#salim-bt_key-secret-confusion

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1288912327151718502

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• salim-bt_docs, 2 hours ago, 34 messages
• salim-bt_docs, 2 days ago, 22 messages
• salim-bt_docs, 5 days ago, 86 messages
• salim-bt_docs, 6 days ago, 14 messages

Hi 👋

I'm sorry but the wording of your question is quite confusing. Are you asking if it is secure to expose the client_secret value on the front-end? If so, the answer is yes it is secure. We designed the client_secret to be used on the front-end

can i add other ticket here?

This is a chat server, these aren't tickets so I'm not sure what you mean

https://discord.com/channels/841573134531821608/1288859604801032204

thread sorry

my developer is not agreeing to save client secrent in client side

he said If I get a secret key, I will only have to get a public key for full access to the stripe Api

Sorry but that doesn't make any sense

And this Discord server is for developers so they should come here and ask their questions

yes

can you provide more details

What do you mean?

What is the specific question you want details for?

how secure if client_secret exposed on the front-end?

Client secrets are designed to be used on the front-end, that is their purpose. We explicitly built this feature to be used on the front-end

if publish the secret key, then you can publish the login and password from the stripe account too !!!!!!

The secret key and client_secret are ENTIRELY different things

If I get the secret key, I will only have to get the public key and I will have full access to all the cards attached to your account. Is that right?
The word secret initially implies that it must be securely hidden
no?

Secret keys do allow full access the stripe account and should never be exposed but those are entirely separate from the PaymentIntent.client_secret

anything else? any docs explain this?

We don't have any specific doc because what you are asking makes absolutely no sense

ok last Q please
is there different types of secret keys?

https://docs.stripe.com/keys

Here is our doc on keys

ok thank you

i wish you happy day

You too. I recommend you send your developer to this server so we can address further security concerns.