#augwatkins_mixed-api-keys

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1271501345144180802

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

It looks like the API key you're using is indeed a live mode key, but the payment intent is a test mode payment intent: https://dashboard.stripe.com/test/payments/pi_3PflafIyvpwxYPPn2Z00gBJb

thank you i'm looking at something now, that is strange

they payment intent I should be looking for is: pi_3PiTEcIyvpwxYPPn0hxia9fN

can you tell me where you see this other payment intent being searched?

I've verified that my API call is searching for pi_3PiTEcIyvpwxYPPn0hxia9fN, so it's confusing to me that the log would show i'm searching for a different id? Maybe I sent you the wrong log, I can' figure out how to get back to logs

in my logs, i can't see any events from today (i'm not even sure how i found that log I sent you anymore)

You have to filter on GET requests by selecting Method and toggling on GET

Here's the request whose ID you posted in your original message: https://dashboard.stripe.com/logs/req_Z2DjcHuRn7ir06

still no logs from today (and i definitely triggered this error today)

Do you have test mode toggled?

aha, i am in Live Mode. in test mode, I see errors. BUT this still doesn't make sense, because I am 100% certain I'm using a live mode key to hit this API

req_A1dTpNalvg2YDE is a recent one i generated, and it's looking for pi_3PiTEcIyvpwxYPPn0hxia9fN

that Payment Intent is definitely a live mode PI, and I am logging out the secret key I'm using to make that request, and it's definitely a live secret key

So from my end it appears I'm looking for a live PaymentIntent using a live Secret Key, yet I'm getting this error, which just doesn't make sense.

So for this request it looks like you're using a test mode API key with a live mode PI

yeah i know it's weird because I logged out the API key and its' DEFIINTELY 100% my live mode API key

the api key starts with sk[underscore]live, and i logged it out at the exact spot in my code where I'm making the Stripe request

that's why I feel VERY certain that the request is using the right API key — also, all my other requests using the live API key are working, and it's the only spot in my code where the API key is being defined. The test API key isn't even on my server

There's no way that the API key is live mode. You must be adding it somewhere else in your code. Do you have the code that instantiates the Stripe object? It's possible you're passing in the API key there instead of in the request itself

hmm, it just doesn't make sense. here's my code: public function paymentIntentsRetrieve($payment_intent_id)
{
log_message('error', 'payment_intent_id: ' . $payment_intent_id);
log_message('error', 'api key: ' . $this->apiKey);
$payment_intent = \Stripe\PaymentIntent::retrieve($payment_intent_id);
return $payment_intent;
}

So I logged the point there $this->apiKey is being set and its' definitely the live mode secret key

i totally understand what you're telling me, but this seems impossible

Where do you actually instantiate the Stripe class from the Stripe library though?

You probably have a line of code somewhere like this:
require 'stripe' Stripe.api_key = 'sk_test_abc123'

i verified. $this->stripe = \Config\Services::stripe(getenv('stripe.secret_key'));

and stripe.secret_key starts with sk [underscore] live

it's so so so so strange

I know weird stuff happens in code all the time, but i'm an experienced coder. I ran all this down before reaching out to you (cause I know these kinds of mistakes happen all the time)

I'm reaching out because I really truly think something else is awry here, and I was hoping to escalate it to someone on your end to see if there's any possible way there's something else to look at?

Can you post the entire code?

Like, the whole file

And also the command you're running to have your server run the code

sure, can I paste it into here? Or should I post as a document? (I'm unfamiliar with Discord)

Either way

As long as it's formatted

okay i'll gather it all

Order.php is a controller:

StripeService.php is a Service that i use to hit the Stripe backend

and i'm obvioulsy not going to paste my .env file with my environmental stuff, but getenv('stripe.secret_key') 100% for certain returns a stripe live key

the call that's failing is on line 571 of Order.php $payment_intent = $this->stripe->paymentIntentsRetrieve($payment_intent_id);

Hi 👋

I'm taking over as my colleague had to go.

Unfortunately I'm not going to be able to review 1K lines of code you have here. The one thing I am absolutely certain of this that your code IS mixing up your API keys. Our admin tooling allows us to the key type (Test/Live) of every API request.

Hey Snufkin

lol sorry for pasting 1K lines of code, you literally asked me to

is there any additional logging I can access from Stripe's end?

Because I've checked (and shown your team) over and over again that everything on my end appears to be showing me using the live API key

do you have any suggestions other than "You're wrong, fix it" cause I swear I'm not asking you to debug my code like a first year comp-sci student

Yeah... some of us have different ways of working

First, are you initializing two separate instances of the Stripe library in your PHP code?

Could you refactor your code to make the request to create the Payment Intent and then retrieve it in the same function, just to verify that works?

i'm having to right now, only temporarily, while I'm setting up ApplePay since I can't test locally

they're separate objects, and i haven't noticed any other conflicts, but do you think that could somehow be the culprit?

while I'm setting up ApplePay since I can't test locally
Have you tried using an HTTPS forwarding service like ngrok?

yeah i tried Microsoft's tool, and kept running into issue after issue

Separate objects definitely introduces the possibility of mismatched API keys. If you could refactor to return the same object across all usage of the Stripe client (i.e. a singleton), that might alleviate the issue.

so you're suggesting i refactor my Service so there's just one object rather tan two, and then specify which API key to use?

Right, like a separate provider class that returns the initialized Stripe client

But first I recommend just doing the simple test of creating/retrieving the Payment Intent in the same function to validate that works

yeah that's basically what i'm doing now

okay i'll try that that's a good idea

how long will this convo stay active? I'm going to have to run to a meeting

We archive threads after a periond of inactivity (~20m - 1h) but you can use our help form to ask a new question and the response will include a link to this thread.

thanks for the push forward here, i'll try what you suggested and test getting the payment intent after creating it.

Happy to shed what 💡 I can 🙂