yo_123_123-access-refresh-tokens | Stripe Developers | Page 1

clear irisBOT Dec 4, 2023, 2:58 PM

#

rigid ridge Dec 4, 2023, 2:59 PM

#

Hello, can you send the ID of the request where you got that error? (req_123)

#

The access token should be the one to use. Not sure why you would be getting that error here

keen holly Dec 4, 2023, 3:03 PM

#

Here is the response there is no request id which is strange in it

 type: 'StripeAuthenticationError',
  raw: {
    code: 'platform_api_key_expired',
    doc_url: 'https://stripe.com/docs/error-codes/platform-api-key-expired',
    message: 'Expired API Key provided: rk_test_*********************************************************************************************soRyed. Platform access may have been revoked.',
    type: 'invalid_request_error',
    headers: {
      server: 'nginx',
      date: 'Mon, 04 Dec 2023 15:01:21 GMT',
      'content-type': 'application/json',
      'content-length': '368',
      connection: 'keep-alive',
      'access-control-allow-credentials': 'true',
      'access-control-allow-methods': 'GET,HEAD,PUT,PATCH,POST,DELETE',
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'Request-Id, Stripe-Manage-Version, Stripe-Should-Retry, X-Stripe-External-Auth-Required, X-Stripe-Privileged-Session-Required',
      'access-control-max-age': '300',
      'cache-control': 'no-cache, no-store',
      'content-security-policy': "report-uri https://q.stripe.com/csp-report?p=v1%2Fcheckout%2Fsessions; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'",
      'stripe-version': '2023-10-16',
      vary: 'Origin',
      'www-authenticate': 'Bearer realm="Stripe"',
      'x-stripe-routing-context-priority-tier': 'api-testmode',
      'strict-transport-security': 'max-age=63072000; includeSubDomains; preload'
    },
    statusCode: 401,
    requestId: undefined
  },
  rawType: 'invalid_request_error',
  code: 'platform_api_key_expired',
  doc_url: 'https://stripe.com/docs/error-codes/platform-api-key-expired',
  param: undefined,
  detail: undefined,
  headers: {
    server: 'nginx',
    date: 'Mon, 04 Dec 2023 15:01:21 GMT',
    'content-type': 'application/json',
    'content-length': '368',
    connection: 'keep-alive',
    'access-control-allow-credentials': 'true',
    'access-control-allow-methods': 'GET,HEAD,PUT,PATCH,POST,DELETE',
    'access-control-allow-origin': '*',
    'access-control-expose-headers': 'Request-Id, Stripe-Manage-Version, Stripe-Should-Retry, X-Stripe-External-Auth-Required, X-Stripe-Privileged-Session-Required',
    'access-control-max-age': '300',
    'cache-control': 'no-cache, no-store',
    'content-security-policy': "report-uri https://q.stripe.com/csp-report?p=v1%2Fcheckout%2Fsessions; block-all-mixed-content; default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'",
    'stripe-version': '2023-10-16',
    vary: 'Origin',
    'www-authenticate': 'Bearer realm="Stripe"',
    'x-stripe-routing-context-priority-tier': 'api-testmode',
    'strict-transport-security': 'max-age=63072000; includeSubDomains; preload'
  },
  requestId: undefined,
  statusCode: 401,
  charge: undefined,
  decline_code: undefined,
  payment_intent: undefined,
  payment_method: undefined,
  payment_method_type: undefined,
  setup_intent: undefined,
  source: undefined

#

I can redo the setup for installing the app, but I thought it was to last a year

rigid ridge Dec 4, 2023, 3:04 PM

#

Ah that actually makes sense for an expired key. Trying to think of how to look in to this specific key

#

When you say the refresh token yields the wrong key, what exactly does that mean? Is there an error that happens when trying to use the new key?

keen holly Dec 4, 2023, 3:06 PM

#

So what I did was Steps 4 in the link I sent, then step 5, and stored the access key and refresh token. Do I need to get a new access key everytime with the refresh token? or how does that work

#

for the refresh token if I send a request to stripe with that it gives me this

  type: 'StripeAuthenticationError',
  raw: {
    message: 'Invalid API Key provided: rt_P7iIq***************************************eEM2',
    type: 'invalid_request_error',
    headers: {
      server: 'nginx',
      date: 'Mon, 04 Dec 2023 15:00:40 GMT',
      'content-type': 'application/json',
      'content-length': '153',
      connection: 'keep-alive',
      'access-control-allow-credentials': 'true',
      'access-control-allow-methods': 'GET,HEAD,PUT,PATCH,POST,DELETE',
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'Request-Id, Stripe-Manage-Version, Stripe-Should-Retry, X-Stripe-External-Auth-Required, X-Stripe-Privileged-Session-Required',
      'access-control-max-age': '300',
      'cache-control': 'no-cache, no-store',
      vary: 'Origin',
      'www-authenticate': 'Bearer realm="Stripe"',
      'strict-transport-security': 'max-age=63072000; includeSubDomains; preload'
    },
    statusCode: 401,
    requestId: undefined
  },
  rawType: 'invalid_request_error',
  code: undefined,
  doc_url: undefined,
  param: undefined,
  detail: undefined,
  headers: {
    server: 'nginx',
    date: 'Mon, 04 Dec 2023 15:00:40 GMT',
    'content-type': 'application/json',
    'content-length': '153',
    connection: 'keep-alive',
    'access-control-allow-credentials': 'true',
    'access-control-allow-methods': 'GET,HEAD,PUT,PATCH,POST,DELETE',
    'access-control-allow-origin': '*',
    'access-control-expose-headers': 'Request-Id, Stripe-Manage-Version, Stripe-Should-Retry, X-Stripe-External-Auth-Required, X-Stripe-Privileged-Session-Required',
    'access-control-max-age': '300',
    'cache-control': 'no-cache, no-store',
    vary: 'Origin',
    'www-authenticate': 'Bearer realm="Stripe"',
    'strict-transport-security': 'max-age=63072000; includeSubDomains; preload'
  },
  requestId: undefined,
  statusCode: 401,
  charge: undefined,
  decline_code: undefined,
  payment_intent: undefined,
  payment_method: undefined,
  payment_method_type: undefined,
  setup_intent: undefined,
  source: undefined
}

rigid ridge Dec 4, 2023, 3:12 PM

#

Yes, the doc that you linked specifies that access tokens expire after an hour and need to be refreshed after that point

Access tokens expire in 1 hour, and refresh tokens expire after 1 year. Refresh tokens are also rolled on every exchange, so the expiration time for the new refresh tokens are always a year from the date that it was generated or rolled. If you exchange a refresh token for an access token within one year, you should never hit the refresh token expiration date. The below is the equivalent curl command to exchange the access token for a refresh token

keen holly Dec 4, 2023, 3:14 PM

#

ok so I need to use my 1 year refresh token to get another access token correct?

rigid ridge Dec 4, 2023, 3:16 PM

#

Correct, that is what the curl command in that step shows:

curl -X POST https://api.stripe.com/v1/oauth/token
-u sk_live_:
-d refresh_token=rt_
-d grant_type=refresh_token

keen holly Dec 4, 2023, 3:17 PM

#

perfect makes more sense now thankyou

rigid ridge Dec 4, 2023, 3:28 PM

#

yo_123_123-access-refresh-tokens

#yo_123_123-access-refresh-tokens