. This is how you make back-end requests on behalf of the users who install your app.

icy oyster Jul 5, 2023, 9:17 PM

#

It makes sense. I spend a lot of time figuring out... that I was wrong from the beginning. Thank you guys for your help! @wet karma @dark fable @tawdry hound

#Vitalii