jaime-alonso-nonicaio_api | Stripe Developers | Page 1

radiant remnantBOT Nov 15, 2024, 12:16 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1306955993875349584

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

queen lichen Nov 15, 2024, 12:18 PM

#

hi there!

#

I'm concerned that my app can be reverse engineered and my API key extracted
what do you mean by this? your secret API key should only be stored securely on your backend server, so that nobody can access it

rustic pollen Nov 15, 2024, 12:19 PM

#

that somebody opens the folder of my program in their pc

#

look for the dll

#

and get the code behind the dll

#

and extract the API key

queen lichen Nov 15, 2024, 12:19 PM

#

that doesn't make any sense. the secret API key shouldn't be in a folder users can open. it should be only stored in your backend server. otherwise this is a big security risk.

rustic pollen Nov 15, 2024, 12:20 PM

#

but I have a Desktop app

#

not a cloud sever

#

server

queen lichen Nov 15, 2024, 12:20 PM

#

you have to use a backend server to store the secret key

#

like you said, users can access the code of your desktop app, so don't store any sensitive information there.

rustic pollen Nov 15, 2024, 12:21 PM

#

but if i store it in a server

#

they can also extract the information to access the server

queen lichen Nov 15, 2024, 12:21 PM

#

or find a way to move your payment flow on a website, and not in your app.

#

they can also extract the information to access the server
I don't get it. only you can access your own server.

rustic pollen Nov 15, 2024, 12:22 PM

#

but i want clients to remotely generate a session

#

with their customer

queen lichen Nov 15, 2024, 12:23 PM

#

no idea what that means. can you be more precise in what exactly you are trying to do? what is a "session"? who is "their customer"?

rustic pollen Nov 15, 2024, 12:23 PM

#

ok

#

I have a desktop app

#

that users install with an exe file

#

in their computers

#

the app has different features

#

and clients can buy those

#

to enable/disable apps I use Stripe customer metadata

#

to see which features were bought

#

everything is developed in c#

#

and Stripe API methods run in user computer

#

(with the app)

#

any question?

#

*to enable/disable featuresI use Stripe customer metadata

queen lichen Nov 15, 2024, 12:27 PM

#

and Stripe API methods run in user computer
you can't do that, as mentioned previously, because it's a huge security risk.
instead, your app can call your backend server, and your backend server makes calls to the Stripe API, and then return the relevant information to your app.

#

this way no one can access your secret API key.

rustic pollen Nov 15, 2024, 12:28 PM

#

I understan

#

like make.com

#

?

queen lichen Nov 15, 2024, 12:28 PM

#

what do you mean?

rustic pollen Nov 15, 2024, 12:29 PM

#

like to create a flow in make.com to server the checkout links to users

#

serve*

queen lichen Nov 15, 2024, 12:29 PM

#

I know nothing about make.com, so I don't know.

rustic pollen Nov 15, 2024, 12:29 PM

#

ok

#jaime-alonso-nonicaio_api