thekents | Stripe Developers | Page 1

spring scrollBOT Jul 26, 2023, 3:43 PM

#

sacred beacon Jul 26, 2023, 3:44 PM

#

Hi 👋 can you point me to where you're seeing that the Price ID shouldn't be exposed publicly? Those aren't sensitive values and should be fine to use in your frontend code.

spring scrollBOT Jul 26, 2023, 3:45 PM

#

hazy granite Jul 26, 2023, 3:45 PM

#

Hey, in https://stripe.com/docs/checkout/quickstart

#

#

"Always keep sensitive information about your product inventory, such as price and availability, on your server to prevent customer manipulation from the client."

sacred beacon Jul 26, 2023, 3:51 PM

#

I think that is referring to price as in the amount rather than a Price object. You definitely don't want client-side code directly controlling the amount, as someone with javascript knowledge could impact that flow.

hazy granite Jul 26, 2023, 3:51 PM

#

wouldnt amount reference PaymentIntent then, not CheckoutSession

#

but basically you're saying that having price ids saved in Firestore is fine?

sacred beacon Jul 26, 2023, 3:54 PM

#

PaymentIntents do use the amount parameter, Checkout Sessions can do so as well via the price_data hash. But yes, it should be fine to use Price IDs, they can't be adjusted or altered without access to your secret API key or your Stripe dashboard, so customers can't interfere with those.

hazy granite Jul 26, 2023, 3:55 PM

#

okay, thanks 🙂

#

have a nice evening

#thekents