codemilitant | Stripe Developers | Page 1

indigo fieldBOT Oct 2, 2023, 11:37 PM

#

fathom island Oct 2, 2023, 11:39 PM

#

Hello! As a first step, have you tried contacting Stripe support (https://support.stripe.com/contact) ? Based on what you've said it sounds like there's been a secret key leak (given that a malicious python script has been submitting orders) and the first step would be to plug that leak

Stripe: Help & Support

Find help and support for Stripe. Our support site provides answers on all types of situations, including account information, charges and refunds, and subscriptions information. Get your questions answered and find international support for Stripe.

#

Also have you spoken to the plugin owners? Typically when you're using stripe through a plugin/third-party there are limits to what you can do and you'd need to see what the plugin does/does not support

plucky hearth Oct 2, 2023, 11:41 PM

#

My concern is not with the Woocommerce plugin, I can make it do anything I want. The Help & Support contains no information on sending custom cookies/metadata.

#

I just want to know if Stripe has a system in place for my request.

fathom island Oct 2, 2023, 11:41 PM

#

Well can you give me more specifics about what APIs you're using? Are you using Checkout? PAyment Links? standalone Payment Intents?

plucky hearth Oct 2, 2023, 11:44 PM

#

I'm using the standard Woocommerce integration which uses the public/secret keys to verify account and returns a response to the default webhook: https://example.com/?wc-api=wc_stripe

fathom island Oct 2, 2023, 11:45 PM

#

Do you know what APIs the Woocommerce plugin is using? I can't really give you guidance on how to set metadata if you don't tell me which APIs are being used

plucky hearth Oct 2, 2023, 11:52 PM

#

Can you tell me the API version I should look for? I'll search the plugin itself to find out. The only variable definition I see with a version number is this: const WOOCOMMERCE_CONNECT_SERVER_API_VERSION = '3';

fathom island Oct 2, 2023, 11:52 PM

#

It's not about the API version, it's about the actual API requests the plugin is making

#

This is why I suggesting talking to the plugin owners - they have way more knowledge about what their own plugin is doing and will know which APIs it's using

#

It's very possible to set metadata with any of our APIs and then use Radar for Fraud Teams to check that metadata and use it in a radar rule, but w/o specifics on what the plugin is doing I can't direct you to the right docs on what you'll need to set

plucky hearth Oct 3, 2023, 12:00 AM

#

So what you're saying is that the Radar team can help me setup a custom metadata check?

fathom island Oct 3, 2023, 12:01 AM

#

You wouldn't need to talk to the Radar team, this is something the folks at Support (https://support.stripe.com/contact) should be able to help with

#

and we also have docs on this: https://stripe.com/docs/radar/rules/reference#metadata-attributes

plucky hearth Oct 3, 2023, 12:09 AM

#

That looks like a possible solution. Thank you. By the way, typing in the search for "metadata" or "metadata attributes" (the title of the section), no results for the "Rules reference" page appear.

fathom island Oct 3, 2023, 12:10 AM

#

Yeah the docs search bar isn't always the best for finding specific sections like this

plucky hearth Oct 3, 2023, 12:11 AM

#

I'll take it from here. Thank you!

#codemilitant