#greg_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1306581494285865033

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

hi there!

did you use the secret key (sk_test_xxx) that you can find in your Stripe dashboard?

Hello, yes, I've checked several time, the quickstart itself use it 😄

Well in the error you shared, I don't see sk_test_ mentioned

{"error":"Invalid API Key provided: kqfZmUIJ***************g3dL"}

so can you triple check you are using the correct key, exactly as it's shown in the dashboard?

That's why I dont underdstand, I can't understand where come from this value

I though it was a generic answer from the API

no the error shows you the actual API key that was used.

maybe it's set somewhere else in your code?

It's the minimal code from the quickstart, I'll check my env variable in case

grep is searching in from my home in recursive...

nothing in printenv

can you share the full code you are using (while masking your secret key)?

"""
Python 3.6 or newer required.
"""
import json
import os
import stripe
import ssl

# This is your test secret API key.
stripe.api_key = "sk_test_****"

from flask import Flask, render_template, jsonify, request


app = Flask(__name__, static_folder='public',
            static_url_path='', template_folder='public')

def calculate_order_amount(items):
    # Replace this constant with a calculation of the order's amount
    # Calculate the order total on the server to prevent
    # people from directly manipulating the amount on the client
    return 1400


@app.route('/create-payment-intent', methods=['POST'])
def create_payment():
    try:
        data = json.loads(request.data)
        # Create a PaymentIntent with the order amount and currency
        # import pdb
        # pdb.set_trace()
        intent = stripe.PaymentIntent.create(
            amount=calculate_order_amount(data['items']),
            currency='eur',
            automatic_payment_methods={
                'enabled': True,
            },
        )
        return jsonify({
            'clientSecret': intent['client_secret'],
            # [DEV]: For demo purposes only, you should avoid exposing the PaymentIntent ID in the client-side code.
            'dpmCheckerLink': 'https://dashboard.stripe.com/settings/payment_methods/review?transaction_id={}'.format(intent['id']),
        })
    except Exception as e:
        return jsonify(error=str(e)), 403

if __name__ == '__main__':
    app.run(port=4242)
    debug=True)```

I've event tried with SSL in case of..

And the frontend part is a copy paste of the quick start

./.netrc:login kqfZmUIJWzlTbG2bUTahd4Yg3dL
that looks like thie key used in the error message

Now I have to understand the link with .netrc and stripe

(you might want to delete that message in case that's a real key)

I don't even know what is this login 😄

It looks like link to curl, does Stripe use curl to auth ?

I know what is this key now on my side, it could ne interesting to investigate on stripe side

not sure why this key is being used. but can you remove it from your environement variable, and try again your code?

It works finally

so .netrc was a setup to connect to a WebDAV in another context. I dont' understand why Stripe looks this file and use the login as API-key

could be a senstive use case because Stripe has taken the login of another plateform

Hello, it seems than Stripe has uses my /home/user/.netrc especially the login value in this to send it as api-key

FYI this .netrc file contains URL // Login // password in clear to connect on a WebDAV in another context

fortunatly it was the login line...

what do you mean by "Stripe uses it"? are you claiming that stripe-python, the SDK, reads that file?

intent = stripe.PaymentIntent.create(
amount=calculate_order_amount(data['items']),
currency='eur',
automatic_payment_methods={
'enabled': True,
},
)
that action

stripe.api_key is set correctly but not used, Stripe has taken the value in the .netrc instead

so yes, you're claiming that stripe-python, the SDK, reads that file?

yes

I dont' know if it's the normal behavior

seems really really unlikely to me and I don't immediately see anything in the codebase of the library that would do that

what version of stripe-python does your project use?

stripe==11.2.0

the one from pip install from the quickstart

I can see absolutely nothing in the library that would do this, it only uses the API key you set in code

my guess is there's some other code running in your project that set stripe.api_key globally`, so maybe look for that.

Ok, I'll have a look. First time for me with stripe so I didn't have so much time to set somthing globally. .netrc is link with curl, maybe that

Thank you, hope everything will be all right

interesting, maybe it overrides at an OS layer below the http client we use

seems really unlikely/unusual but I'll flag it to the team who builds the SDK

.netrc is usefull to connect quickly just want to show you how it's built:

machine https://myurl/webdav
default
login kqfZmU
password oMC*****

One line under and the password was sent to the API 😅

I don't get why it would apply to api.stripe.com though