#garry_authentication

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1215699282301165719

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

The actual API endpoints are:

• https://api.stripe.com/v1/disputes for dispute resolution
• https://files.stripe.com/v1/files for uploading representment docs

Hi 👋 that isn't available, our API does not support OAuth authentication.

Hmm interesting. Are you saying that the Stripe Dispute API does not support OAuth?

Correct, our API uses API-keys for authentication.

Very interesting. I've been told by our CSMs to change the authentication scheme from the basic auth with API key to OAuth because people (not sure whom) are passing around the API keys in plain text emails and texts to each other. It's not hacking, it's laziness.

Was it someone at Stripe who suggested you switch to OAuth? Or were these CSMs from your company suggesting the switch?

It's CSMs from my company, Accertify, after being requested to do this by people at Stripe. I gather it's something we're obligated to do by the end customer. We are just middleware in this scenario.

Gotcha - just wanted to check because generally the only authentication we support with our APIs is basic auth w/ an API key so I would be surprised if someone from Stripe directly suggested it

garry_authentication

Even more interesting. I had a couple of contacts at Stripe, I check and see what's happening here. Looks like I may not need to work on this one after all 🙂