#pez_best-practices

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1216665676274729043

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi, not sure what your question is, but here we talk about authentication in Stripe Apps: https://docs.stripe.com/stripe-apps/api-authentication/oauth

Yes but on stripe apps video it says once a user installs your app there is no need for oauth. In this video https://m.youtube.com/watch?v=EfLHVQbRLEE&list=PLy1nL-pvL2M5a4QnZYXfzZSdHC9EO8kS1&index=3&t=2781s&pp=iAQB at 44mins they say that. Is this not true then. I am building a store front app so my question is how I would build that and how api keys are dynamically passed

How would the user of my api then pass their api keys to do payment intents on shop. I might also include id check in the app but I am assuming this also requires their own api keys

User of my app*

Ah I see, I think they mention the first approach is the OAuth link above, and the second approach of "just install" Stripe App is this one https://docs.stripe.com/stripe-apps/api-authentication/rak

No but this requires copying and pasting an api key

Can you please install reetail app as an example . There is no copying and pasting needed. I just install the app and then I can set up my store to accept payments

I'm not really understanding the issue, it does indeed just work that way. The user installs the app and then you can call the API on their Stripe account. There's no copying needed, and no OAuth needed unless you want it
https://docs.stripe.com/stripe-apps/api-authentication
https://docs.stripe.com/stripe-apps/build-backend#using-stripe-apis

How though? Let’s say I want the app do id checks for its customers. How does the architecture look. All these stripe services require api keys to build in the server. Do you understand what I mean? Webhooks for example do not pass api keys. The event account.application.authorized event happens when a user installs the app. I need their api keys in order to setup other stripe services for the app. Payment intent and id check

I need their api keys in order to setup other stripe services for the app
you don't though.

your server just has your own account's API key. When a user installs your app you'll be notified of that and the account ID acct_xxx of the user's Stripe account who installed it. That's all you need to then make API calls on their behalf(per the documentation above).

Can I do an id check api call with this too?

what is an "id check api call"?

Do you have an example of code of how I make api call just using acct-xxx

https://docs.stripe.com/stripe-apps/build-backend#using-stripe-apis

the app will be store front for products and rentals. If it’s a rental I would like the customer to do an id check too via the app. So you are saying I can make an api call just by the acct of the user stripe account without needed their api keys