apeindex | Stripe Developers | Page 1

inland emberBOT Jul 26, 2023, 10:36 PM

#

mighty ferry Jul 26, 2023, 10:36 PM

#

Code snippet:

#

params := &stripe.BalanceTransactionListParams{}
    params.Limit = stripe.Int64(3)
    params.SetStripeAccount(customerAccountID)
    list := c.BalanceTransaction.List(params)
    for list.Next() {
        txn := list.BalanceTransaction()
        logger.Infof("Transaction: %s: %+v", txn.ID, txn)
    }

#

Manifest:

gentle solstice Jul 26, 2023, 10:37 PM

#

quick question - when you mention App you're talking about Stripe Apps? Or something else?

mighty ferry Jul 26, 2023, 10:37 PM

#

{
  "id": "----",
  "version": "0.0.4",
  "name": "----",
  "icon": "",
  "permissions": [
    {
      "permission": "balance_read",
      "purpose": "Allows reading balance transactions"
    },
    {
      "permission": "balance_transaction_source_read",
      "purpose": "Allows reading balance transactions"
    }
  ],
  "ui_extension": {
    "views": [],
    "content_security_policy": {
      "connect-src": null,
      "image-src": null,
      "purpose": ""
    }
  },
  "allowed_redirect_uris": [
    "----",
  ]
}

#

Yes, Stripe Apps

#

[ERROR] Request error from Stripe (status 403): {"status":403,"message":"The provided key 'rk_live_*********************************************************************************************3Mw0ny' does not have the required permissions for this endpoint on account '----'. Having the 'rak_balance_read' permission would allow this request to continue.","request_id":"req_mL8UfGoYVg0eET","type":"invalid_request_error"}

#

✔ Built files for production
✔ Packaged files for upload
× Failed to upload ----
Request failed, status=400, body={
  "error": {
    "message": "3:Permission rak_balance_read does not exist",
    "request_log_url": "https://dashboard.stripe.com/test/logs/----?t=1690410451",
    "type": "invalid_request_error"
  }
}

#

So the TL;DR is: how do I grant an App permissions to call /balance_transactions on behalf of other StripeAccounts?

gentle solstice Jul 26, 2023, 10:39 PM

#

👍 thanks for all the info - let me look at somet things on my end and see what I can find

mighty ferry Jul 26, 2023, 10:39 PM

#

the rak_balance_read permission can't be bound to the app, irrespective of what the error says

#

thank you!

#

A tiny bit of additional information:

I have two accounts. An "Engineering" one and a "Live" one. The rk_live key is in the Engineering account; the App is installed in the Live one (for which I have the acct_ ID). The rk_live key has basically no access at all, since the permissions will come from the acct_ app grants (to my understanding)

#

The app is currently installed in Test mode in the Live account

#

And is the correct version

gentle solstice Jul 26, 2023, 10:42 PM

#

got it

mighty ferry Jul 26, 2023, 10:42 PM

#

Oh, and the App was installed via Links

#

Before I added any permissions to the App, I also got this error: Having the 'read_only' scope would allow this request to continue.

#

However, that seems outdated or something, or I missed something important about how to add Scopes to Apps

gentle solstice Jul 26, 2023, 10:55 PM

#

(still looking, and pulling someone else to help)

mighty ferry Jul 26, 2023, 10:59 PM

#

Another half-clue, I tried adding two variants of this to my manifest to see if it would help:

{
      "permission": "balance_transactions_read",
      "purpose": "Allows reading balance transactions"
    }

#

both the plural and non plural - it did not, it fails upload validation

gentle solstice Jul 26, 2023, 11:12 PM

#

Just to check one thing - can you show me how you're initializing Stripe in your code?

mighty ferry Jul 26, 2023, 11:12 PM

#

I figured it out!!

gentle solstice Jul 26, 2023, 11:12 PM

#

oh nice! what did it end up being?

mighty ferry Jul 26, 2023, 11:13 PM

#

The issue was that the API key in the "App" account needed Read "Connect" permissions.

#

This is in addition to the App manifest permissions, it seems

#

I had created the API key with basically no permissions in the App account, as I expected all data to come from Connected accounts,

gentle solstice Jul 26, 2023, 11:14 PM

#

ah yup, that would do it - that's what I was starting to ask about (since I didn't realize you were creating your own API key and using that)

mighty ferry Jul 26, 2023, 11:15 PM

#

Ah, yes, the rk_live key is one I provisioned

#

(this is a backend-only app)

#

Alrighty. I suppose that will do it for this one. Thank you for looking into this on your side.

#

Is there anything else I could have provided that would have made this more easily diagnosable?

#

I tried to give you everything 😂

gentle solstice Jul 26, 2023, 11:17 PM

#

no, you did everything right

#

I think they key thing we (on our end) forgot about is that most folks would use the default key (which would've been properly configured with all the permission), but since you were using your own restricted access key that you configured the flow is slightly different

mighty ferry Jul 26, 2023, 11:21 PM

#

Ah! Sorry about that - I am trying to approximate a real-world scenario for a backend-only app, which would involve a key just for that app's services.

#

backend-only seems pretty unusual for y'all AFAICT at the moment

#

Anyways, thank you again for your help, have a great evening.

gentle solstice Jul 26, 2023, 11:23 PM

#

👋

#apeindex