#mangala0687

I am developing a Stripe app. When I call stripe.accounts.retrieve I get a misleading error: An error occurred with our connection to Stripe. Request was retried 1 times. This is misleading because the actual error (if I debug the Stripe api code in RequestSender.js) I see that the actual error is Invariant Violation: stripeApiFetch does not support /v1/accounts. stripe.accounts.retrieve should be documented at /docs/js and it should mention reasons it might fail like this

Hello! Are you just flagging this improvement or do you have a question beyond that?

I am finding a lot of roadblocks in accessing Stripe APIs from within a Stripe app, and wondering if that is intentional?

Yes, it is. There are a lot of restrictions for security reasons.

I have been successfully making API calls to URLs I added to the app's CSP config, but if I try to hit Stripe's own API endpoints they are blocked

and my CSP entry is ignored

Hi @void flare I'm taking over this thread

it would be helpful if these restrictions were clarified in the documentation (and in browser console errors)

https://stripe.com/docs/stripe-apps/reference/permissions#object Did you request connected_account_read permission in your Stripe app?

ah thank you! I forgot about permissions (it would be helpful if failures due to permissions linked here). Unfortunately adding this permission is not helping

Are you still getting the same error after adding the permission?

yes

the app detects the manifest change and prompts to be re-enabled, then I continue getting the same error

Can you share with me the relevant code that you wrote ? as well as the exact error message that you got

        {
            "permission": "connected_account_read",
            "purpose": "Allows this app to read the account information"
        },
    {
      "permission": "payment_method_read",
      "purpose": "Allows this app to read payment methods"
    },
    {
      "permission": "customer_read",
      "purpose": "Allows this app to read details of a customer"
    },
    {
      "permission": "secret_write",
      "purpose": "Allows storing secrets"
    }
  ],

console.log(await stripeClient.accounts.retrieve(userContext.account.id))

    httpClient: createHttpClient(),
    apiVersion: "2023-08-16",
}); ```

the error in the console is An error occurred with our connection to Stripe. Request was retried 1 times

but the actual error within RequestSender.js is Invariant Violation: stripeApiFetch does not support /v1/accounts

https://www.npmjs.com/package/@stripe/ui-extension-sdk are you using the latest version of the SDK?

I am developing a Stripe app, so I'm using whatever is included

I did upgrade the Stripe apps plugin today

Can you open the package.json and see the verion of ui-extension-sdk that your project is using?

yes it is at 8.8.1

I noticed that you also requested permission for payment_method and customer, do you encounter probelms when reading customer and payment method resources?

Also. when you call stripe.accounts.retrieve, are you trying to retrieve your own account, or the connected account?

userContext.account.id

OK, what information do you need to get from the userContext.account ?

the bank list in external_accounts

reading the customer is working fine, reading payment methods does not throw an error, but just returns an empty array (I probably don't need payment methods anyway and will remove that permission)

https://stripe.com/docs/stripe-apps/reference/permissions#object I don't see external_account in the permission list so I doubt if you can retrieve it.

so even if I could get the account info you don't think external_accounts would be populated?