kaintr_best-practices | Stripe Developers | Page 1

raven rampartBOT Jul 3, 2024, 1:32 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1258052697211404321

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

twin badger Jul 3, 2024, 1:34 PM

#

Hello
There's no additional auth involved from Stripe in this case.

So if you're asking about if you should be authenticating the connected accounts on an application level yourself? The answer is yes.

fluid sphinx Jul 3, 2024, 1:38 PM

#

So if I map authid (in my DB) to their stripeId and ensure that when calling my API we authenticate the user then it's fine that we then use the Stripe ID ascosiated with their account and this is all the authentication required?

#

Or is that insecure?

#

(I'm using Supabase)

twin badger Jul 3, 2024, 1:40 PM

#

Object IDs are useless without the API key. So storing the Stripe account IDs in your database should be fine as long as your API key is securely stored.

fluid sphinx Jul 3, 2024, 1:41 PM

#

Okay so the ultimate security flaw would be exposing the API Key (which I will make sure doesn't happen)

#

Thank you very much 🙂

twin badger Jul 3, 2024, 1:41 PM

#

NP! 🙂 Happy to help

fluid sphinx Jul 3, 2024, 1:45 PM

#

If I have more questions should I post here or go through the same way I posted this original question?

#kaintr_best-practices