#gorleg

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• gorleg, 5 days ago, 16 messages

Your account-level secret key is different then the Intent client-secret key

^ I have resolved the issues from the previous thread - we will be creating and using paymentintents for the flow

You should never be using your sk_test_123 key (account secret key) client-side

What our docs refer to is the Intent client_secret (https://stripe.com/docs/api/payment_intents/object#payment_intent_object-client_secret)

which you are expected to use/need from your front end

That is helpful! Thank you. Is the client secret key validated against the client somehow? I want to make sure someone else couldn't use it to pose as us and charge users

It looks like thats what you're saying, but I want to be sure I understand

Oh! My apologies - I just realized the client-side key is the public key (pk_test_111) and that the only references to the private key are server-side. I'm all set

Thank you for you help with this!