#ac_green925

https://dashboard.stripe.com/logs/req_7M6JrgxznRwh3o

That is the request log where this was done

The user agent suggests a python-based server making the API request

Please see the linked support article in the error message for information about this and how you can get access if specifically needed and you are PCI compliant: https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis

Is this something I should be concerned about? I am using Wordpress and no Python servers

You should have some understanding of where this requests comes from. If its part of your payment flow, you'll need to revise your payments integration to not send raw card details like this, or follow up with support to get access if needed.

If you do neither of those, you won't be able to take payments using this approach.

Ok, those are the only two log items that show "/v1/tokens" as the source

Hi there 👋 jumping in as my teammate needs to step away soon. The request you shared does seem to be from today, so I would recommend investigating where it came from if that is not a request you were expecting your integration to make. It doesn't appear to have come from a WooCommerce based integration. You can check the IP address that the request came from in the dashboard link provided before, and compare that to the IPs that you and your team are working from.

It appears both of those requests are coming from Great Britain and I am working in California, additionally the requests are from two different API versions

Is this something malicious?

I don't know, I don't know your integration, where it's running from, or how it's structured. You'd be better suited to indicate whether these requests came from your systems. If you don't recognize them though, I'd recommend rolling your secret key.